| 2021-04-07 17:00:12 |
Stefan Fleischmann |
description |
MAAS version 2.9.2-9164-g.ac176b5c4 from snap channel 2.9/stable, but I think this issue has existed for a long time. We have two subnets configured in MAAS:
172.17.100.0/23 (eth0, default node network)
172.17.102.0/24 (eth1, management network for IPMI etc.)
Both are untagged subnets on fabric-0 and MAAS provides DHCP. Because of that
the MAAS server has two IP addresses, one on each subnet, let's say 172.17.100.3
and 172.17.102.3. When I deploy a node with static IP address (which is only on
the 172.17.100.0/23 subnet) both 172.17.100.3 and 172.17.102.3 end up as nameservers
in /etc/netplan/50-cloud-init.yaml. A node that requests an IP address via DHCP also
gets both nameservers. I recently set up two additional rack controllers with the
same setup (one IP on 17.100 and one on 172.102) and that makes things even worse
because now MAAS gives out six nameserver addresses of which three are not reachable
for machines on the 17.100 subnet. Systemd circumvents the problem but on other setups
where there is an actual limit of 3 nameservers this might lead to DNS being completely
broken.
I would expect that MAAS sets different nameservers on each subnet, i.e. hosts on 17.100
should not get information about nameservers on 17.102 and vice versa. |
MAAS version 2.9.2-9164-g.ac176b5c4 from snap channel 2.9/stable, but I think this issue has existed for a longer time. We have two subnets configured in MAAS:
172.17.100.0/23 (eth0, default node network)
172.17.102.0/24 (eth1, management network for IPMI etc.)
Both are untagged subnets on fabric-0 and MAAS provides DHCP. Because of that the MAAS server has two IP addresses, one on each subnet, let's say 172.17.100.3 and 172.17.102.3. When I deploy a node with static IP address (which is only on the 172.17.100.0/23 subnet) both 172.17.100.3 and 172.17.102.3 end up as nameservers in /etc/netplan/50-cloud-init.yaml.
I recently set up two additional rack controllers with the same setup (one IP on 17.100 and one on 172.102) and that makes things even worse because now there are six nameserver addresses of which three are not reachable
for machines on the 17.100 subnet. Systemd circumvents the problem but on other setups where there is an actual limit of 3 nameservers this might lead to DNS being completely broken.
This is not a problem when DHCP is used. I checked the DHCP response and that only contains the addresses on the 17.100 subnet. |
|
