Add support for static DNS mappings

[cbgbt]

Issue number: #2045

Description of changes:

• Implement models and settings changes
• Write migrations for new settings

This allows users to populate /etc/hosts with static DNS entries via
settings and the Bottlerocket API. Bottlerocket doesn't currently
perform resolver caching, so there is no need to restart networked
services after rendering a new /etc/hosts file.

According to man hosts:

Before the advent of DNS, the host table was the only way of resolving hostnames on the fledgling Internet.

Today, this file is still used to configure a static lookup table for hostnames on Linux. The hosts file is a text file that associates IP addresses (v4 or v6) with hostnames, one line per IP address.

IP_address canonical_hostname [aliases...]

e.g.

10.0.0.1 myhost.example.com myhost

Would ensure that myhost.example.com and myhost both resolve to 10.0.0.1. The man page explicitly calls out the first element as being the canonical_hostname, but there are no technical requirements that differentiate this to aliases — each element must:

• Contain only alphanumeric characters, minus signs (“-”) and periods (“.”)
• Begin with an alphabetic character
• End with an alphanumeric character

The modeled settings enforce these requirements.

Per #921, we don't support DNS caching on Bottlerocket, so we shouldn't need to restart any additional services when we modify static DNS mappings.

Testing done:

• Test on aws-ecs-1
• Test on aws-k8s-1.22
• Test migrations

Example of using the feature:

[ec2-user@admin]$ sudo sheltie
bash-5.1# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 


bash-5.1# apiclient set -j '{"settings": {"network": {"hosts": [["10.0.0.1", ["test.example.com"]], ["127.0.0.1", ["test.bottlerocket.aws"]], ["10.0.0.1", ["test2.example.com"]]]}}}'
bash-5.1# apiclient get settings.network.hosts
{
  "settings": {
    "network": {
      "hosts": [
        [
          "10.0.0.1",
          [
            "test.example.com"
          ]
        ],
        [
          "127.0.0.1",
          [
            "test.bottlerocket.aws"
          ]
        ],
        [
          "10.0.0.1",
          [
            "test2.example.com"
          ]
        ]
      ]
    }
  }
}
bash-5.1# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 test.bottlerocket.aws
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 

10.0.0.1 test.example.com test2.example.com

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

[zmrow]

LGTM so far! Once the migrations are out I will give it another look-see

[cbgbt]

• Added README documentation
• Use BTreeMap to store host entries to preserve ordering

[cbgbt]

I'm going to make a few changes to the /etc/hosts template, documentation, and settings name based on some verbal feedback from the team. Should have revision up shortly 😄

[cbgbt]

A few changes:

• Setting name changed to settings.network.hosts.
• Modified /etc/hosts such that it can't contain duplicate line entries for host addresses

[cbgbt]

I keep ending up having strange conflicts with develop. Will fix the git tree.

[cbgbt]

Fixed, as well as fixed some code clarity issues.

[cbgbt]

I've been doing some extra reading about BTreeMap and my assumption that it preserves iteration order based on insertion is false: BTreeMap preserves iteration order based on key order. The common solution in the Rust community is to use IndexMap for a map which preserves insertion order.

This also means that I would need to assert that every serializer and deserializer which touches settings objects respects ordering. Fortunately for serde_json and toml this can be enabled by adding a feature flag, but we have a few points e.g. in migrations where helpers assume that a Map can be safely represented via a HashMap.

I'm looking into solving this either by building in order preservation to settings (which could be extremely difficult to continuously enforce in the Bottlerocket repo, even with great testing in the core settings path) or by changing our model here to use an ordered data structure, although this adds some uncomfortable ergonomic questions over how to use the feature.

[cbgbt]

I reworked the static DNS feature to use a Vec<(IpAddr, Vec<ValidLinuxHostname>)> as its internal representation, then added a helper method to merge IP address lines together (though this doesn't dedupe hostnames).

While it does make it a bit less ergonomic to specify mappings due to the use of lists to represent pairs, it safely models the behavior of /etc/hosts.

[cbgbt]

Force-pushed to rebase atop develop.

[bcressey]

I think there's an edge case here where the hostname isn't initially resolvable, but should resolve to a non-localhost IP provided in settings.network.hosts, after /etc/hosts is populated.

In that case, we'd incorrectly write /etc/hosts with the hostname as an alias for localhost.

[cbgbt]

Nice catch! I'll fix that and see if I can't add a unit test to cover that edge case.

[bcressey]

Where are we casting aside anything that doesn't parse as an IP address?

[cbgbt]

Whoops, holdover comment. This used to be much more "stringly typed" but I ended up routing all of the parsing through the models -- much cleaner now.

[cbgbt]

Force-pushed to address comments by @bcressey.

Added a unit test for the edge case. Additional testing of that change: https://gist.github.com/cbgbt/d0e7789fe3a9a12e2b59e59b6f2f0278

[bcressey]

LGTM once cargo fmt is happy.

[cbgbt]

Force-push to fix cargo-fmt issue.

[arnaldo2792]

nit: should the number be three?

[arnaldo2792]

nit: another inconsistent count?

[arnaldo2792]

nit:

Suggested change

	/// If `configured_hosts` is Some, the hostname will be considered resolvable if it is listed as an alias for any given IP address.
	/// If `configured_hosts` is set, the hostname will be considered resolvable if it is listed as an alias for any given IP address.

