MAAS

  1. Bug #2044403
  2. Comment #0

Comment 0 for bug 2044403

Revision history for this message
Nobuto Murata (nobuto) wrote :

maas - 1:3.4.0-14318-g.3234f5e2a-0ubuntu1~22.04.1

I think this is a regression since the test case in the following bug described the expected status.
https://bugs.launchpad.net/maas/+bug/1847537

There is a flaky DNS resolution issue observed and it boiled down to unexpected curtin/netplan config generated by MAAS.

Let's say a machine has two (or more) interfaces and one is connected to the main MAAS PXE network and the other is connected to an isolated network (no reachability to MAAS). DNS traffic should be sent from the first interface to MAAS DNS.

However, generated curtin/netplan adds MAAS DNS to the NIC with the isolated network and the DNS traffic goes no where since the isolated network do not have connectivity to MAAS nor any gateway.

[deployed node]

$ ip -br a
lo UNKNOWN 127.0.0.1/8 ::1/128
ens4 UP 192.168.151.116/24 fe80::5054:ff:fe78:ba0d/64
ens8 UP fe80::5054:ff:febf:8f7/64
ens9 UP 192.168.152.101/24 fe80::5054:ff:fea9:2e4/64

$ resolvectl
Global
       Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (ens4)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.151.1
       DNS Servers: 192.168.151.1
        DNS Domain: maas

Link 3 (ens8)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 4 (ens9)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.151.1
       DNS Servers: 192.168.151.1
        DNS Domain: maas

^^^ MAAS DNS (192.168.151.1) should be only added to the main NIC en4.

[isolated subnet definition]

maas admin spaces create name=space-isolated
maas admin vlans create "$fabric_id" vid=152 space=space-isolated
maas admin subnets create cidr='192.168.152.0/24' \
    fabric="$fabric_id" vid=152 \
    allow_dns=false
maas admin ipranges create type=reserved \
    start_ip=192.168.152.1 end_ip=192.168.152.100
maas admin ipranges create type=dynamic \
    start_ip=192.168.152.201 end_ip=192.168.152.254

[associating the isolated subnet to a second or third NIC]
vlan_id=$(maas admin vlan read "$fabric_id" 152 | jq -r '.id')
subnet_id=$(maas admin subnets read | jq -r '.[] | select(.cidr=="192.168.152.0/24").id')
for system_id in $(maas admin machines read | jq -r '.[].system_id'); do
    maas admin interface update "$system_id" ens9 vlan="$vlan_id"
    maas admin interface link-subnet "$system_id" ens9 mode='AUTO' subnet="$subnet_id"
done