fix(cli): adjust internal DNS when cloud VM is detected

2025-12-16 15:30:19 +08:00
7 changed files with 104 additions and 39 deletions
--- a/cli/pkg/bootstrap/os/module.go
+++ b/cli/pkg/bootstrap/os/module.go
@@ -100,18 +100,9 @@ func (c *ConfigSystemModule) Init() {
 		Retry:    0,
 	}

-	configProxyTask := &task.RemoteTask{
-		Name:     "ConfigProxy",
-		Hosts:    c.Runtime.GetAllHosts(),
-		Action:   new(ConfigProxyTask),
-		Parallel: false,
-		Retry:    0,
-	}
-
 	c.Tasks = []task.Interface{
 		updateNtpDateTask,
 		timeSyncTask,
-		configProxyTask,
 	}
 }

--- a/cli/pkg/bootstrap/os/tasks.go
+++ b/cli/pkg/bootstrap/os/tasks.go
@@ -204,24 +204,6 @@ exit 0`, setNTPCommand, hwclockCmd)
 	return nil
 }

-type ConfigProxyTask struct {
-	common.KubeAction
-}
-
-func (t *ConfigProxyTask) Execute(runtime connector.Runtime) error {
-	if common.ResolvProxy == "" {
-		return nil
-	}
-
-	var cmd = fmt.Sprintf("echo nameserver %s > /etc/resolv.conf", common.ResolvProxy)
-	if _, err := runtime.GetRunner().SudoCmd(cmd, false, true); err != nil {
-		logger.Errorf("failed to execute %s: %v", cmd, err)
-		return err
-	}
-
-	return nil
-}
-
 type NodeConfigureOS struct {
 	common.KubeAction
 }
--- a/cli/pkg/bootstrap/patch/tasks.go
+++ b/cli/pkg/bootstrap/patch/tasks.go
@@ -275,9 +275,17 @@ func (t *DisableLocalDNSTask) configResolvConf(runtime connector.Runtime) error
 	overrideOp := ">"
 	appendOp := ">>"

-	if common.CloudVendor == common.CloudVendorAliYun {
+	var internalDNS string
+	if util.IsOnAliyunECS() {
+		internalDNS = "100.100.10.12"
+	} else if util.IsOnAWSEC2() {
+		internalDNS = "169.254.169.253"
+	} else if util.IsOnTencentCVM() {
+		internalDNS = "183.60.83.19"
+	}
+	if internalDNS != "" {
 		secondNameserverOp = appendOp
-		cmd = `echo 'nameserver 100.100.2.136' > /etc/resolv.conf`
+		cmd = fmt.Sprintf("echo 'nameserver %s' > /etc/resolv.conf", internalDNS)
 		if _, err = runtime.GetRunner().SudoCmd(cmd, false, true); err != nil {
 			logger.Errorf("exec %s error %v", cmd, err)
 			return err
--- a/cli/pkg/common/common.go
+++ b/cli/pkg/common/common.go
@@ -169,21 +169,11 @@ const (
 	ManagedMinIO = "managed-minio"
 )

-var (
-	CloudVendor = os.Getenv("CLOUD_VENDOR")
-	ResolvProxy = os.Getenv("PROXY")
-)
-
 const (
 	OlaresRegistryMirrorHost       = "mirrors.joinolares.cn"
 	OlaresRegistryMirrorHostLegacy = "mirrors.jointerminus.cn"
 )

-const (
-	CloudVendorAliYun = "aliyun"
-	CloudVendorAWS    = "aws"
-)
-
 const (
 	RaspbianCmdlineFile  = "/boot/cmdline.txt"
 	RaspbianFirmwareFile = "/boot/firmware/cmdline.txt"
--- a/cli/pkg/core/util/ip.go
+++ b/cli/pkg/core/util/ip.go
@@ -331,3 +331,46 @@ func GetPublicIPFromTencentIMDS() (net.IP, error) {
 	logger.Debugf("retrieved public IP info from Tencent metadata service: %s", string(body))
 	return net.ParseIP(strings.TrimSpace(string(body))), nil
 }
+
+func GetPublicIPFromAliyunIMDS() (net.IP, error) {
+	token, err := GetTokenFromAliyunIMDS()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get Aliyun ECS IMDS token: %v", err)
+	}
+	url := "http://100.100.100.200/latest/meta-data/public-ipv4"
+	req, err := http.NewRequest(http.MethodGet, url, nil)
+	if err != nil {
+		return nil, fmt.Errorf("failed to build http request: %v", err)
+	}
+	req.Header.Set("X-aliyun-ecs-metadata-token", token)
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to reach Aliyun metadata service")
+	}
+	defer resp.Body.Close()
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to read response from Aliyun metadata service")
+	}
+	logger.Debugf("retrieved public IP info from Aliyun metadata service: %s", string(body))
+	return net.ParseIP(strings.TrimSpace(string(body))), nil
+}
+
+func GetTokenFromAliyunIMDS() (string, error) {
+	url := "http://100.100.100.200/latest/api/token"
+	req, err := http.NewRequest(http.MethodPut, url, nil)
+	if err != nil {
+		return "", fmt.Errorf("failed to build http request: %v", err)
+	}
+	req.Header.Set("X-aliyun-ecs-metadata-token-ttl-seconds", "600")
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return "", errors.Wrap(err, "failed to reach Aliyun metadata service")
+	}
+	defer resp.Body.Close()
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return "", errors.Wrap(err, "failed to read response from Aliyun metadata service")
+	}
+	return strings.TrimSpace(string(body)), nil
+}
--- a/cli/pkg/core/util/util.go
+++ b/cli/pkg/core/util/util.go
@@ -264,3 +264,41 @@ func IsOnTencentCVM() bool {
 	defer resp.Body.Close()
 	return resp.StatusCode == http.StatusOK
 }
+
+func IsOnAliyunECS() bool {
+	vendorFiles := []string{
+		"/sys/class/dmi/id/sys_vendor",
+		"/sys/class/dmi/id/board_vendor",
+		"/sys/class/dmi/id/bios_vendor",
+		"/sys/class/dmi/id/product_name",
+	}
+	for _, p := range vendorFiles {
+		if b, err := os.ReadFile(p); err == nil {
+			s := strings.ToLower(strings.TrimSpace(string(b)))
+			if strings.Contains(s, "alibaba") || strings.Contains(s, "aliyun") {
+				return true
+			}
+		}
+	}
+
+	if IsExist("/etc/aliyun-release") {
+		return true
+	}
+
+	reqCtx, cancel := context.WithTimeout(context.Background(), 400*time.Millisecond)
+	defer cancel()
+	req, _ := http.NewRequestWithContext(reqCtx, http.MethodGet, "http://100.100.100.200/latest/meta-data/instance-id", nil)
+
+	tr := &http.Transport{
+		Proxy: nil,
+		DialContext: (&net.Dialer{
+			Timeout: 250 * time.Millisecond,
+		}).DialContext,
+	}
+	resp, err := (&http.Client{Transport: tr}).Do(req)
+	if err != nil {
+		return false
+	}
+	defer resp.Body.Close()
+	return resp.StatusCode == http.StatusOK
+}
--- a/cli/pkg/terminus/tasks.go
+++ b/cli/pkg/terminus/tasks.go
@@ -738,6 +738,19 @@ func (p *DetectPublicIPAddress) Execute(runtime connector.Runtime) error {
 		}
 	}

+	if util.IsOnAliyunECS() {
+		logger.Info("on Aliyun ECS instance, will try to check if a public IP address is bound")
+		aliyunPublicIP, err := util.GetPublicIPFromAliyunIMDS()
+		if err != nil {
+			return errors.Wrap(err, "failed to get public IP from Aliyun")
+		}
+		if aliyunPublicIP != nil {
+			logger.Info("retrieved public IP addresses from IMDS")
+			p.KubeConf.Arg.NetworkSettings.CloudProviderPublicIP = aliyunPublicIP
+			return nil
+		}
+	}
+
 	osPublicIPs, err := util.GetPublicIPsFromOS()
 	if err != nil {
 		return errors.Wrap(err, "failed to get public IPs from OS")