[2.4a1, b1] DHCP does not offer all DNS servers

Bug #1753493 reported by Mark Shuttleworth on 2018-03-05
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MAAS
Critical
Mike Pontillo
2.3
Critical
Mike Pontillo

Bug Description

I have two MAAS region API servers, 192.168.9.10 and 192.168.9.7, both have maas-dns installed. The file /var/lib/maas/dhcpd.conf has this:

           option domain-name-servers 192.168.9.10, 192.168.9.10;
           option domain-name "maas";
           option domain-search "maas", "mallards";

I would expect one of the name-servers to be 192.168.9.7 rather than the duplication of 192.168.9.10.

Related branches

Uhm, this seems like a regression in determining all the endpoints. We'll investigate but definitely seems like a issue we need to fix asap.

Changed in maas:
milestone: none → 2.4.0beta1
importance: Undecided → High
status: New → Triaged
summary: - DHCP does not offer all DNS servers
+ [2.4] DHCP does not offer all DNS servers
summary: - [2.4] DHCP does not offer all DNS servers
+ [2.4a1] DHCP does not offer all DNS servers
summary: - [2.4a1] DHCP does not offer all DNS servers
+ [2.4a1, b1] DHCP does not offer all DNS servers
Changed in maas:
milestone: 2.4.0beta1 → 2.4.0beta2
Changed in maas:
assignee: nobody → Mike Pontillo (mpontillo)
Andres Rodriguez (andreserl) wrote :

I can confirm this issue in 2.3. I have tested with 2 region/racks, and the output in 2.3 is:

           option domain-name-servers 10.90.90.1, 10.90.90.3;

The output in 2.4 is:

           option domain-name-servers 10.90.90.1, 10.90.90.1;

In my case 10.90.90.1 is the primary region/rack. It seems it is correctly adding a secondary entry for the secondary region/rack controller, but it is not considering the IP facing the machines as secondary.

In my environment, I'm forcing secondary rackd.conf to also point to 10.90.90.1 (e.g. as if it was a VIP), and in 2.3 is handled it correctly and 2.4 is not. So if I were to have a VIP of 10.90.90.100 this should be:

           option domain-name-servers 10.90.90.100, 10.90.90.1, 10.90.90.3;

Andres Rodriguez (andreserl) wrote :

I've upgraded to 2.3.1/2 and I can confirm that this behavior has regressed:

option domain-name-servers 10.90.90.1, 10.90.90.1;

Changed in maas:
importance: High → Critical

I think VIPs should be expressly modelled in MAAS, but that's a feature
for the future. For now, I would expect the DNS servers to be called out
expressly at their native (non-VIP) IPs.

Mark

Mike Pontillo (mpontillo) wrote :

Similarly, I can confirm that when I have MAAS 2.3.0 installed in HA mode and I point both rackd.conf files to the same region IP address, this behavior does not occur. But when I upgrade to 2.3.2 I see the issue.

I think a complete solution would require MAAS to model virtual IPs. For example, if a web proxy is being used to provide HA, it wouldn't work with DNS, and both region IP addresses should be provided. But if a floating IP was being used, it might be preferable for all the nodes to simply point at the VIP.

Changed in maas:
status: Triaged → In Progress
Mike Pontillo (mpontillo) wrote :

To clarify, we'll fix this bug without modeling VIPs. Apologies if my previous comment wasn't clear. I agree with the "for the future" sentiment in comment #4. (Though I posted my comment without first seeing that reply, heh.)

Changed in maas:
status: In Progress → Fix Committed
Mark Shuttleworth (sabdfl) wrote :

I would not use VIPs for protocols which naturally handle having
multiple servers.

It is normal to have multiple DNS server addresses available to clients.
It is normal to have multiple NTP server addresses available to clients.

The clients in these protocols know how to use multiple servers.

For these, we do not use VIPs.

More than that, a VIP can fail to move. Using a VIP means trusting yet
another component to work. That's a bad idea when it's not necessary.

For now, please simply:

 * establish the native (non-VIP) addresses for the rack servers
 * use those addresses for NTP and DNS please

Mark

Changed in maas:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers