system dns-modify shortly after controller-0 unlock fails silently

Marking as release gating - timing issue; would be nice to address as a robustness item in the upcoming release.

I reproduced this issue and find condition "adding a DNS nameserver soon after the reboot" seems to be not necessary.

My questions: could you tell more about the expected behavior?
in my env "nameserver 192.168.204.2" is always the first line in file /etc/resolv.conf no matter what I do. I can't clear it by command "system dns-modify nameservers=". is it by design?

Hi Ran, 192.168.204.2 is the active controller on the management network. It is internal to the cluster and is the internal DNS server. It should remain first, by design yes. If you nslookup any node's name it is served from that internal DNS server. Check "mgmt" within /etc/dnsmasq.conf

And you should be able to do something like this:
$ nslookup compute-0
Server: 192.168.204.2
Address: 192.168.204.2#53

Name: compute-0
Address: 192.168.204.229

Could you elaborate on "seems to be not necessary" in reference to "adding a DNS nameserver soon after the reboot"? When we add a dns server using system dns-modify command, we intend to reference a DNS server external to the cluster. The use of dns-modify command is applicable to the OAM network.

I found these use-cases:
  "a DNS service should be in place to ensure that links to external references in the current and future versions of the Web administration interface work as expected."

  "Before you can use fully qualified domain names (FQDN)" for ntp configuration.

Hi Michel, sorry to confuse you. My point is "soon after the reboot" is not a necessary condition, as I first reproduced this issue on an env which had been unlocked for a whole day and some other tests had been done before.

by analysis the sysinv.log I found each time "the /etc/resolv.conf file is not updated", there would lack following log:

sysinv.agent.manager [req-**** admin admin] Agent config applied **** <[config_uuid of the unenforced command]>

and it would appear when next "dns-modify" command was inputted. As the command inputted second time worked, the alarm was clear.

INFO sysinv.agent.manager [req-**** admin admin] Agent config applied 07d51e74-7f32-4c81-9f38-909253257c1d
WARNING sysinv.conductor.manager [req-**** admin admin] SYS_I Raise system config alarm: host controller-0 config applied: 07d51e74-7f32-4c81-9f38-909253257c1d vs. target: 7449f769-008d-46af-ae57-2548f56872be.
INFO sysinv.agent.manager [req-**** admin admin] Agent config applied 7449f769-008d-46af-ae57-2548f56872be
INFO sysinv.conductor.manager [req-**** admin admin] SYS_I Clear system config alarm: controller-0

I'll investigate related codes deeply this weekend.
And any ideas may helpful are welcomed. Thanks

Thanks Ran; the revision that the condition is reproducible later on is interesting. I'll share that internally at WR and reference this launchpad in case it leads to more clues.

Hi, by code investigating and some tests. I found the command "dns-modify" will response after sysinv-db was updated, and file "/etc/resolv" will be updated asynchronously by "agent-manager" runs in another process called "sysinv-agent".

there are two cases that would lead behaviors shown in this issue.

Case 1. "agent-manager" deals with request "iconfig_update_file" from "agent-rpcapi" before it updated its attr "_ihost_personality" from None to controller, which is updated by a periodic_task.
this case may happen in early life of process "sysinv-agent". And it will lead dns-modify failed silently.

Case 2. the "sysinv-agent" process is busy and do not deal with requst "iconfig_update_file" from "agent-rpcapi" in time.
in this case, if we wait for a while (5~10 min), we could find file /etc/resolv.conf was updated.

ps: in both cases, the alarm(250.001) behaviors are correct.

For the first case, we could
    a)each time "agent-manager" deals with request "iconfig_update_file", make "agent-manager" check its attr "_ihost_personality" first. If the value is None, update it immediately.
 or b)response dns-modify fail and let the user try it later.

For the second case, we could add some notes to command response to the user like: "please check /etc/resolv.conf a few minutes later if it is not changed currently."

