[RFE] Neutron ports dns_assignment does not match the designate DNS records for Neutron port

I remember we had similar discussions about it in the past. Please check https://bugs.launchpad.net/neutron/+bug/1826419 and discussion at L3 meeting http://eavesdrop.openstack.org/meetings/neutron_l3/2019/neutron_l3.2019-05-29-14.00.log.html for more details.
Basically it works as expected so I'm going to close this RFE as Won't fix for now.

Whereas we have discussed this in the past and we agreed to comply with the spec for internal dns resolution (https://specs.openstack.org/openstack/neutron-specs/specs/liberty/internal-dns-resolution.html) as recorded here http://eavesdrop.openstack.org/meetings/neutron_l3/2019/neutron_l3.2019-05-29-14.00.log.html#l-42, I think more use cases have surfaced recently that warrant a reevaluation of this decision and of the original spec. Just last week, I was talking to hjensas in the Neutron channel, and he was describing a very similar need (if not the same): "in our case we have multiple ports for each instance, and instead of $server-name.$netname.example.com. they all get £server-name.example.com. now. Which is confusing. Since $netname.example.com. is in the dns_domain of the network ..." (http://eavesdrop.openstack.org/irclogs/%23openstack-neutron/%23openstack-neutron.2020-04-17.log.html#t2020-04-17T14:54:11).

I think it is time to explore a way to satisfy these new use cases while providing backwards compatibility with the original spec mentioned above.

We discussed that RFE on our last drivers meeting http://eavesdrop.openstack.org/meetings/neutron_drivers/2020/neutron_drivers.2020-05-08-14.00.log.html#l-55

We decided to approve this RFE as there are valid usecases and need to clean a bit mess with this dns integration.

As a next step we will need spec with detailed description of current situation (like what dns_domain options are used for what :)) so we can develop some good solution which will work for new use cases and will be somehow backward compatible.

i added the following spec describing the current situation
https://review.opendev.org/#/c/726904/

Fix proposed to branch: master
Review: https://review.opendev.org/731624

Reviewed: https://review.opendev.org/731624
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=ea13f2e83f8c2de3def69b6c883a5c161c3a6180
Submitter: Zuul
Branch: master

commit ea13f2e83f8c2de3def69b6c883a5c161c3a6180
Author: hamalq <email address hidden>
Date: Thu May 28 23:17:28 2020 +0000

    Sync the dns-assignment with the actual designate dns-domain

    When a port is created the dns-assignment (dns-domain part)
    was always taken form Neutron config dns_domain which is not
    always true, since it could be Neutron network dns_domain or
    the dns_domain sent when creating the port

    Change-Id: I7f4366ff5a26f73013433bfbfb299fd06294f359
    Closes-Bug:1873091

Fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/c/openstack/neutron/+/858524

The attachment "lp1873091-ussuri.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

Fix proposed to branch: stable/train
Review: https://review.opendev.org/c/openstack/neutron/+/858466

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/c/openstack/neutron/+/858467

Reviewed: https://review.opendev.org/c/openstack/neutron/+/858524
Committed: https://opendev.org/openstack/neutron/commit/f6aed71cbf6a9a7da0c3c7aa5b6acf83ceea2fec
Submitter: "Zuul (22348)"
Branch: stable/ussuri

commit f6aed71cbf6a9a7da0c3c7aa5b6acf83ceea2fec
Author: hamalq <email address hidden>
Date: Thu May 28 23:17:28 2020 +0000

    Sync the dns-assignment with the actual designate dns-domain

    When a port is created the dns-assignment (dns-domain part)
    was always taken form Neutron config dns_domain which is not
    always true, since it could be Neutron network dns_domain or
    the dns_domain sent when creating the port

    Change-Id: I7f4366ff5a26f73013433bfbfb299fd06294f359
    Closes-Bug:1873091
    (cherry picked from commit ea13f2e83f8c2de3def69b6c883a5c161c3a6180)

For Ubuntu, a new version of neutron with this fix has been uploaded to the focal unapproved queue. This will have to wait until 2:16.4.2-0ubuntu4 is promoted from focal-proposed.

Reviewed: https://review.opendev.org/c/openstack/neutron/+/858466
Committed: https://opendev.org/openstack/neutron/commit/1f1e45da6af4879725fb2d766f1989c8a10af474
Submitter: "Zuul (22348)"
Branch: stable/train

commit 1f1e45da6af4879725fb2d766f1989c8a10af474
Author: hamalq <email address hidden>
Date: Thu May 28 23:17:28 2020 +0000

    Sync the dns-assignment with the actual designate dns-domain

    When a port is created the dns-assignment (dns-domain part)
    was always taken form Neutron config dns_domain which is not
    always true, since it could be Neutron network dns_domain or
    the dns_domain sent when creating the port

    Change-Id: I7f4366ff5a26f73013433bfbfb299fd06294f359
    Closes-Bug:1873091
    (cherry picked from commit ea13f2e83f8c2de3def69b6c883a5c161c3a6180)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/858467
Committed: https://opendev.org/openstack/neutron/commit/26afffc3a7b18d0db1aa0a81c961bd6a4642749d
Submitter: "Zuul (22348)"
Branch: stable/stein

commit 26afffc3a7b18d0db1aa0a81c961bd6a4642749d
Author: hamalq <email address hidden>
Date: Thu May 28 23:17:28 2020 +0000

    Sync the dns-assignment with the actual designate dns-domain

    When a port is created the dns-assignment (dns-domain part)
    was always taken form Neutron config dns_domain which is not
    always true, since it could be Neutron network dns_domain or
    the dns_domain sent when creating the port

    Change-Id: I7f4366ff5a26f73013433bfbfb299fd06294f359
    Closes-Bug:1873091
    (cherry picked from commit ea13f2e83f8c2de3def69b6c883a5c161c3a6180)

Hello hamza, or anyone else affected,

Accepted neutron into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/neutron/2:16.4.2-0ubuntu5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello hamza, or anyone else affected,

Accepted neutron into ussuri-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:ussuri-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-ussuri-needed to verification-ussuri-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-ussuri-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

This issue was fixed in the openstack/neutron stein-eol release.

I am planning to get verified for Focal/Ussuri asap.

Verified focal-ussuri with the following output:

# apt-cache policy neutron-common
neutron-common:
  Installed: 2:16.4.2-0ubuntu5
  Candidate: 2:16.4.2-0ubuntu5
  Version table:
 *** 2:16.4.2-0ubuntu5 500
        500 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     2:16.4.2-0ubuntu4 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
     2:16.0.0~b3~git2020041516.5f42488a9a-0ubuntu2 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu focal/main amd64 Packages

$ juju config neutron-api dns-domain
lp1873091-f-u.stsstack.qa.1ss.
$ openstack network show private -c dns_domain -f value
test.dom1.
$ openstack port show 6c95020a-562c-45e3-93bf-99d15b3e3078 -c dns_assignment -f value
[{'ip_address': '192.168.21.192', 'hostname': 'jammy-152742', 'fqdn': 'jammy-152742.test.dom1.'}]
$ ovn-nbctl list dns
_uuid : 8f69c640-02ad-41ac-919c-61cc09ba8707
external_ids : {ls_name=neutron-dcd3ac3e-ccac-4d0b-b0f0-b593bfc58ce3}
records : {"192.21.168.192.in-addr.arpa"=jammy-152742.test.dom1, jammy-152742="192.168.21.192", jammy-152742.test.dom1="192.168.21.192"}
$ openstack recordset list 49b02873-0483-47be-b7ff-4d287985b262
+--------------------------------------+-------------------------+------+----------------------------------------------------------------------------------------+--------+--------+
| id | name | type | records | status | action |
+--------------------------------------+-------------------------+------+----------------------------------------------------------------------------------------+--------+--------+
| 5111db22-76f5-4f2c-b8ca-ff8d6e6ff392 | test.dom1. | NS | ns1.lp1873091-f-u.stsstack.qa.1ss. | ACTIVE | NONE |
| 801f099f-1cf1-444d-add5-ae41621bb0d0 | test.dom1. | SOA | ns1.lp1873091-f-u.stsstack.qa.1ss. dnsmaster.test.dom1. 1673625870 3532 600 86400 3600 | ACTIVE | NONE |
| 5b313955-f650-4a98-ac42-963f54ba5bb8 | jammy-152742.test.dom1. | A | 192.168.21.192 | ACTIVE | NONE |
+--------------------------------------+-------------------------+------+----------------------------------------------------------------------------------------+--------+--------+

