[Bug 1826419] Re: dhcp agent configured with mismatching domain and host entries
James Page
james.page at ubuntu.com
Fri Apr 26 15:00:04 UTC 2019
Fairly; I was able to reproduce the mismatch even without designate;
specifically:
/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
extension_drivers = port_security,dns_domain_ports
/etc/neutron/neutron.conf
[DEFAULT]
dns_domain = jamespage.example.
I then updated the dns_domain on the private network:
openstack network set private --dns-domain designate.example.
and booted a couple of instances:
$ dnsmasq --no-hosts --pid-file=/opt/stack/data/neutron/dhcp/e2637497-2ed8-4a08-9cca-9b2cd86accd1/pid --dhcp-hostsfile=/opt/stack/data/neutron/dhcp/e2637497-2ed8-4a08-9cca-9b2cd86accd1/host --addn-hosts=/opt/stack/data/neutron/dhcp/e2637497-2ed8-4a08-9cca-9b2cd86accd1/addn_hosts --dhcp-optsfile=/opt/stack/data/neutron/dhcp/e2637497-2ed8-4a08-9cca-9b2cd86accd1/opts --dhcp-leasefile=/opt/stack/data/neutron/dhcp/e2637497-2ed8-4a08-9cca-9b2cd86accd1/leases --dhcp-match=set:ipxe,175 --dhcp-userclass=set:ipxe6,iPXE --local-service --bind-interfaces --dhcp-range=set:tag1,10.0.0.0,static,255.255.255.192,86400s --dhcp-option-force=option:mtu,1450 --dhcp-lease-max=64 --conf-file= --domain=designate.example.
$ cat /opt/stack/data/neutron/dhcp/e2637497-2ed8-4a08-9cca-9b2cd86accd1/host
fa:16:3e:9f:cf:f8,host-10-0-0-1.jamespage.example.,10.0.0.1
fa:16:3e:c3:0e:f7,host-10-0-0-2.jamespage.example.,10.0.0.2
fa:16:3e:4d:fc:2f,testserver-1.jamespage.example.,10.0.0.10
fa:16:3e:41:f8:61,testserver-2.jamespage.example.,10.0.0.32
you can clearly see that the entries in the host file are based on the
configured jamespage.example. but that the domain is set to
designate.example. as configured on the network.
This generates the forward/reverse DNS lookup mismatch from an instance
perspective.
The dns_assignment of one of the servers ports looks like:
| dns_assignment | fqdn='testserver-1.jamespage.example.',
hostname='testserver-1', ip_address='10.0.0.10'
|
this is used to populate the dnsmasq host file.
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to neutron in Ubuntu.
https://bugs.launchpad.net/bugs/1826419
Title:
dhcp agent configured with mismatching domain and host entries
Status in neutron:
New
Status in neutron package in Ubuntu:
New
Bug description:
Related bug 1774710 and bug 1580588
The neutron-dhcp-agent in OpenStack >= Queens makes use of the
dns_domain value set on a network to configure the '--domain'
parameter of the dnsmasq instance that supports it; at the same time,
neutron makes use of CONF.dns_domain when creating dns_assignments for
ports - this results in a hosts file for the dnsmasq instance which
uses CONF.dns_domain and a --domain parameter of network.dns_domain
which do not match.
This results in a search path on instances booted attached to the
network which is inconsistent with the internal DNS entries that
dnsmasq responds with:
root at bionic-045546-2:~# host 192.168.21.222
222.21.168.192.in-addr.arpa domain name pointer bionic-045546-2.jamespage.internal.
root at bionic-045546-2:~# host bionic-045546-2
bionic-045546-2.designate.local has address 192.168.21.222
In the above example:
CONF.dns_domain = jamespage.internal.
network.dns_domain = designate.local.
Based on previous discussion in bug 1580588 I think that the
dns_domain value for a network was intented for use for external DNS
integration such as that provided by Designate.
The changed made under commit:
https://opendev.org/openstack/neutron/commit/137a6d61053
appear to break this assumption, producing somewhat inconsistent
behaviour in the dnsmasq instance for the network.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1826419/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list