New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
designate: start/run mdns service and install rndc/pools files #2042
Conversation
In the current usage that would be the worker role, not the api role. Why do you put it on api? |
what do you mean by current usage ? IIUC the worker/central talk to mdns over rabbit based rpc and the (m)dns server listens on 0.0.0.0 so I assumed we could put it anywhere. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
missing template?
@dirkmueller I am not rendering a template, rather just dumping |
"targets" => [{ | ||
"type" => "bind9", | ||
"description" => "BIND9 Server 1", | ||
"masters" => [{ "host" => mdnsaddr, "port" => 5354 }], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how's that supposed to work? this is the address of node's admin interfce, but you're starting mdns in the api chef role (which would be on another node). Unless I'm missing something the ip address should be referring to the api VIP or the mdns should be started here..
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thats correct switched to data from network_settings
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
but you're using the port as host... thats not gonna work ?
951f36d
to
e2e52a5
Compare
dnsserv = node_search_with_cache("roles:dns-server").first | ||
dnsmaster = dnsserv[:dns][:master_ip] | ||
dnsslaves = dnsserv[:dns][:slave_ips] | ||
mdnsaddr = if node[:designate][:ha][:enabled] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you're setting this to a port number but call it "addr". thats confusing.
@sjamgade sure it can run anywhere, but it should only run once imho. and hence it should be imho on the backend (because its the hidden DNS master that the actual dns-server should sync against). but I'm not debating about that too much - please note that the pools.yaml is created as part of a different role so I think it would make most sense to have mdns run on the same node where that pools.yaml is? |
"rndc_key_file" => "/etc/designate/rndc.key" | ||
} | ||
}] | ||
}] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
where is the designate-manage code that loads this pools.yaml?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I dont intend to do that as the customer might want to have some custom config,
the automation repo already does that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, interesting, I would not have done it that way. I think you can run it again after initial deployment, right? so we should run it ocne and the customer wanting to modify can still recreate the pool (as long as it isn't used)
e2e52a5
to
3d7e94a
Compare
@dirkmueller I have moved the code to a separate recipe for mdns and added it to the role_designate_api. so that should put mdns and the file on the same node. Also the host address should be fixed now |
pools = [{ | ||
"name" => "default-bind", | ||
"description" => "Default BIND9 Pool", | ||
"id" => "794ccc2c-d751-44fe-b57f-8894c9f5c842", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hardcoded id?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One could have multiple pools in desginate. And
Desginate needs to have a default pool, this pools
id is hardcoded in the designate conf. By reusing that
id we let designate know about crowbar's deployement of
dns servers looks like.
This pool id can be generated by in proposal, but this will change
with every delete/create cycle of proposal. This might mess
up the designate configuration.
if we intend to call designate-manage pool update --file
with the changed config
mode "0640" | ||
content pools.to_yaml | ||
end | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
call designate-manage here when the file is created for the first time?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should we update the pool if the file gets is modified because the dns proposal changed ?
3d7e94a
to
09f0e8e
Compare
a new recipe for mdns service, it still runs on the same node as api. Designate uses this internal dns server to perform zone sync between master. Without this service, desingate will not be able to perform zone xfers (AXFR), neither primary or secondary. rndc key is shared between the dns master node and mdns hosting node. mdns needs this key to make authoritative zone creation on dns master pools.crowbar.yaml file is more like a sample already created for customers to change as per their requirement. So the pools.crowbar.yaml file is created on the same node as mdns The correct ip address in the masters dict of pools file is address of mdns service where axfr will be requested, using cluster ip in case of HA
09f0e8e
to
1374be4
Compare
@dirkmueller I have updated the PR based on our discussion |
"also_notifies" => dnsslaves[1, dnsslaves.length].map { |ip| { "host" => ip, "port" => 53 } }, | ||
"targets" => [{ | ||
"type" => "bind9", | ||
"description" => "BIND9 Server 1", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This could be maybe a better description but I don't have a good suggestion.
designate uses this internal dns server to perform zone sync between
master.
Without this mdns, desingate will not be able to perform zone xfers
(AXFR), neither primary or secondary.