MAAS

Changing static IP range (web UI leads) to rdnc failure

Bug #1431347 reported by Christian Reis
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MAAS
Won't Fix
High
Mike Pontillo

Bug Description

<rick_h_> anyone have any hints to the failure Command `rndc -c /etc/bind/maas/rndc.conf.maas reload maas` returned non-zero exit status 1
<rick_h_> I moved the static IP range in the webui, saved it, and then got that
<rick_h_> this is a dual homed machine and wondering if it's that it's coming from the wrong ip address?
<rick_h_> and if anyone knows how to make it happy?

...

<kiko> rick_h_, I've seen that before -- this is on 1.7.x?
<rick_h_> kiko: yep, was 1.7.1 and it could not call rndc successfully. Had to add the second IP addr to /etc/bind/maas/rndc.conf in the allow block

Andres Rodriguez (andreserl)
summary: - Changing cluster interface details in web UI leads to rdnc failure
+ Changing static IP range (web UI leads) to rdnc failure
Revision history for this message
Andres Rodriguez (andreserl) wrote :

I think that we should allow the configuration of the static range, but ensure that if that changes, we can only expand or decrease the range in a way that wont affect the already allocated IP address in machines.

Changed in maas:
importance: Undecided → High
status: New → Confirmed
Revision history for this message
Richard Harding (rharding) wrote :

I got that error initially. What happened was I was a moron and my AMT nodes were set for 10.0.0.101->10.0.0.105.

I went to move it to 10.0.0.150 but I had one running machine. So I got an error, and released it. I then went back and changed it and when I hit save I got the error:

Mar 11 16:26:30 maas maas.tasks: [ERROR] rndc_command: Command `rndc -c /etc/bind/maas/rndc.conf.maas reload` returned non-zero exit status 1:#012rndc: connection to remote host closed#012This may indicate that#012* the remote server is using an older version of the command protocol,#012* this host is not authorized to connect,#012* the clocks are not synchronized, or#012* the key is invalid.

What we chased it down to is that the maas machine is dual homed to a public IP on one network and to a closed switch that runs the 10.0.0.0 network that all the nucs are attached to.

We had to adjust the bind config to allow the rndc reload command to succeed by adding the external (other interface) to the allow bock in the controls section.

Fix: Add the IP of the outside network nic (162.xxx)

/etc/bind/maas/named.conf.rndc.maas

key "rndc-maas-key" {
 algorithm hmac-md5;
 secret "QApfvZQyM2vkuoKtTeNEstLKvuXALMf1ThzgiJb+1VI=";
};

controls {
 inet 127.0.0.1 port 954
  allow { 127.0.0.1; 162.xxx.xxx.xxx; } keys { "rndc-maas-key"; };
};

controls {
 Â inet 127.0.0.1 port 953 allow { localhost; };
};

I'm not sure if there's a better way of specifying the interface to use to connect and operate the rndc command or not. This was the best fix we could find.

So for multi networked machines it seems that running into "this host is not authorized to connect" is a potential issue to be aware of as it's a bit hard to debug what's going on.

Revision history for this message
Richard Harding (rharding) wrote :

Oh and this is using 1.7.1+bzr3341-0ubuntu1~trusty1

Revision history for this message
Andres Rodriguez (andreserl) wrote :

s/configuration/reconfiguration.

Gavin Panella (allenap)
Changed in maas:
status: Confirmed → Triaged
Andres Rodriguez (andreserl)
Changed in maas:
milestone: none → 2.5.0beta2
assignee: nobody → Mike Pontillo (mpontillo)
Revision history for this message
Mike Pontillo (mpontillo) wrote :

There's no way to reproduce this issue any more; there is no more static range, and the way that DHCP ranges are configured has drastically changed.

Changed in maas:
status: Triaged → Won't Fix
Andres Rodriguez (andreserl)
Changed in maas:
milestone: 2.5.0beta2 → none
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.