OpenStack-Ansible

[Antelope][Designate] - Zone creation is in PENDING state and then ERROR out

Bug #2071349 reported by Nilesh
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
Invalid
Undecided
Unassigned

Bug Description

OS - Ubuntu 22.04
OSA - Antelope 2023.1

We had deployed OSA-Antelope, we tried to enable Designate based on our understanding with below config details:-

* updated openstack_user_config.yml

~~~
dnsaas_hosts: *infrastructure_hosts
~~~

* updated user_variables.yml
~~~
horizon_enable_designate_ui: True
~~~

* env.d/designate_bind.yml
~~~
physical_skel:
  dnsaas_bind_containers:
    belongs_to:
      - all_containers

container_skel:
  designate_bind_containers:
    belongs_to:
      - dnsaas_containers
    contains:
      - designate_bind

component_skel:
  designate_bind:
    belongs_to:
      - designate_bind
~~~

* user_local_designate_pools.yml

~~~
# Ansible managed
designate_pools_yaml:
- name: default
  # The name is immutable. It is used by designate to reference this pool
  description: "Default Pool"
  attributes: {}
  ns_records:
    - hostname: controller1.openstack.local.
      priority: 1
  nameservers:
    - host: 192.168.125.10
      port: 53
  targets:
    - type: bind9
      description: "BIND9 Server"
      masters:
        - host: 192.168.125.10
          port: 5354
      options:
        host: 192.168.125.10
        port: 53
        rndc_host: 192.168.125.10
        rndc_port: 953
~~~

* Ran the plabook ``os-designate-install.yml`` then we ran ``haproxy-install.yml``
* Both the playbook ran succefully without failure.
* We checked the containers. They are healthy.
~~~
# lxc-ls -f | grep designate
controller1_designate_bind_containers-b0ea3878 RUNNING 1 onboot, openstack 10.0.3.225, 192.168.125.156 - false
controller1_designate_container-86792de7 RUNNING 1 onboot, openstack 10.0.3.36, 192.168.125.68 - false
~~~
* We checked the services inside the desginate container. All was running.
~~~
# systemctl -a | grep designate
  designate-api.service loaded active running designate-api service
  designate-central.service loaded active running designate-central service
  designate-mdns.service loaded active running designate-mdns service
  designate-producer.service loaded active running designate-producer service
  designate-sink.service loaded active running designate-sink service
  designate-worker.service loaded active running designate-worker service
  designate.slice loaded active active Slice /designate
~~~

* We also check from the openstack-client the services are Active and UP.
~~~
# openstack dns service list
+--------------------------------------+------------------------------------------+--------------+--------+-------+--------------+
| id | hostname | service_name | status | stats | capabilities |
+--------------------------------------+------------------------------------------+--------------+--------+-------+--------------+
| f9273265-1930-4eb7-ae80-9167e6dcb670 | controller1-designate-container-86792de7 | api | UP | - | - |
| bbe0cb79-a2eb-4f7a-b316-655577b10853 | controller1-designate-container-86792de7 | central | UP | - | - |
| d45850a4-91c0-4cb2-adb2-cd135390d4f1 | controller1-designate-container-86792de7 | worker | UP | - | - |
| ff6d55a0-9dda-4b0b-9631-5683aedb1960 | controller1-designate-container-86792de7 | mdns | UP | - | - |
| 17e5ee4d-3841-483a-a0af-e241076ef567 | controller1-designate-container-86792de7 | producer | UP | - | - |
| 7e73626a-2907-4cc1-bc06-7f29f0566c9d | controller1-designate-container-86792de7 | sink | UP | - | - |
+--------------------------------------+------------------------------------------+--------------+--------+-------+--------------+
~~~

* tried creating the zone , but it errored out:-

~~~
openstack zone create --email <email address hidden> server1.com.
~~~

~~~
# openstack zone list
+--------------------------------------+--------------+---------+------------+--------+--------+
| id | name | type | serial | status | action |
+--------------------------------------+--------------+---------+------------+--------+--------+
| 66aaebc0-0d28-401c-9d8f-18e73f9e434b | server1.com. | PRIMARY | 1719484573 | ERROR | CREATE |
+--------------------------------------+--------------+---------+------------+--------+--------+
~~~

Full trace is here:-

~~~
https://paste.openstack.org/show/bSGR4X7aRtRcNu9vl6KV/
~~~

Thank you so much.

Revision history for this message
Dmitriy Rabotyagov (noonedeadpunk) wrote :

Ok, so issue here boils down to `"Table 'designate.zones' doesn't exist"` after deployment.

Can I kindly ask you for the following extra information here?

1. Inside utility container execute: mysql -e "SELECT version_num FROM designate.alembic_version"
2. Inside utility container execute: mysql -e "SHOW TABLES" designate
3. From the designate container:
source /etc/openstack-release
/openstack/venvs/designate-${DISTRIB_RELEASE}/bin/designate-manage database sync
echo $?

That will allow to understand ongoing issue better.

Revision history for this message
Nilesh (cnilesh) wrote :

Thank you Dmitriy,

* We tried database sync and upgrade but no help,
* Here is the details.

~~~
mysql -e "SELECT version_num FROM designate.alembic_version"
+--------------+
| version_num |
 +--------------+
| b20189fd288e |
 +--------------+
root@controller1-galera-container-5c8de558:~# mysql -e "SHOW TABLES" designate
+------------------------+
| Tables_in_designate |
 +------------------------+
| alembic_version |
| blacklists |
| pool_also_notifies |
| pool_attributes |
| pool_nameservers |
| pool_ns_records |
| pool_target_masters |
| pool_target_options |
| pool_targets |
| pools |
| quotas |
| records |
| recordsets |
| service_statuses |
| shared_zones |
| tlds |
| tsigkeys |
| zone_attributes |
| zone_masters |
| zone_tasks |
| zone_transfer_accepts |
| zone_transfer_requests |
| zones |
 +------------------------+
root@controller1-galera-container-5c8de558:~#
exit
root@controller1:~# lxc-attach controller1_designate_container-86792de7 bash
root@controller1-designate-container-86792de7:~#
root@controller1-designate-container-86792de7:~# source /etc/openstack-release
root@controller1-designate-container-86792de7:~# /openstack/venvs/designate-${DISTRIB_RELEASE}/bin/designate-manage database sync
root@controller1-designate-container-86792de7:~# echo $?
0
~~~

Revision history for this message
Dmitriy Rabotyagov (noonedeadpunk) wrote :

Ok, then it doesn't really make much sense to me, as
designate.zones obviously exists in the database.

I assume that pools were registered successfully, and this command also succeeds /openstack/venvs/designate-${DISTRIB_RELEASE}/bin/designate-manage pool update --file /etc/designate/pools.yaml

And I also assume that you have defined designate_rndc_keys?

Revision history for this message
Dmitriy Rabotyagov (noonedeadpunk) wrote :

Also, just in case, OpenStack-Ansible does not deploy backing Bind server out of the box. So I assume that was performed as well.

Revision history for this message
Nilesh (cnilesh) wrote :

Hi Dimitiry,

Our understanind is config [1] file configuration for a simple BIND9 installation. This file defines the structure and details of the DNS setup

* user_local_designate_pools.yml

~~~
# Ansible managed
designate_pools_yaml:
- name: default
  # The name is immutable. It is used by designate to reference this pool
  description: "Default Pool"
  attributes: {}
  ns_records:
    - hostname: controller1.openstack.local.
      priority: 1
  nameservers:
    - host: 192.168.125.10
      port: 53
  targets:
    - type: bind9
      description: "BIND9 Server"
      masters:
        - host: 192.168.125.10
          port: 5354
      options:
        host: 192.168.125.10
        port: 53
        rndc_host: 192.168.125.10
        rndc_port: 953
~~~

Revision history for this message
Dmitriy Rabotyagov (noonedeadpunk) wrote (last edit ):

It's not for bind9 installation, it configures designate pool, which is a required step in designate setup, and in your example designate will be configured to work with bind9.
But It will not perform bind9 installation/configuration. As bind is only one if many supported DNS servers for designate.

We do not perform/maintain roles/playbooks for bind9. While you can indeed create a corresponding containers and perform installation of required tools into them, you will need to use separate roles for that.

You can check this doc on how to extend deploy host with extra roles/collections:
https://docs.openstack.org/openstack-ansible/latest/reference/configuration/extending-osa.html#adding-new-or-overriding-roles-in-your-openstack-ansible-installation

Revision history for this message
Nilesh (cnilesh) wrote :

Hi Dimitiry,

After adding external BIND9 server and designate_rndc_keys , we were able to setup DNSaaS service.
Thank you, we can close this discussion.

Thanks,
cNilesh.

Dmitriy Rabotyagov (noonedeadpunk)
Changed in openstack-ansible:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.