[Bug 1826419] Re: dhcp agent configured with mismatching domain and host entries
Jorge Niedbalski
1826419 at bugs.launchpad.net
Thu May 9 17:56:50 UTC 2019
I am able to reproduce the bug 1) Forward and reverse resolution is not
honoring the network defined dns-domain. -expressed on my previous
comment without even having designate enabled on my setup.
Deploying this bundle: http://paste.ubuntu.com/p/FZff5NqfvN/ , with the following neutron config options, please
note that a global.neutron. domain has been configured for neutron.
options:
dns-domain: global.neutron.
enable-ml2-dns: true
enable-ml2-port-security: true
flat-network-providers: physnet1
neutron-security-groups: true
reverse-dns-lookup: true
Then associating a specific domain (local.neutron) to the private
network:
$ neutron net-update --dns-domain local.neutron. private
ubuntu at niedbalski-bastion:~/stsstack-bundles/openstack$ openstack network show private | grep dns_domain
| dns_domain | local.neutron. |
After this step, I launched 3 instances that are associated to this private network.Then if I look into
the --domain attribute of the dnsmasq instance I can see that the configured domain remains as the dns-domain
set for the network.
verifying the --dns-domain option used on the instances network namespace.
root at juju-2e7dc7-1826419-5:/home/ubuntu# ip netns exec qrouter-c5a67f6a-3a15-4dcd-923d-c5c457beddff bash
root at juju-2e7dc7-1826419-5:/home/ubuntu# ps aux|grep dns|grep domain
nobody 491 0.0 0.0 53328 2888 ? S 17:00 0:00 dnsmasq --no-hosts --no-resolv --except-interface=lo --[...]
87/leases --dhcp-match=set:ipxe,175 --bind-interfaces --interface=ns-75130a43-55 --dhcp-range=set:tag0,192.168.21.0,static,255.255.255.0,86400s --dhcp-option-force=option:mtu,1458 --dhcp-lease-max=256 --conf-file=/etc/neutron/dnsmasq.conf --domain=local.neutron.
However, the dhcp host file generated from the dns-assignments are pointing to the global
domain set in neutron-api.
root at juju-2e7dc7-1826419-5:/home/ubuntu# more
/var/lib/neutron/dhcp/77902f51-2ac8-4ef1-97d1-962dd745ba87/host
fa:16:3e:d0:80:35,host-192-168-21-1.global.neutron.,192.168.21.1
fa:16:3e:f0:e2:a5,host-192-168-21-2.global.neutron.,192.168.21.2
fa:16:3e:1d:25:6d,cirros-170754-1.global.neutron.,192.168.21.4
fa:16:3e:39:12:a2,cirros-170754-2.global.neutron.,192.168.21.5
fa:16:3e:5b:cd:48,cirros-170754-3.global.neutron.,192.168.21.16
Then if I look at any of the port's dns-assignment they're also pointing to the global.neutron. domain,
not the one defined for the network
ubuntu at niedbalski-bastion:~/stsstack-bundles/openstack$ neutron port-show 75130a43-558e-4b17-90b8-45dc853fbaf7 | grep dns
| dns_assignment | {"hostname": "host-192-168-21-2", "ip_address": "192.168.21.2", "fqdn": "host-192-168-21-2.global.neutron."} |
This port assignment explains the mismatch in the dnsmasq resolution, because this is used for generating
the hosts file used by dnsmasq.
In my opinion rather than reverting this patch, the way to fix this is to adjust the https://github.com/openstack/neutron/blob/c21d922abd1208a72fe64d404a8eab93e0c56870/neutron/plugins/ml2/extensions/dns_integration.py#L287
dns_assignment update to use the network provided dns_name instead of the global configuration.
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to neutron in Ubuntu.
https://bugs.launchpad.net/bugs/1826419
Title:
dhcp agent configured with mismatching domain and host entries
Status in neutron:
In Progress
Status in neutron package in Ubuntu:
New
Bug description:
Related bug 1774710 and bug 1580588
The neutron-dhcp-agent in OpenStack >= Queens makes use of the
dns_domain value set on a network to configure the '--domain'
parameter of the dnsmasq instance that supports it; at the same time,
neutron makes use of CONF.dns_domain when creating dns_assignments for
ports - this results in a hosts file for the dnsmasq instance which
uses CONF.dns_domain and a --domain parameter of network.dns_domain
which do not match.
This results in a search path on instances booted attached to the
network which is inconsistent with the internal DNS entries that
dnsmasq responds with:
root at bionic-045546-2:~# host 192.168.21.222
222.21.168.192.in-addr.arpa domain name pointer bionic-045546-2.jamespage.internal.
root at bionic-045546-2:~# host bionic-045546-2
bionic-045546-2.designate.local has address 192.168.21.222
In the above example:
CONF.dns_domain = jamespage.internal.
network.dns_domain = designate.local.
Based on previous discussion in bug 1580588 I think that the
dns_domain value for a network was intented for use for external DNS
integration such as that provided by Designate.
The changed made under commit:
https://opendev.org/openstack/neutron/commit/137a6d61053
appear to break this assumption, producing somewhat inconsistent
behaviour in the dnsmasq instance for the network.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1826419/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list