neutron

DHCP agent doesn't do anything with a network's dns_domain attribute

Bug #1774710 reported by Assaf Muller
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Medium
Assaf Muller
neutron (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

0) Set up Neutron with ML2/OVS or LB, or anything that uses the DHCP agent
1) Create a network with dns_domain
2) Boot a VM on it

Notice the VM doesn't have the DNS domain in it's /etc/resolv.conf

In short, per-network DNS domains are not respected by the DHCP agent. The dns_domain attribute is persisted in the Neutron DB and passed on to the DHCP agent via RPC, but the agent doesn't do anything with it.

Versions:
Master and all previous versions.

WIP fix is in https://review.openstack.org/#/c/571546.

See original description
Assaf Muller (amuller)
description: updated
Revision history for this message
Assaf Muller (amuller) wrote :

openstackclient support is being added in https://review.openstack.org/#/c/516701/.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/571546
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=137a6d61053fb1cfb9a0a583b5a5c0f6253c75e6
Submitter: Zuul
Branch: master

commit 137a6d61053fb1cfb9a0a583b5a5c0f6253c75e6
Author: Assaf Muller <email address hidden>
Date: Thu May 31 14:24:00 2018 -0400

    Pass network's dns_domain to dnsmasq conf

    The Neutron API exposes the 'dns_domain' attribute on the
    Network model. Presently, deployments using the DHCP
    agent ignore this attribute when resolving DNS queries
    between instances. This patch changes that so that
    the DHCP agent will pass on the dns_domain to the
    network's dnsmasq process, in turn passing it to
    instances.

    UpgradeImpact
    Closes-Bug: 1774710
    Change-Id: I6120d504959631f084d63458f6e9dada0dc5cbdf

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 13.0.0.0b3

This issue was fixed in the openstack/neutron 13.0.0.0b3 development milestone.

Revision history for this message
Arjun Baindur (abaindur) wrote :

Any chance this will be backported into pike and queens?

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/612712

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/615556

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/queens)

Reviewed: https://review.openstack.org/615556
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=28b90f6c14659500694f321eedbf313d83a2ae9c
Submitter: Zuul
Branch: stable/queens

commit 28b90f6c14659500694f321eedbf313d83a2ae9c
Author: Assaf Muller <email address hidden>
Date: Thu May 31 14:24:00 2018 -0400

    Pass network's dns_domain to dnsmasq conf

    The Neutron API exposes the 'dns_domain' attribute on the
    Network model. Presently, deployments using the DHCP
    agent ignore this attribute when resolving DNS queries
    between instances. This patch changes that so that
    the DHCP agent will pass on the dns_domain to the
    network's dnsmasq process, in turn passing it to
    instances.

    UpgradeImpact
    Closes-Bug: 1774710
    Change-Id: I6120d504959631f084d63458f6e9dada0dc5cbdf
    (cherry picked from commit 137a6d61053fb1cfb9a0a583b5a5c0f6253c75e6)

tags: added: in-stable-queens
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron (stable/queens)

Change abandoned by Bernard Cafarelli (<email address hidden>) on branch: stable/queens
Review: https://review.openstack.org/612712
Reason: Change merged with https://review.openstack.org/#/c/615556/

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.openstack.org/634933

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/634704
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=7fdd6adc7acf99e74fbe1c12606f8c867ae134ae
Submitter: Zuul
Branch: master

commit 7fdd6adc7acf99e74fbe1c12606f8c867ae134ae
Author: Jakob Englisch <email address hidden>
Date: Mon Feb 4 15:45:58 2019 +0100

    DHCP: fix default dns search name

    If no override for dns_domain has been added by the user on the
    tentant network, the default dns_domain should be used. Prior to
    this fix, dns_domain got set to '' instead.

    Closes-bug: #1774710
    Change-Id: If206b943703eb638f7b22e59791ed8876f46f556

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron (stable/rocky)

Change abandoned by Jakob Englisch (<email address hidden>) on branch: stable/rocky
Review: https://review.openstack.org/634933

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/rocky)

Reviewed: https://review.openstack.org/634933
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=b7796f6c91b74440780056712060da5da69e583f
Submitter: Zuul
Branch: stable/rocky

commit b7796f6c91b74440780056712060da5da69e583f
Author: Jakob Englisch <email address hidden>
Date: Mon Feb 4 15:45:58 2019 +0100

    DHCP: fix default dns search name

    If no override for dns_domain has been added by the user on the
    tentant network, the default dns_domain should be used. Prior to
    this fix, dns_domain got set to '' instead.

    Closes-bug: #1774710
    Change-Id: If206b943703eb638f7b22e59791ed8876f46f556
    (cherry picked from commit 7fdd6adc7acf99e74fbe1c12606f8c867ae134ae)

tags: added: in-stable-rocky
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 14.0.0.0b2

This issue was fixed in the openstack/neutron 14.0.0.0b2 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 13.0.3

This issue was fixed in the openstack/neutron 13.0.3 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 12.0.6

This issue was fixed in the openstack/neutron 12.0.6 release.

James Page (james-page)
Changed in neutron (Ubuntu):
status: New → Fix Released
Revision history for this message
James Page (james-page) wrote :

Related to bug 1580588 - there seems to have been some discussion in the past about the dns_domain attribute of a network being used for external DNS integration only.

The changes that form part of the fix for this bug make that boundary less clear and its possible to end up with inconsistency between the records being written to the dnsmasq hosts file (based on the CONF.dns_domain which is used by neutron to generate the dns_assignment properties for a port) and the value passed for "--domain" to dnsmasq which will prefer the dns_domain of the network if set over CONF.dns_domain.

This results in forward/reverse lookup inconsistency against the dnsmasq for the network:

  root@bionic-045546-2:~# host 192.168.21.222
  222.21.168.192.in-addr.arpa domain name pointer bionic-045546-2.jamespage.internal.
  root@bionic-045546-2:~# host bionic-045546-2
  bionic-045546-2.designate.local has address 192.168.21.222

In this deployment network.dns_domain == designate.local. and CONF.dns_domain == jamespage.internal.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.