quantum DNS name does not match VM hostname

Hi Jack, have you seen this behavior with other linux distros?

This issue impacts all distributions, although in slightly different ways.

Those which acquire their hostname from the metadata server (eg, ubuntu) will result in a mismatch and throw fqdn warnings (for instance, when using sudo).

Those which get it from dhcp (eg, wheezy) can resolve their fqdn, but the hostname is inconsistent from nova, and is in the n-n-n-n format. Additionally, this is what's stored in dnsmasq's host file, and makes out of the box dns less usable than it is with nova-net.

Fix proposed to branch: master
Review: https://review.openstack.org/36133

Fix proposed to branch: master
Review: https://review.openstack.org/36138

Can't submit changes due to grenade bug:

https://bugs.launchpad.net/grenade/+bug/1199250

Submitted Fix in nova, awaiting review:

https://review.openstack.org/36138

Fix proposed to branch: master
Review: https://review.openstack.org/37098

I see all the changes mentioned in this bug report still in progress. Marking this as committed may be confusing in the release process. Am I missing something?

Is there any known workaround for this bug? It's a showstopper for me.

Any updates about the status/patch/... ?
Its currently also a showstopper for me.

+1 to this being a showstopper. If Zack isn't going to resume work on it in the next month or two, I'll probably pick up where he left off.

I{s there any progress/update on this?

When fixing this bug, please consider bug #1240910.

dnsmasq will treat as invalid any host entry with hostname length > 63 thus it will allocate no IP address to the instance.

+1 to being a showstopper.

I'm wondering if we can restore some forward momentum to this. This is a nova parity issue, and a pain point for users.

Looking at Armando's comment on https://review.openstack.org/#/c/37098/5//COMMIT_MSG, he says "there should be a way to preserve the current behavior without using the port name as deciding factor". I think that's valid, and we could address it with a config option e.g. use_port_name_for_host_name=True/False.

Another option I had considered is adding a hostname attribute to the port object. I was trying to avoid this path as it brings in all the overhead of a new API extension.

A third option might be the extra_dhcp_opts extension. We could explicitly specify the hostname using this API, e.g. {"opt_value": "myvmname", "opt_name": "hostname"}. I think we'd need to tweak _output_hosts_file a bit to use this, but at least it is an existing API mechanism that could be used.

Thoughts?

On further reflection, a global config option such as use_port_name_for_host_name is not desirable as it does not preserve behavior for existing deployments, e.g. if I've set my port name to something like "port5" while having come to depend on a DNS hostname such as 10-10-20-5.openstacklocal. (This is probably what Armando was driving at in his code review comment.)

Jack, that problem could be solved by including multiple DNS names that map to the same internal IP. Only one name will be sent as the hostname but both names can be resolved in DNS. Essentially, the 10-10-20-5.openstacklocal name will always map to the IP regardless.

Could the global defaut for use_port_name_for_host_name be overridden on a network-by-network basis?

What happens if the nova display name doesn't qualify as an allowable dns name because of some mismatch in constraints. Should we define a mapping that will map any valid nova display name to a valid dns name?

Second, what is this about duplicates? Is the nova display name not constrained to be unique? If someone decides to turn on use_port_name_for_host_name and has duplicate display names on the same network what should be done?

In my opinion, we need to resolve these questions. Some of you may not like the idea of using nova display names as DNS names but end users want it. They don't want to have to name their instances twice and they want to be able to get to their instances by name using dns.

This should be designed in a blueprint.

Coming back to Jack's comment #16 ("can we restore some forward momentum to this?") I indeed wonder if there is a small, short term solution possible which suits at least most people. I am actually not sure that just waiting for the availablity of Moniker in the next release is the proper answers, especially as I failed to understand so far it it's not going to leave us with the same issue, just on a different technical platform.

Basically, I understand that discussion is all about how to find a name that can be assigned to a node. One solution discussed here but not actually accepted for reasons of backward compatibility IIUC was to use a port name. IMHO this would indeed onyl be the 2nd best option anyway as it would only buy us something if one sets up the port name properly *before* launching an instance.

Basically, the subject of DNS names and IP addresses comes down two two possible scenarios:

1. Either I do advanced planning, i.e. I know I will be launching 5 instances which are supposed to work together (for example 2 load balancers, two web servers and one admin instance). So I could make up names for them in advance (lb-1, lb-2, web-1, web-2, admin) and assign an IP address to each of them in the DHCP server, so once the instance will launch it will get assiged the proper name and IP address and all will be fine. Except, how would I know the MAC address that the new instances will be using in order to configure them in the DHCP server prior to having launched the instances. Sounds a bit like a chickend and egg problem to me. (I understand MAC addresses are generated with some randomness during the instance launch, right?)

2. In the other scenario I just hit the "Launch me an instance" button in Horizon five times in a row and type in my names, i.e. again lb-1, lb-2, you get it. So each instance will receive an arbitraty IP address from the DHCP pool and there is no way for the five instances to find each other on the network unless I would manually setup /etc/hosts entries for all of them in each of them, is there? Would they be able to refer to each other by given name I would have a prepared confuguration for example for the load balancers in which I write that the two backends are web-1 and web-2, without ever having to care about the IP addresses used. I guess this is what DNS was made for, right? So I guess I don't expect too much if I expect this to work.

A trivial solution IMO would be:

Add the --addn-hosts and the --dhcp-script options to the dnsmasq launched by Neutron.

The DHCP request of each instance which launches contains the node name which is derived from the instance name by making it DNS-compatible, i.e. replace spaces by dashed etc. This is happening today, at least with images which use Cloud Init (tested on Ubuntu). The dhcp script could just write the assiged IP address together with the name into the additonal hosts file and you're done.

To be honest, there would be some shortcomings, such as:

If an instance gets "terminated" (which is OpenStack's way of saying it's gone forever) the entry will stay there unless manually removed. I am not sure if there would be any hook which would allow to make sure ...

Took this out of in-progress status since the nova and neutron changes were abandoned.

this is still undecided or patch has been released ? i am running juno and same issue

Same here. I am wondering if there is patch somewhere we can patch on Juno. I am having the same problem after upgrade from Havana to Juno. I was using flat networking on Havana and change to Neutron (vxlan/gre) after upgrade to Juno. Lot of things are broken with the VM ( since eg hostname -f return unknown host ). Temporary workaround is to update VM's /etc/hosts but with few hundred VMs to manage, this is not very appropriate. Since flat network probably won't be support in the future, if we have to use Neutron but with this bug still exists, I will think many people will be affected.

I believe that this is taken care of in the context of

https://blueprints.launchpad.net/neutron/+spec/external-dns-resolution

I am afraid, we won't be able to patch Juno, as it's security fixes only.

Sorry I meant this one:

https://blueprints.launchpad.net/neutron/+spec/internal-dns-resolution

Is this available in Liberty or Mitaka ? I am facing this problem.

I cannot find the patch either