tripleo

tripleo job are overwriting nameserver with 8.8.8.8

Bug #1711262 reported by Paul Belanger on 2017-08-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	Critical	Sagi (Sergey) Shnaidman	tripleo pike-rc1

Bug Description

tripleo jobs should not be using google DNS servers directly, this results in rate limiting by google.com and eventually results in:

http://mirror.ca-ymq-1.vexxhost.openstack.org:8080/buildlogs.centos/centos/7/cloud/x86_64/openstack-pike/common/python2-fasteners-0.14.1-6.el7.noarch.rpm: [Errno 14] curl#6 - "Could not resolve host: mirror.ca-ymq-1.vexxhost.openstack.org; Unknown error"

http://logs.openstack.org/83/493383/2/gate/gate-tripleo-ci-centos-7-scenario002-multinode-oooq-puppet/2777163/logs/undercloud/home/jenkins/failed_deployment_list.log.txt.gz

You can see jobs have been setup and forced to use 8.8.8.8:
http://logs.openstack.org/37/493937/3/gate/gate-tripleo-ci-centos-7-scenario002-multinode-oooq/4e30192/logs/undercloud/etc/resolv.conf.txt.gz

overwriting the original:
http://logs.openstack.org/37/493937/3/gate/gate-tripleo-ci-centos-7-scenario002-multinode-oooq/4e30192/logs/undercloud/etc/resolv.conf.save.gz

I believe this is because undercloud_nameservers = 8.8.8.8 in:

http://logs.openstack.org/37/493937/3/gate/gate-tripleo-ci-centos-7-scenario002-multinode-oooq/4e30192/logs/undercloud/home/jenkins/undercloud.conf.txt.gz

Tags:

Emilien Macchi (emilienm) on 2017-08-17

Changed in tripleo:
importance:	Undecided → High
status:	New → Triaged
assignee:	nobody → Emilien Macchi (emilienm)
milestone:	none → pike-rc1

wes hayutin (weshayutin) on 2017-08-17

Changed in tripleo:
assignee:	Emilien Macchi (emilienm) → nobody
assignee:	nobody → Sagi (Sergey) Shnaidman (sshnaidm)
importance:	High → Critical
tags:	added: alert ci quickstart

Revision history for this message

Sagi (Sergey) Shnaidman (sshnaidm) wrote on 2017-08-17:

@Paul, yes, it always was the case - to use 8.8.8.8 as DNS. So what do you suggest to use instead of it?

Revision history for this message

wes hayutin (weshayutin) wrote on 2017-08-17:

<pabelanger> undercloud_nameservers = 8.8.8.8
<pabelanger> that is wrong
<pabelanger> we need to stop defaulting to google DNS
* itlinux (~textual@2602:30a:c0aa:3fb0:99d6:ce31:d40a:e76d) has joined
<pabelanger> and use unbound service with is 127.0.0.1

Revision history for this message

Paul Belanger (pabelanger) wrote on 2017-08-17:

This hasn't always been this, for some reason it keeps getting changed back to google DNS which results in rate limiting and DNS failures.

For now, you shouldn't need to manage DNS on nodes from nodepool, we spend a lot of effort making sure they are using our local unbound service which is configured as forward zones.

I would suggest either removing your logic to stop managing DNS or also set it to 127.0.0.1.

This also applies to any nodes you are launching in the overcloud, all DNS requests should be hitting unbound first, not google.

Happy to talk more about this in IRC.

Revision history for this message

Sagi (Sergey) Shnaidman (sshnaidm) wrote on 2017-08-17:

https://review.openstack.org/#/c/494545/

Sagi (Sergey) Shnaidman (sshnaidm) on 2017-08-18

Changed in tripleo:
status:	Triaged → Fix Released
tags:	removed: alert

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.