MAAS

Merge ~ack/maas:1871584-subnet-no-dns-fix into maas:master

  1. Git
  2. lp:~ack/maas
  3. 1871584-subnet-no-dns-fix
  4. Merge into master
Proposed by Alberto Donato
Status: Merged
Approved by: Alberto Donato
Approved revision: 3cab34e0e47d0d1a7ce201847ee5d8e6e4ef0835
Merge reported by: MAAS Lander
Merged at revision: not available
Proposed branch: ~ack/maas:1871584-subnet-no-dns-fix
Merge into: maas:master
Diff against target: 158 lines (+69/-17)
2 files modified
src/maasserver/dns/tests/test_zonegenerator.py (+51/-1)
src/maasserver/dns/zonegenerator.py (+18/-16)
Reviewer Review Type Date Requested Status
Lee Trager (community) Approve
MAAS Lander Approve
Review via email: mp+382058@code.launchpad.net

Commit message

LP: #1871584 - include MAAS IP in DNS zone even if subnet has allow_dns false

To post a comment you must log in.
Revision history for this message
MAAS Lander (maas-lander) wrote :

UNIT TESTS
-b 1871584-subnet-no-dns-fix lp:~ack/maas/+git/maas into -b master lp:~maas-committers/maas

STATUS: FAILED
LOG: http://maas-ci-jenkins.internal:8080/job/maas/job/branch-tester/7384/console
COMMIT: be5346aa4319a7204e72bb4327eee044091bcb85

review: Needs Fixing
Revision history for this message
MAAS Lander (maas-lander) wrote :

UNIT TESTS
-b 1871584-subnet-no-dns-fix lp:~ack/maas/+git/maas into -b master lp:~maas-committers/maas

STATUS: FAILED
LOG: http://maas-ci-jenkins.internal:8080/job/maas/job/branch-tester/7385/console
COMMIT: 1f635f1e3dfaf74f188b8a180d92a998c72886cb

review: Needs Fixing
Revision history for this message
MAAS Lander (maas-lander) wrote :

UNIT TESTS
-b 1871584-subnet-no-dns-fix lp:~ack/maas/+git/maas into -b master lp:~maas-committers/maas

STATUS: SUCCESS
COMMIT: 9c194b55e3c937f7a62fe14c51e2ce5faaa15f8a

review: Approve
Revision history for this message
Lee Trager (ltrager) wrote :

This would break LP:1847537. Users need to have a way to completely disable MAAS DNS. Even if DNS is disabled they may want to continue to access MAAS by DNS via their own DNS servers.

Users should be warned that this will disable MAAS DNS but it still needs to be allowed.

review: Disapprove
Revision history for this message
Alberto Donato (ack) wrote :

Why would this change break it?

DNS IPs for subnets where allow_dns=False are still not included when a rack_controller is passed to the function, which is what happens when asking for the list of DNSs for a node.

The change only affects getting the list of entries to populate the DNS zone file.

Revision history for this message
Lee Trager (ltrager) wrote :

I think this would break MAAS in a different way then I was envisioning originally. preseed_network calls Node.get_default_dns_servers() to check if DNS servers should be listed in the generated Netplan.yaml. get_dns_server_addresses() is called by Node.get_default_dns_servers(), the Rack's passed come from Node.get_boot_primary_rack_controller() and Node.get_boot_secondary_rack_controller(). Both of those functions return None when DHCP is disabled on the VLAN.

With this patch if a user deploys on a network with DHCP disabled on the boot interface(using a static IP configured in the firmware) and allow_dns is set to True no DNS servers will be added even though it was requested.

Revision history for this message
Alberto Donato (ack) wrote :

I see, I didn't know that was the case.

I've updated the change to add an explicit flag to toggle filtering out on networks with allow_dns=False, which is on by default and switched off when generating DNS zones.