[arnaldo2792]

Nit: I think there are extra words here? Should the line be:

Suggested change

	// and an /etc/hosts configuration which points that contains that hostname as an alias to an IP address,
	// and an /etc/hosts configuration that contains that hostname as an alias to an IP address,

[arnaldo2792]

why can't all these tests be part of the same assert? Same question similar tests below.

[cbgbt]

I've tried to logically separate different checks into multiple assert lines here, so if one fails it's easier to reason about what behavior the check was testing for.

[fgutmann]

Hi I'm trying to validate if the current logic will work for our use-case.

1. Why in the example test3.example.com (10.1.1.0) is merged with the 10.0.0.0 line and thus effectively rewritten to 10.0.0.0?

2. Is it possible with the current logic to have one hostname to resolve to multiple IPs? The input syntax seems to support it. Just want to make sure no de-duplication will happen in this case. We will require a final /etc/hosts file that looks something like this:

10.0.2.252 test1.example.com
10.0.2.236 test1.example.com
10.0.3.205 test1.example.com

[cbgbt]

Hi, thanks for taking a look at this PR.

1. This is a documentation mistake, I meant for 10.1.1.0 to be a repeat of 10.0.0.0. I'll fix that.
2. Yes, you can have one hostname resolve to multiple IPs. De-duplication will only occur for IPs, not hostnames. If you submit something like the following, you should end up with /etc/hosts entries like the ones you've given:

hosts = [
    ["10.0.2.252", ["test1.example.com"]],
    ["10.0.2.236", ["test1.example.com"]],
    ["10.0.3.205", ["test1.example.com]]
]

[cbgbt]

Force push to address comments from @arnaldo2792

[cbgbt]

Additional push to address README issue pointed out by @fgutmann. Thanks!

[webern]

I'm cursed with the ability to always see a way to unit test. Otherwise this looks great.

[webern]

Just a suggestion...

Suggested change

	Note that this setting does not typically impact name resolution for containers, which usually rely on [orchestrator-specific](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_HostEntry.html) [mechanisms](https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/) for configuring static resolution.
	Note that this setting does not typically impact name resolution for containers, which usually rely on orchestrator-specific mechanisms for configuring static resolution.
	(See [ECS](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_HostEntry.html) and [Kubernetes](https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/) documentation for those mechanisms.)

[webern]

nit: newline crimes were committed

Entries which point to the loopback address are merged as aliases with the lowest precedence on the existing loopback line.

Most users don't need to change this setting as the following defaults work for the majority of use cases.
If this setting isn't set we attempt to use DNS reverse lookup for the hostname.
If the lookup is unsuccessful, the IP of the node is used.

##### Proxy settings

[webern]

Suggested change

	// Check number of parameters, must be exactly two (IP version, hostname, hosts overrides)
	// Check number of parameters, must be exactly three (IP version, hostname, hosts overrides)

[webern]

Maybe since we use this same message all over we could add ParamUnwrapSnafu variant with this message baked in and eliminate the strings from the code.

            msg: "Missing params after confirming that they exist.",

[webern]

Golfable if desired

Suggested change

	if let Ok(ip_address) = ip_address.parse::<IpAddr>() {
	ip_address == localhost_comparator
	} else {
	false
	}
	ip_address.parse::<IpAddr>().map(|ip_address| ip_address == localhost_comparator).unwrap_or_default()

[webern]

It's a stylistic preference, but I would return here and unindent the "else" code.

Suggested change

	if hosts_value.is_null() {
	// If hosts aren't set, just exit.
	Ok(())
	} else {
	if hosts_value.is_null() {
	// If hosts aren't set, just exit.
	return Ok(())
	}

[webern]

I was trying to think of a way to remove this impurity from this otherwise testable (and complex) function. Alas, I don't see a way to inject this network dependency.

Edit, well... as usual I did think of a way:

localhost_aliases could be a thin wrapper for localhost_aliases_impl.

localhost_aliases_impl takes a functor matching the signature of hostname_resolvable, then localhost_aliases becomes:

pub fn localhost_aliases(
    helper: &Helper<'_, '_>,
    h: &Handlebars,
    c: &Context,
    renderctx: &mut RenderContext<'_, '_>,
    out: &mut dyn Output,
) -> Result<(), RenderError> {
    localhost_aliases_impl(helper, h, c, renderctx, out, &hostname_resolvabe)
}

Then I think you could write tests for localhost_aliases_impl that takes a mock of the hostname_resolvable function.

[cbgbt]

I love function purity. Thanks for the tip, I'll implement this.

[cbgbt]

I toyed around with implementing something like this, but it ended up making it more challenging to understand and didn't necessarily improve testability, since there are a few tests here already which just use more apparently resolve-able or un-resolve-able hostnames.

[webern]

🤯

Nice rust.

[cbgbt]

Force push to make some stylistic and comment changes suggested by @webern

[etungsten]

Should we explain what the default is when this setting is not set? Or maybe it's obvious enough, and it would be too verbose.

[cbgbt]

I think it might be obvious enough to omit. I noticed that we don't always include the default value, for settings as well.

[cbgbt]

Force push to rebase.