Fix proposed to branch: master
Review: https://review.openstack.org/637459

Reviewed: https://review.openstack.org/637459
Committed: https://git.openstack.org/cgit/openstack/stx-config/commit/?id=53b9e4661561c85aabe802d098e79c1c099e6bec
Submitter: Zuul
Branch: master

commit 53b9e4661561c85aabe802d098e79c1c099e6bec
Author: SidneyAn <email address hidden>
Date: Mon Feb 18 22:03:57 2019 +0800

    retry func iconfig_update_file when host personality is None

    when we run "system dns-modify" command, the command will response after
    sysinv-db was updated, and file "/etc/resolv.conf" will be updated
    asynchronously by another process "sysinv-agent". Once the attr
    "_ihost_personality" of agent is None(initial value), it will not update
    file "/etc/resolv.conf" and will not inform sysinv client also,
    which will lead command dns-modify failed silently.

    This patch will retry function iconfig_update_file by which sysinv-agent
    update file "/etc/resolv.conf" when attr "_ihost_personality" is None.

    Closes-bug: 1812269

    Change-Id: I3a0437750a53607c04932c1b9b818e83903bb28b
    Signed-off-by: SidneyAn <email address hidden>

Fix proposed to branch: f/stein
Review: https://review.openstack.org/638470

Reviewed: https://review.openstack.org/638470
Committed: https://git.openstack.org/cgit/openstack/stx-config/commit/?id=cb45f9b3bdf68cbd6d6d21ccbe31d279dd4d05d1
Submitter: Zuul
Branch: f/stein

commit 28766a8d43f579fb027f4152c3f6586418e1eb9d
Author: Irina Mihai <email address hidden>
Date: Wed Feb 20 21:11:56 2019 +0000

    Prevent download and creation of default Cirros glance image

    - downloading the Cirros image fails in glance-bootstrap if
      the hardcoded requested image is not found
    - to workaround this issue, we disable the download and creation
      of the Cirros image in glance-bootstrap through the overrides
      -> this has no other impact as the image can be created after
         the chart's installation using "openstack image create"

    Change-Id: I418eb236f5eceb0124eb73787fe12e2f0aa2d9e1
    Closes-Bug: 1814142
    Signed-off-by: Irina Mihai <email address hidden>

commit 53b9e4661561c85aabe802d098e79c1c099e6bec
Author: SidneyAn <email address hidden>
Date: Mon Feb 18 22:03:57 2019 +0800

    retry func iconfig_update_file when host personality is None

    when we run "system dns-modify" command, the command will response after
    sysinv-db was updated, and file "/etc/resolv.conf" will be updated
    asynchronously by another process "sysinv-agent". Once the attr
    "_ihost_personality" of agent is None(initial value), it will not update
    file "/etc/resolv.conf" and will not inform sysinv client also,
    which will lead command dns-modify failed silently.

    This patch will retry function iconfig_update_file by which sysinv-agent
    update file "/etc/resolv.conf" when attr "_ihost_personality" is None.

    Closes-bug: 1812269

    Change-Id: I3a0437750a53607c04932c1b9b818e83903bb28b
    Signed-off-by: SidneyAn <email address hidden>

commit 0ce137a99a5fe04490dc23d2574beb6b1adbf343
Author: Kristine Bujold <email address hidden>
Date: Mon Feb 18 12:56:25 2019 -0500

    Move gnocchi and ceilometer static configs

    Move all gnocchi and ceilometer static configurations from the
    overrides to the Armada manifest.

    This is being done so we have a consistent way of managing
    containerized openstack configurations. Static configurations will
    be located in the Armada manifest and dynamic configuration will be
    located in the overrides files.

    Story: 2003909
    Task: 29535

    Change-Id: Ieab861cb1751146b70f722e70b8f89d81c0ed9a5
    Signed-off-by: Kristine Bujold <email address hidden>

commit 99e86fc151d326f4c26f9005d8cf84028078261c
Author: Kristine Bujold <email address hidden>
Date: Fri Feb 15 15:35:40 2019 -0500

    Move heat static configs to Armada manifest

    Move all heat static configurations from the overrides to the
    Armada manifest.

    This is being done so we have a consistent way of managing
    containerized openstack configurations. Static configurations will
    be located in the Armada manifest and dynamic configuration will be
    located in the overrides files.

    Story: 2003909
    Task: 29455

    Change-Id: Ie35b1696b9fce0458db724fc8163d5d181e0768a
    Sig...