Merge ~mpontillo/maas:ha-dns-servers--bug-1753493 into maas:master

UNIT TESTS
-b ha-dns-servers--bug-1753493 lp:~mpontillo/maas/+git/maas into -b master lp:~maas-committers/maas

STATUS: FAILED
LOG: http://maas-ci-jenkins.internal:8080/job/maas/job/branch-tester/2379/console
COMMIT: a566ab08c57e4ebd9749d30dacdebbf3fbbca182

UNIT TESTS
-b ha-dns-servers--bug-1753493 lp:~mpontillo/maas/+git/maas into -b master lp:~maas-committers/maas

STATUS: SUCCESS
COMMIT: 40ef15783f0ad0a1694811c082f9b5201550c78a

Mike I have some inline comments, but also I have a few questions.

Say we have this:

1. Scenario 1:
region/rack1 - 10.1
region/rack2 - 10.2

This would yield DNS such as 10.1, 10.2

2. Scenario 2:
region/rack1 - 10.1 | foalting IP on same subnet 10.3
region/rack2 - 10.2

This would yield to DNS be 10.3, 10.1, 10.2

3. Scenario 3 (isolated region/rack networks):
region/rack1 - 9.1
region/rack2 - 9.2
rackd.conf:maas_url in both points to: 10.1 and they have a proxy in the rack.

This would yield to DNS be 10.1 and not (9.1 nor 9.2). This should be the same for deployed machines.

fwiw, in other words:

Do we always add what's in rackd.conf:maas_url as a DNS + whatever other IP addresses of the region controller in the same subnet ?

Ok, so I've quickly tested this, and it is dropping the IP of maas_url. I have this:

region/rack1: 90.1 & 90.2 (the latter is a "vip")
 - rackd.conf:maas_url: http://...90.1:5240/MAAS

region/rack2: 90.3
 - rackd:confmaas_url: http://...90.2:5240/MAAS

Before this change region/rackd2 have the following, which is missing 1 ip (90.3), but it is correctly using the value on rackd.conf:maas_url (which is the VIP 90.2)

ubuntu@node01:~$ cat /var/lib/maas/dhcpd.conf | grep domain-name-server
           option domain-name-servers 10.90.90.2, 10.90.90.1;
           option domain-name-servers 10.90.90.2, 10.90.90.1;

AFter this change it is correctly using the value of both *actual* regions, but it is dropping the VIP.

ubuntu@node01:~$ cat /var/lib/maas/dhcpd.conf | grep domain-name-server
           option domain-name-servers 10.90.90.1, 10.90.90.3;
           option domain-name-servers 10.90.90.1, 10.90.90.3;

This branch is regressing things even further.

FWIW, what's missing here (90.2) is the IP where a rack is told the region is. So this should have:

1. The IP the rack controller knows is maas_url
2. The IP of all regions in the same subnet as maas_url IP, if exist.

But (1) should never be missing.

This is why I wanted to split up this function or add an additional
'purpose' parameter. (But I didn't do that yet, because I wanted the
smallest possible fix to backport.) Unless we know a floating IP address is
going to be used for HA, and not a reverse proxy, we cannot assume the IP
address from maas_url can be used for DNS. The simplest solution is to not
return it, but only in certain cases.

We will still return the maas_url based URL if you only ask for one IP
address. If you want alternatives, that means you're asking for DNS
servers, so the maas_url could actually be wrong, and what you really want
is to use the maas_url as an example of a known reachable subnet, and
return all the region IPs in that subnet. That's what this branch does.

On Wed, Apr 11, 2018, 07:26 Andres Rodriguez <email address hidden>
wrote:

> FWIW, what's missing here (90.2) is the IP where a rack is told the region
> is. So this should have:
>
> 1. The IP the rack controller knows is maas_url
> 2. The IP of all regions in the same subnet as maas_url IP, if exist.
>
> But (1) should never be missing.
> --
> https://code.launchpad.net/~mpontillo/maas/+git/maas/+merge/342979
> You are the owner of ~mpontillo/maas:ha-dns-servers--bug-1753493.
>

Mike,

Lets go to the original design and the original intent of how this is supposed to work.

It does *not* matter whether this IP is a VIP or a real IP assigned to a machine that is on the same subnet, or on a routed subnet. The premise is that the IP needs to be routable for the machines.

As such, the design is that machines need to be told two things:

1. The IP of maas_url from the rack they boot from, because that's the only place where we know where the region is (regardless of whether this is a VIP or not).
2. The *other* region IP address that face the machines.

What's missing here is maas_url which should *always* be present regardless of it being a single region/rack, a multi-region in the same subnet, a multi-region with VIP's or a split region/rack with a routed l3.

FWIW, this is the output of a deployed machine. The rackd.conf:maas_url: http://10.90.90.2:5240/MAAS

That tells the machines being deployed that;

1. The region is in 90.2
2. The metadata server is in 90.2
3. The proxy is in 90.2
4. The DNS server is in 90.2

As such, it doesn't matter if this IP is routed, on same subnet, a VIP or whatever. MAAS needs to be smart about this, because:

1. Machine facing rack controllers know where the region is (10.2).
2. MAAS knows the network model, and can determine that there's regions on the same subnet (10.1, 10.3)

Based on your changes, there's a lot of inconsistencies here provided that everything but DNS is correct (note that NTP is a different story, because NTP is based on rack connections).

ubuntu@pod-node01:/etc$ grep -sr 10.90.90. *
apt/apt.conf.d/90curtin-aptproxy:Acquire::http::Proxy "http://10.90.90.2:8000/";
cloud/cloud.cfg.d/90_dpkg_local_cloud_config.cfg: proxy: http://10.90.90.2:8000/
cloud/cloud.cfg.d/90_dpkg_local_cloud_config.cfg:apt_proxy: http://10.90.90.2:8000/
cloud/cloud.cfg.d/90_dpkg_local_cloud_config.cfg: maas: {consumer_key: vxJUs6nQy7SZ4rfsdy, endpoint: 'http://10.90.90.2:5240/MAAS/metadata/status/r73ym7',
cloud/cloud.cfg.d/50-curtin-networking.cfg: - address: 10.90.90.189/24
cloud/cloud.cfg.d/50-curtin-networking.cfg: gateway: 10.90.90.1
cloud/cloud.cfg.d/50-curtin-networking.cfg: - 10.90.90.3
cloud/cloud.cfg.d/50-curtin-networking.cfg: - 10.90.90.1
network/interfaces.d/50-cloud-init.cfg: dns-nameservers 10.90.90.3 10.90.90.1
network/interfaces.d/50-cloud-init.cfg: address 10.90.90.189/24
network/interfaces.d/50-cloud-init.cfg: gateway 10.90.90.1
ntp.conf:server 10.90.90.1 iburst
ntp.conf:server 10.90.90.3 iburst
resolv.conf:nameserver 10.90.90.3
resolv.conf:nameserver 10.90.90.1

@ack, thanks for your comments; the reason a sorted() set wasn't used is because the first returned IP address was supposed to be the maas_url, so we only wanted a partial sort. I'll consider your feedback as I'm fixing up this branch though.

Additional comments inline.

UNIT TESTS
-b ha-dns-servers--bug-1753493 lp:~mpontillo/maas/+git/maas into -b master lp:~maas-committers/maas

STATUS: SUCCESS
COMMIT: 04614560bd9c49c79fc2ff6c0799eb19ed336386

questions inline.

Responses inline.

Testing went well. I did notice a weird issue but could have been due to manual modifucation of the code. ONce this lands I'll do another round of testing.