Revision history for this message
MAAS Lander (maas-lander) wrote :

UNIT TESTS
-b 1871584-subnet-no-dns-fix lp:~ack/maas/+git/maas into -b master lp:~maas-committers/maas

STATUS: FAILED
LOG: http://maas-ci-jenkins.internal:8080/job/maas/job/branch-tester/7398/console
COMMIT: 212b7bd00a0b9b184e3d960e6f37034ca89b7496

review: Needs Fixing
Revision history for this message
MAAS Lander (maas-lander) wrote :

UNIT TESTS
-b 1871584-subnet-no-dns-fix lp:~ack/maas/+git/maas into -b master lp:~maas-committers/maas

STATUS: SUCCESS
COMMIT: 619bf924d3ac295159817e13a45604758a304a14

review: Approve
Revision history for this message
MAAS Lander (maas-lander) wrote :

UNIT TESTS
-b 1871584-subnet-no-dns-fix lp:~ack/maas/+git/maas into -b master lp:~maas-committers/maas

STATUS: SUCCESS
COMMIT: 3cab34e0e47d0d1a7ce201847ee5d8e6e4ef0835

review: Approve
Revision history for this message
Lee Trager (ltrager) wrote :

LGTM!

review: Approve

There was an error fetching revisions from git servers. Please try again in a few minutes. If the problem persists, contact Launchpad support.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/src/maasserver/dns/tests/test_zonegenerator.py b/src/maasserver/dns/tests/test_zonegenerator.py
2index 7499924..5655873 100644
3--- a/src/maasserver/dns/tests/test_zonegenerator.py
4+++ b/src/maasserver/dns/tests/test_zonegenerator.py
5@@ -27,6 +27,7 @@ from maasserver.dns import zonegenerator
6 from maasserver.dns.zonegenerator import (
7 get_dns_search_paths,
8 get_dns_server_address,
9+ get_dns_server_addresses,
10 get_hostname_dnsdata_mapping,
11 get_hostname_ip_mapping,
12 InternalDomain,
13@@ -82,7 +83,7 @@ class TestGetDNSServerAddress(MAASServerTestCase):
14 self.assertThat(
15 patch,
16 MockCalledOnceWith(
17- ANY,
18+ rack_controller=None,
19 include_alternates=False,
20 ipv4=ipv4,
21 ipv6=ipv6,
22@@ -135,6 +136,37 @@ class TestGetDNSServerAddress(MAASServerTestCase):
23 self.assertIsNone(get_dns_server_address(rack_controller))
24
25
26+class TestGetDNSServerAddresses(MAASServerTestCase):
27+ def test_no_rack_all_subnets(self):
28+ subnet1 = factory.make_Subnet(cidr="10.10.0.0/24", allow_dns=False)
29+ subnet2 = factory.make_Subnet(cidr="10.20.0.0/24", allow_dns=True)
30+ ip1 = factory.make_StaticIPAddress(subnet=subnet1)
31+ ip2 = factory.make_StaticIPAddress(subnet=subnet2)
32+ ips = {IPAddress(ip1.ip), IPAddress(ip2.ip)}
33+ resolver = self.patch(server_address, "resolve_hostname")
34+ resolver.return_value = ips
35+ rack_controller = factory.make_RackController()
36+ self.assertCountEqual(
37+ get_dns_server_addresses(
38+ rack_controller=rack_controller, filter_allowed_dns=False
39+ ),
40+ ips,
41+ )
42+
43+ def test_with_rack_only_allow_dns(self):
44+ subnet1 = factory.make_Subnet(cidr="10.10.0.0/24", allow_dns=False)
45+ subnet2 = factory.make_Subnet(cidr="10.20.0.0/24", allow_dns=True)
46+ ip1 = factory.make_StaticIPAddress(subnet=subnet1)
47+ ip2 = factory.make_StaticIPAddress(subnet=subnet2)
48+ resolver = self.patch(server_address, "resolve_hostname")
49+ resolver.return_value = {IPAddress(ip1.ip), IPAddress(ip2.ip)}
50+ rack_controller = factory.make_RackController()
51+ self.assertCountEqual(
52+ get_dns_server_addresses(rack_controller=rack_controller),
53+ [IPAddress(ip2.ip)],
54+ )
55+
56+
57 class TestGetDNSSearchPaths(MAASServerTestCase):
58 def test__returns_all_authoritative_domains(self):
59 domain_names = get_dns_search_paths()
60@@ -541,6 +573,24 @@ class TestZoneGenerator(MAASServerTestCase):
61 )
62 self.assertEqual({}, zones[2]._mapping)
63
64+ def test_forward_zone_includes_subnets_with_allow_dns_false(self):
65+ default_ttl = random.randint(10, 300)
66+ Config.objects.set_config("default_dns_ttl", default_ttl)
67+ default_domain = Domain.objects.get_default_domain()
68+ subnet = factory.make_Subnet(cidr="10.10.0.0/24", allow_dns=False)
69+ ip = factory.make_StaticIPAddress(subnet=subnet)
70+ resolver = self.patch(server_address, "resolve_hostname")
71+ resolver.return_value = {IPAddress(ip.ip)}
72+ zones = ZoneGenerator(
73+ [default_domain], subnet, serial=random.randint(0, 65535)
74+ )
75+ [forward_zone] = [
76+ zone for zone in zones if isinstance(zone, DNSForwardZoneConfig)
77+ ]
78+ self.assertEqual(
79+ forward_zone._other_mapping["@"].rrset, {(default_ttl, "A", ip.ip)}
80+ )
81+
82 def rfc2317_network(self, network):
83 """Returns the network that rfc2317 glue goes in, if any."""
84 net = network
85diff --git a/src/maasserver/dns/zonegenerator.py b/src/maasserver/dns/zonegenerator.py
86index 140871d..cda8222 100644
87--- a/src/maasserver/dns/zonegenerator.py
88+++ b/src/maasserver/dns/zonegenerator.py
89@@ -120,6 +120,7 @@ def get_dns_server_addresses(
90 ipv6=True,
91 include_alternates=False,
92 default_region_ip=None,
93+ filter_allowed_dns=True,
94 ):
95 """Return the DNS server's IP addresses.
96
97@@ -136,13 +137,15 @@ def get_dns_server_addresses(
98 :param include_alternates: Include IP addresses from other regions?
99 :param default_region_ip: The default source IP address to be used, if a
100 specific URL is not defined.
101+ :param filter_allowed_dns: If true, only include addresses for subnets
102+ with allow_dns=True.
103 :return: List of IPAddress to use. Loopback addresses are removed from the
104 list, unless there are no non-loopback addresses.
105
106 """
107 try:
108- iplist = get_maas_facing_server_addresses(
109- rack_controller,
110+ ips = get_maas_facing_server_addresses(
111+ rack_controller=rack_controller,
112 ipv4=ipv4,
113 ipv6=ipv6,
114 include_alternates=include_alternates,
115@@ -157,22 +160,21 @@ def get_dns_server_addresses(
116 "local_config_set --maas-url' command." % e.strerror
117 )
118
119- # LP:1847537 - Filter out MAAS DNS servers running on subnets which do not
120- # allow DNS to be provided from MAAS.
121- filtered_list = [
122- ip
123- for ip in iplist
124- if getattr(
125- Subnet.objects.get_best_subnet_for_ip(ip), "allow_dns", True
126- )
127- ]
128- non_loop = [ip for ip in filtered_list if not ip.is_loopback()]
129- if len(non_loop) > 0:
130+ if filter_allowed_dns:
131+ ips = [
132+ ip
133+ for ip in ips
134+ if getattr(
135+ Subnet.objects.get_best_subnet_for_ip(ip), "allow_dns", True
136+ )
137+ ]
138+ non_loop = [ip for ip in ips if not ip.is_loopback()]
139+ if non_loop:
140 return non_loop
141 else:
142- for ip in filtered_list:
143+ for ip in ips:
144 warn_loopback(ip)
145- return filtered_list
146+ return ips
147
148
149 def get_dns_search_paths():
150@@ -237,7 +239,7 @@ class ZoneGenerator:
151 internal_domains,
152 ):
153 """Generator of forward zones, collated by domain name."""
154- dns_ip_list = get_dns_server_addresses()
155+ dns_ip_list = get_dns_server_addresses(filter_allowed_dns=False)
156 domains = set(domains)
157
158 # For each of the domains that we are generating, create the zone from:

Subscribers

People subscribed via source and target branches