designate: start/run mdns service and install rndc/pools files #2042
Conversation
|
In the current usage that would be the worker role, not the api role. Why do you put it on api? |
|
what do you mean by current usage ? IIUC the worker/central talk to mdns over rabbit based rpc and the (m)dns server listens on 0.0.0.0 so I assumed we could put it anywhere. |
![hound[bot]](https://avatars.githubusercontent.com/in/3598?s=60&v=4){kind=small}
sjamgade
changed the title
|
@dirkmueller I am not rendering a template, rather just dumping |
| "targets" => [{ | ||
| "type" => "bind9", | ||
| "description" => "BIND9 Server 1", | ||
| "masters" => [{ "host" => mdnsaddr, "port" => 5354 }], |
There was a problem hiding this comment.
how's that supposed to work? this is the address of node's admin interfce, but you're starting mdns in the api chef role (which would be on another node). Unless I'm missing something the ip address should be referring to the api VIP or the mdns should be started here..
There was a problem hiding this comment.
thats correct switched to data from network_settings
There was a problem hiding this comment.
but you're using the port as host... thats not gonna work ?
sjamgade
force-pushed
the
rockydesignate
branch
from
951f36d
to
e2e52a5
Compare
| dnsserv = node_search_with_cache("roles:dns-server").first | ||
| dnsmaster = dnsserv[:dns][:master_ip] | ||
| dnsslaves = dnsserv[:dns][:slave_ips] | ||
| mdnsaddr = if node[:designate][:ha][:enabled] |
There was a problem hiding this comment.
you're setting this to a port number but call it "addr". thats confusing.
|
@sjamgade sure it can run anywhere, but it should only run once imho. and hence it should be imho on the backend (because its the hidden DNS master that the actual dns-server should sync against). but I'm not debating about that too much - please note that the pools.yaml is created as part of a different role so I think it would make most sense to have mdns run on the same node where that pools.yaml is? |
| "rndc_key_file" => "/etc/designate/rndc.key" | ||
| } | ||
| }] | ||
| }] |
There was a problem hiding this comment.
where is the designate-manage code that loads this pools.yaml?
There was a problem hiding this comment.
I dont intend to do that as the customer might want to have some custom config,
the automation repo already does that
There was a problem hiding this comment.
Hmm, interesting, I would not have done it that way. I think you can run it again after initial deployment, right? so we should run it ocne and the customer wanting to modify can still recreate the pool (as long as it isn't used)
sjamgade
force-pushed
the
rockydesignate
branch
from
e2e52a5
to
3d7e94a
Compare
|
@dirkmueller I have moved the code to a separate recipe for mdns and added it to the role_designate_api. so that should put mdns and the file on the same node. Also the host address should be fixed now |
| pools = [{ | ||
| "name" => "default-bind", | ||
| "description" => "Default BIND9 Pool", | ||
| "id" => "794ccc2c-d751-44fe-b57f-8894c9f5c842", |
There was a problem hiding this comment.
One could have multiple pools in desginate. And
Desginate needs to have a default pool, this pools
id is hardcoded in the designate conf. By reusing that
id we let designate know about crowbar's deployement of
dns servers looks like.
This pool id can be generated by in proposal, but this will change
with every delete/create cycle of proposal. This might mess
up the designate configuration.
if we intend to call designate-manage pool update --file with the changed config
| mode "0640" | ||
| content pools.to_yaml | ||
| end | ||
|
|
There was a problem hiding this comment.
call designate-manage here when the file is created for the first time?
There was a problem hiding this comment.
should we update the pool if the file gets is modified because the dns proposal changed ?
sjamgade
force-pushed
the
rockydesignate
branch
from
3d7e94a
to
09f0e8e
Compare
a new recipe for mdns service, it still runs on the same node as api. Designate uses this internal dns server to perform zone sync between master. Without this service, desingate will not be able to perform zone xfers (AXFR), neither primary or secondary. rndc key is shared between the dns master node and mdns hosting node. mdns needs this key to make authoritative zone creation on dns master pools.crowbar.yaml file is more like a sample already created for customers to change as per their requirement. So the pools.crowbar.yaml file is created on the same node as mdns The correct ip address in the masters dict of pools file is address of mdns service where axfr will be requested, using cluster ip in case of HA
sjamgade
force-pushed
the
rockydesignate
branch
from
09f0e8e
to
1374be4
Compare
|
@dirkmueller I have updated the PR based on our discussion |
| "also_notifies" => dnsslaves[1, dnsslaves.length].map { |ip| { "host" => ip, "port" => 53 } }, | ||
| "targets" => [{ | ||
| "type" => "bind9", | ||
| "description" => "BIND9 Server 1", |
There was a problem hiding this comment.
This could be maybe a better description but I don't have a good suggestion.
designate uses this internal dns server to perform zone sync between
master.
Without this mdns, desingate will not be able to perform zone xfers
(AXFR), neither primary or secondary.