OpenStack Designate Charm

rndc addzone commands populated with internal IPs for masters

Bug #1843841 reported by John George
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Designate Charm
Triaged
High
Unassigned

Bug Description

With designate dns-slaves charm config set to an upstream bind server, rndc addzone commands are sent populated with internal IPs for masters. We want the masters IPs to be the public address, so the upstream slave can successfully connect back.

The designate charm was deployed with it's dns-backend binding set to 'oam-space', which maps to a routable subnet.

Here's an example from the upstream bind server log:
received control channel command 'addzone openstack.customername.lan { type slave; masters { 192.168.33.186 port 5354; 192.168.33.196 port 5354; 192.168.33.185 port 5354;}; file "slave.openstack.customername.lan.a61ec558-f4c7-4590-8d23-01e136a12629"; };'

Here are the related details from juju and the bundle:

juju spaces
--------
$ juju spaces
Space Subnets
ceph-access-space 192.168.36.64/26
ceph-replica-space 192.168.35.64/26
external-space 10.244.32.0/21
internal-space 192.168.33.128/25
oam-space 10.246.64.0/21
ps45routers 91.189.92.0/24
undefined 10.199.196.0/24
                    10.245.208.0/20

bundle.yaml
--------
  oam-space: &oam-space oam-space
  admin-space: &admin-space oam-space
  public-space: &public-space oam-space
  internal-space: &internal-space internal-space

  designate:
    charm: cs:~openstack-charmers-next/designate
    num_units: 3
    bindings:
      "": *oam-space
      public: *public-space
      admin: *admin-space
      internal: *internal-space
      shared-db: *internal-space
      dns-backend: *public-space
      coordinator-memcached: *internal-space
    options:
      openstack-origin: *openstack-origin
      region: *openstack-region
      vip: *designate-vip
      use-internal-endpoints: True
      nameservers: *designate-nameservers
      also-notifies: '10.245.208.59:53'
      dns-slaves: '10.245.208.59:953:some_key'
    to:
    - lxd:1003
    - lxd:1005
    - lxd:1006

Revision history for this message
John George (jog) wrote :
Revision history for this message
John George (jog) wrote :
Revision history for this message
David Ames (thedac) wrote :

When using the dns-slaves (external-slaves) it may be required to specify which interface to advertise to the slaves. In John's case, a routable address is required.

We appear to be hardcoding the internal space for the RNDC master [0]
{% for rndc_master_ip in cluster.internal_addresses %}

Test and validate:
Pass the dns-backend space addresses to the context
Test without a dns-backend relation attached.

If that does not work, we may need to create an external binding for this purpose.

[0] https://github.com/openstack/charm-designate/blob/master/src/templates/rocky/pools.yaml#L47

Changed in charm-designate:
status: New → Triaged
importance: Undecided → High
milestone: none → 19.10
David Ames (thedac)
Changed in charm-designate:
milestone: 19.10 → 20.01
James Page (james-page)
Changed in charm-designate:
milestone: 20.01 → 20.05
David Ames (thedac)
Changed in charm-designate:
milestone: 20.05 → 20.08
James Page (james-page)
Changed in charm-designate:
milestone: 20.08 → none
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.