all rack addresses in vlan are included in list of nameservers sent to deployed server

Bug #1896684 reported by Dan Streetman on 2020-09-22
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MAAS
Undecided
Unassigned
2.8
Undecided
Unassigned

Bug Description

maas forces all rack addresses for all subnets in a single vlan to any system deployed into any of those subnets. If the deployed systems are isolated, with no gateway configured, they may end up with broken DNS due to having nameservers configured which are not reachable.

[test case]

configure maas with a single Fabric 'maas', with a single vlan 'untagged'. In that untagged vlan, create 4 separate subnets, 10.1.0.0/24, 10.2.0.0/24, 10.3.0.0/24, and 10.4.0.0/24. Configure all the subnets with 'allow_dns' set to False, and each of them should be configured with 10.X.0.1 as their only dns nameserver, and no gateway. Of course, also configure the corresponding 10.X.0.1 addresses on the maas machine.

Configure a machine in maas to set its interface to use Fabric 'maas' and vlan 'untagged', and subnet 10.1.0.0/24.

Deploy that system, and even though the subnet is configured with "dns_servers": [ "10.1.0.1" ] and "allow_dns": False, the deployed system is configured with 10.1.0.1 as well as 10.2.0.1, 10.3.0.1, and 10.4.0.1.

When deploying a system using systemd-resolved, this is not necessarily a problem, since systemd-resolved has no limit on the number of upstream nameservers it can handle, so the 'correct' (on-subnet) nameserver will be one of the configured ones, and systemd-resolved will use it for DNS.

However, when deploying a system that does not use systemd-resolved (e.g. Centos), when cloud-init manually edits the /etc/resolv.conf file, there is a hardcoded limit of 3 nameservers that can be listed in the file, so if the list of nameservers is larger, the 'correct' nameserver may not be included. In this example, if the deployed system's resolv.conf file is created with only the 10.2.0.1, 10.3.0.1, and 10.4.0.1 nameservers, the system will have no working DNS since it can only reach 10.1.0.0/24 systems.

Tags: sts Edit Tag help

Related branches

Dan Streetman (ddstreet) wrote :

This is related to bug 1881133

affects: maas (Ubuntu) → maas
Dan Streetman (ddstreet) on 2020-09-23
tags: added: sts
Dan Streetman (ddstreet) on 2020-09-23
description: updated
Changed in maas:
milestone: none → next
status: New → Fix Committed
Dan Streetman (ddstreet) wrote :

I opened a MR to backport the patch to 2.8, should be ready for review.

Alberto Donato (ack) on 2020-12-17
Changed in maas:
milestone: next → 2.9.0b6
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers