Update the publicDNSQueryURI in DNS Check to https://quay.io

[vyasgun]

Relates to: Issue #4218 (error code 301 was seen in this issue)

Solution/Idea

Change the publicDNSQueryURI to https to prevent 301 Moved Permanently during DNS check.

The alternate is to add -sSL flags to the curl command during the check for a quiet follow to any redirects.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[gbraad]

Follow is good, but I think it is better to do

curl -sSL

-S: This option is used in conjunction with -s (silent). It stands for "show error." When used with -s, it will still suppress the progress meter but will show error messages if the request fails. This could be beneficial for logging and debugging purposes since it reduces noise. It might even be possible to return the actual error as user-facing information. WDYT?

[vyasgun]

Thank you for the review - I updated the PR to use the https://quay.io as I feel it's simpler to just update the URL.

[gbraad]

97ee5fc#r1853762839 => Perhaps the error message can be helpful to the user.

[kaovilai]

It's a DNS check, not a what's showing at the website check. Why is this needed?

[kaovilai]

@vyasgun

DEBU SSH command results: err: , output: HTTP/1.1 301 Moved Permanently

is not an error.

err: <nil>

[kaovilai]

Informational responses (100 – 199)
Successful responses (200 – 299)
Redirection messages (300 – 399)
Client error responses (400 – 499)
Server error responses (500 – 599)

src

[vyasgun]

@kaovilai yes but checking at https://quay.io instead of http://quay.io returns 200 which is a clearer way to interpret that the check succeeded and also serves the same purpose of querying quay.io.

[kaovilai]

I would prefer the test actually be a dns query as the name implies...

❯ dig quay.io +short
54.243.17.128
54.85.81.91
3.219.175.113
54.210.148.48
52.54.136.228
52.55.96.46

~
❯ dig non-exist.quay.io +short

and check for non-empty output.

but this is a step in the right direction. just saying it's not solving an error.

[openshift-ci]

@kaovilai: changing LGTM is restricted to collaborators

In response to this:

I would prefer the test actually be a dns query as the name implies...

❯ dig quay.io +short
54.243.17.128
54.85.81.91
3.219.175.113
54.210.148.48
52.54.136.228
52.55.96.46

~
❯ dig non-exist.quay.io +short

and check for non-empty output.

but this is a step in the right direction. just saying it's not solving an error.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: kaovilai
Once this PR has been reviewed and has the lgtm label, please assign evidolob for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@vyasgun: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/integration-crc	ae2a8f8	link	true	/test integration-crc
ci/prow/e2e-crc	ae2a8f8	link	true	/test e2e-crc

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[praveenkumar]

Relates to: Issue #4218 (error code 301 was seen in this issue)

@vyasgun This doesn't look like related to this issue, or I am missing something here.

[vyasgun]

@praveenkumar you are right -- it is not directly related to the issue except that as mentioned in the description, it was seen in the logs of this issue and prompted some discussion and I was looking into it. This is not even an error but just adding https to the query URI improves clarity of the debug message as well as performing the same task of querying quay.io. Should I update the description to something else to prevent confusion?

[cfergeau]

I would prefer the test actually be a dns query as the name implies...

❯ dig quay.io +short
54.243.17.128
54.85.81.91
3.219.175.113
54.210.148.48
52.54.136.228
52.55.96.46

~
❯ dig non-exist.quay.io +short

and check for non-empty output.

but this is a step in the right direction. just saying it's not solving an error.

This used to be tested this way, but this does not work when an http proxy is involved. This was changed in 52279b3eaf7c7b , details can be found in the commit log.

We could also have two different code paths for proxy/non-proxy, not sure this was discussed/considered at the time of this PR.