MAAS

[2.4a1, b1] DHCP does not offer all DNS servers

Bug #1753493 reported by Mark Shuttleworth
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MAAS
Fix Released
Critical
Mike Pontillo
MAAS 2.4.0beta2
2.3
Fix Released
Critical
Mike Pontillo
MAAS 2.3.3

Bug Description

I have two MAAS region API servers, 192.168.9.10 and 192.168.9.7, both have maas-dns installed. The file /var/lib/maas/dhcpd.conf has this:

           option domain-name-servers 192.168.9.10, 192.168.9.10;
           option domain-name "maas";
           option domain-search "maas", "mallards";

I would expect one of the name-servers to be 192.168.9.7 rather than the duplication of 192.168.9.10.

Related branches

~mpontillo/maas:ha-dns-servers--bug-1753493--2.3
Mike Pontillo (community): Approve
Diff: 105 lines (+41/-7)
2 files modified
src/maasserver/server_address.py (+12/-3)
src/maasserver/tests/test_server_address.py (+29/-4)
~mpontillo/maas:ha-dns-servers--bug-1753493
Andres Rodriguez (community): Approve
MAAS Lander: Approve
Alberto Donato (community): Needs Fixing
Diff: 105 lines (+41/-7)
2 files modified
src/maasserver/server_address.py (+12/-3)
src/maasserver/tests/test_server_address.py (+29/-4)
Revision history for this message
Andres Rodriguez (andreserl) wrote : Re: [2.4] DHCP does not offer all DNS servers

Uhm, this seems like a regression in determining all the endpoints. We'll investigate but definitely seems like a issue we need to fix asap.

Changed in maas:
milestone: none → 2.4.0beta1
importance: Undecided → High
status: New → Triaged
summary: - DHCP does not offer all DNS servers
+ [2.4] DHCP does not offer all DNS servers
summary: - [2.4] DHCP does not offer all DNS servers
+ [2.4a1] DHCP does not offer all DNS servers
Andres Rodriguez (andreserl)
summary: - [2.4a1] DHCP does not offer all DNS servers
+ [2.4a1, b1] DHCP does not offer all DNS servers
Andres Rodriguez (andreserl)
Changed in maas:
milestone: 2.4.0beta1 → 2.4.0beta2
Andres Rodriguez (andreserl)
Changed in maas:
assignee: nobody → Mike Pontillo (mpontillo)
Revision history for this message
Andres Rodriguez (andreserl) wrote :

I can confirm this issue in 2.3. I have tested with 2 region/racks, and the output in 2.3 is:

           option domain-name-servers 10.90.90.1, 10.90.90.3;

The output in 2.4 is:

           option domain-name-servers 10.90.90.1, 10.90.90.1;

In my case 10.90.90.1 is the primary region/rack. It seems it is correctly adding a secondary entry for the secondary region/rack controller, but it is not considering the IP facing the machines as secondary.

In my environment, I'm forcing secondary rackd.conf to also point to 10.90.90.1 (e.g. as if it was a VIP), and in 2.3 is handled it correctly and 2.4 is not. So if I were to have a VIP of 10.90.90.100 this should be:

           option domain-name-servers 10.90.90.100, 10.90.90.1, 10.90.90.3;

Revision history for this message
Andres Rodriguez (andreserl) wrote :

I've upgraded to 2.3.1/2 and I can confirm that this behavior has regressed:

option domain-name-servers 10.90.90.1, 10.90.90.1;

Changed in maas:
importance: High → Critical
Revision history for this message
Mark Shuttleworth (sabdfl) wrote : Re: [Bug 1753493] Re: [2.4a1, b1] DHCP does not offer all DNS servers

I think VIPs should be expressly modelled in MAAS, but that's a feature
for the future. For now, I would expect the DNS servers to be called out
expressly at their native (non-VIP) IPs.

Mark

Revision history for this message
Mike Pontillo (mpontillo) wrote :

Similarly, I can confirm that when I have MAAS 2.3.0 installed in HA mode and I point both rackd.conf files to the same region IP address, this behavior does not occur. But when I upgrade to 2.3.2 I see the issue.

I think a complete solution would require MAAS to model virtual IPs. For example, if a web proxy is being used to provide HA, it wouldn't work with DNS, and both region IP addresses should be provided. But if a floating IP was being used, it might be preferable for all the nodes to simply point at the VIP.

Andres Rodriguez (andreserl)
Changed in maas:
status: Triaged → In Progress
Revision history for this message
Mike Pontillo (mpontillo) wrote :

To clarify, we'll fix this bug without modeling VIPs. Apologies if my previous comment wasn't clear. I agree with the "for the future" sentiment in comment #4. (Though I posted my comment without first seeing that reply, heh.)

MAAS Lander (maas-lander)
Changed in maas:
status: In Progress → Fix Committed
Revision history for this message
Mark Shuttleworth (sabdfl) wrote :

I would not use VIPs for protocols which naturally handle having
multiple servers.

It is normal to have multiple DNS server addresses available to clients.
It is normal to have multiple NTP server addresses available to clients.

The clients in these protocols know how to use multiple servers.

For these, we do not use VIPs.

More than that, a VIP can fail to move. Using a VIP means trusting yet
another component to work. That's a bad idea when it's not necessary.

For now, please simply:

 * establish the native (non-VIP) addresses for the rack servers
 * use those addresses for NTP and DNS please

Mark

Andres Rodriguez (andreserl)
Changed in maas:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.