designate-bind charm does not expose stats for monitoring

Bug #1752611 reported by Jakub Rohovsky on 2018-03-01
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Designate-Bind Charm
Medium
Jakub Rohovsky

Bug Description

a) bind9 should listen on localhost for rndc commands so that monitoring agents can pool for status

Proposed fix:

$ diff -u a/designate-bind/templates/named.conf b/designate-bind/templates/named.conf
--- a/designate-bind/templates/named.conf 2017-12-14 11:21:00.242226796 +0000
+++ b/designate-bind/templates/named.conf 2017-12-14 11:19:43.782890922 +0000
@@ -11,5 +11,6 @@
 include "/etc/bind/named.conf.default-zones";

 controls {
+ inet 127.0.0.1 allow {localhost;};
   inet {{ dns_backend.control_listen_ip }} allow { {{ dns_backend.control_ips }}; };
 };

b) bind9 should post statistical data

Proposed fix:

$ diff -u a/designate-bind/templates/named.conf.options b/designate-bind/templates/named.conf.options
--- a/designate-bind/templates/named.conf.options 2017-12-14 11:21:00.242226796 +0000
+++ b/designate-bind/templates/named.conf.options 2017-12-11 12:26:31.676685860 +0000
@@ -26,5 +26,7 @@
         allow-new-zones yes;
         request-ixfr no;
         recursion no;
+ statistics-file "/var/cache/bind/named.stats";
+ zone-statistics yes;
         allow-notify { {{ dns_backend.control_ips }}; };
 };

Jakub Rohovsky (jakub.rohovsky) wrote :

However, /var/cache/bind/ might not be a "proper" place for statistics file.

(In my honest opinion it really doesn't make any difference, but anyway.)

Problem is that bind package in upstream repo doesn't have a good location for this file in AppArmor profile:

$ grep "w," bind9_9.10.3.dfsg.P4-12.3+deb9u3_amd64_deb/etc/apparmor.d/usr.sbin.named
  /var/lib/bind/** rw,
  /var/lib/bind/ rw,
  /var/cache/bind/** lrw,
  /var/cache/bind/ rw,
  /var/lib/dnscvsutil/compiled/** rw,
  /{,var/}run/named/named.pid w,
  /{,var/}run/named/session.key w,
  /var/log/named/** rw,
  /var/log/named/ rw,
  /{,var/}run/slapd-*.socket rw,
  /var/tmp/DNS_* rw,

So, we can either put it in /var/cache/bind/ or /var/log/named/ and live with that, or add a more better location to the upstream.

To complicate it more - as I went through Launchpad this needs to be fixed in Debian Stable first (according to many comments of previous bug reports) and then wait for it to be merged to Ubuntu.

I can do that, but the difficult question is where the file should be located.

Kindly please let me know what you think.

Tytus Kurek (tkurek) on 2018-03-02
tags: added: 4010 cpe-onsite
Tytus Kurek (tkurek) on 2018-03-02
Changed in charm-designate-bind:
status: New → Confirmed
Jakub Rohovsky (jakub.rohovsky) wrote :

Fix proposed to branch: master
https://review.openstack.org/#/c/549205/

Changed in charm-designate-bind:
assignee: nobody → Jakub Rohovsky (jakub.rohovsky)
Changed in charm-designate-bind:
status: Confirmed → In Progress

Reviewed: https://review.openstack.org/549205
Committed: https://git.openstack.org/cgit/openstack/charm-designate-bind/commit/?id=b4d845279de758401570bfcb4a1dc8a45286cece
Submitter: Zuul
Branch: master

commit b4d845279de758401570bfcb4a1dc8a45286cece
Author: Jakub Rohovsky <email address hidden>
Date: Fri Mar 2 13:37:41 2018 +0100

    Add designate-bind monitoring capability

    This patch modifies Bind to listen also on localhost for rndc commands
    so that monitoring agents can poll for status, and configuring Bind
    to post statistical data in named.stats file.

     modified: src/templates/named.conf
     modified: src/templates/named.conf.options

    Closes-Bug: #1752611
    Change-Id: I219d29bfccb4565b8732882ee62aec9b847b3070

Changed in charm-designate-bind:
status: In Progress → Fix Committed
Frode Nordahl (fnordahl) on 2018-05-24
Changed in charm-designate-bind:
milestone: none → 18.05
importance: Undecided → Medium
David Ames (thedac) on 2018-06-11
Changed in charm-designate-bind:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers