MAAS

MAAS adds custom named.conf.options entry at install, but doesn't remove it at uninstall, breaks bind9

  1. Series 3.4
  2. Bug #2058077
Bug #2058077 reported by David A. Desrosiers
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MAAS
Triaged
Medium
Christian Grabowski
MAAS 3.6.0
3.4
Triaged
Undecided
Unassigned
3.5
Triaged
Undecided
Unassigned

Bug Description

When installing maas-rack-controller, via `maas-rack-controller.postinst` inserts the line `include "/etc/bind/maas/named.conf.options.inside.maas";` into `/etc/bind/named.conf.options` when an existing bind9 is installed on the host.

This allows bind to provide name resolution to the nodes managed by the MAAS rack controller.

When removing maas, it does not remove that line from the file, which breaks the ability to start or restart bind9.

This has the side effect of also breaking virsh and LXD that may be installed on the same host, using virbr0.

Here's a working example of this issue:

```
$ sudo grep -v ^\/ /etc/bind/named.conf.options
options { directory "/var/cache/bind";
listen-on-v6 { none; };
listen-on { !192.168.120.0/22; };
include "/etc/bind/maas/named.conf.options.inside.maas"; };
```

Can't start or restart bind9

```
$ sudo systemctl restart bind9
Job for named.service failed because the control process exited with error code.
See "systemctl status named.service" and "journalctl -xeu named.service" for details.
```

Create the directory and touch the empty file

```
$ sudo mkdir -p /etc/bind/maas/; sudo touch /etc/bind/maas/named.conf.options.inside.maas;
```

Works!
```
$ sudo systemctl restart bind9; echo $?
0
```

I knocked together a quick proof-of-concept that adds the option `--remove` to `provisioningserver/dns/commands/edit_named_options.py` so it can be called in the same way as the original insertion line:

/usr/lib/maas/maas-common edit-named-options --config-path /etc/bind/named.conf.options

This now looks like:

/usr/lib/maas/maas-common edit-named-options --config-path /etc/bind/named.conf.options --remove

```
# cat /tmp/foo
options { };
```

```
# /usr/lib/maas/maas-common edit-named-options --config-path /tmp/foo

# cat /tmp/foo
//
// This file is managed by MAAS. Although MAAS attempts to preserve changes
// made here, it is possible to create conflicts that MAAS can not resolve.
//
// DNS settings available in MAAS (for example, forwarders and
// dnssec-validation) should be managed only in MAAS.
//
// The previous configuration file was backed up at:
// /tmp/foo.2024-03-15T22:30:51.163241
//
options { include "/tmp/maas/named.conf.options.inside.maas"; };
```

```
# /usr/lib/maas/maas-common edit-named-options --config-path /tmp/foo --remove

# cat /tmp/foo
//
// This file is managed by MAAS. Although MAAS attempts to preserve changes
// made here, it is possible to create conflicts that MAAS can not resolve.
//
// DNS settings available in MAAS (for example, forwarders and
// dnssec-validation) should be managed only in MAAS.
//
// The previous configuration file was backed up at:
// /tmp/foo.2024-03-15T22:31:44.988072
//
options { };
```

The diff of `edit_named_options.py` is attached.

This is only a quick-and-dirty (working) example, it may need rework. It should probably be part of maas-dns, and added to its own postrm script so it cleanly remove the line it added when maas is removed.

Revision history for this message
David A. Desrosiers (setuid) wrote :
Christian Grabowski (cgrabowski)
Changed in maas:
status: New → Triaged
importance: Undecided → Medium
assignee: nobody → Christian Grabowski (cgrabowski)
milestone: none → 3.6.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.