Verified bionic-ussuri with the following output:

# apt-cache policy neutron-common
neutron-common:
  Installed: 2:16.4.2-0ubuntu5~cloud0
  Candidate: 2:16.4.2-0ubuntu5~cloud0
  Version table:
 *** 2:16.4.2-0ubuntu5~cloud0 500
        500 http://ubuntu-cloud.archive.canonical.com/ubuntu bionic-proposed/ussuri/main amd64 Packages
        100 /var/lib/dpkg/status
     2:12.1.1-0ubuntu8 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
     2:12.0.1-0ubuntu1 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu bionic/main amd64 Packages

$ juju config neutron-api dns-domain
lp1873091-b-u.stsstack.qa.1ss.

$ openstack network show private -c dns_domain -f value
test.dom1.

$ openstack port show bb4bf3e2-41b8-4d58-b9eb-bb3158fa4785 -c dns_assignment -f value
[{'ip_address': '192.168.21.242', 'hostname': 'jammy-194134', 'fqdn': 'jammy-194134.test.dom1.'}]

# ovn-nbctl list dns
_uuid : 7fc67223-c1ca-49da-954b-3e153bee0d90
external_ids : {ls_name=neutron-2dbb5b2b-5d8a-478a-b61c-2dc9bf5710ba}
records : {"242.21.168.192.in-addr.arpa"=jammy-194134.test.dom1, jammy-194134="192.168.21.242", jammy-194134.test.dom1="192.168.21.242"}

$ openstack recordset list 7380cddc-f111-4df7-932e-bde9e87bd2aa
+--------------------------------------+-------------------------+------+----------------------------------------------------------------------------------------+--------+--------+
| id | name | type | records | status | action |
+--------------------------------------+-------------------------+------+----------------------------------------------------------------------------------------+--------+--------+
| a1fcce9f-34b5-45c6-90ef-9731f7294088 | test.dom1. | SOA | ns1.lp1873091-b-u.stsstack.qa.1ss. dnsmaster.test.dom1. 1673638903 3581 600 86400 3600 | ACTIVE | NONE |
| ca1896a7-89e5-4dfc-8c76-630de82e3389 | test.dom1. | NS | ns1.lp1873091-b-u.stsstack.qa.1ss. | ACTIVE | NONE |
| 758dc8b5-771f-42f5-9b60-78b4b4c3cacc | jammy-194134.test.dom1. | A | 192.168.21.242 | ACTIVE | NONE |
+--------------------------------------+-------------------------+------+----------------------------------------------------------------------------------------+--------+--------+

The verification of the Stable Release Update for neutron has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package neutron - 2:16.4.2-0ubuntu5

---------------
neutron (2:16.4.2-0ubuntu5) focal; urgency=medium

  Backport fix for port dns_domain sync (LP: #1873091):
  * d/p/sync-the-dns-assignment-with-the-actual-designate-dn.patch

 -- Edward Hope-Morley <email address hidden> Tue, 20 Sep 2022 13:41:55 +0100

This bug was fixed in the ussuri-updates package neutron - 2:16.4.2-0ubuntu5~cloud0

This issue was fixed in the openstack/neutron train-eol release.

This issue was fixed in the openstack/neutron ussuri-eol release.