Wednesday, 2016-07-20

« Tuesday, 2016-07-19 Index Thursday, 2016-07-21 »
*** haplo37_ has joined #openstack-dns01:34
*** ducttape_ has quit IRC02:18
*** ducttape_ has joined #openstack-dns02:25
*** nyechiel has joined #openstack-dns02:39
*** rudrajit has quit IRC02:50
*** mlavalle has joined #openstack-dns03:11
*** richm has quit IRC03:19
*** fawadkhaliq has joined #openstack-dns03:20
*** mlavalle has quit IRC03:29
*** rudrajit has joined #openstack-dns03:31
*** fawadkhaliq has quit IRC03:34
*** ducttape_ has quit IRC03:36
*** rudrajit has quit IRC03:45
*** rudrajit has joined #openstack-dns03:46
*** Krenair has joined #openstack-dns03:56
KrenairI tried to create a domain under in-addr.arpa, then add a record to it03:58
Krenairusing the v1 api through python-designateclient03:58
Krenairunfortunately the record creation results in an HTTP 400 - designateclient.exceptions.BadRequest: Provided object does not match schema03:58
openstackgerritgecong proposed openstack/designate: Remove unused LOG  https://review.openstack.org/34455404:00
*** abalutoiu has quit IRC04:01
Krenairit went something like this:04:02
Krenairdomain = designaterecords.Domain(name="128-25.123.123.123.in-addr.arpa.", email="example@example.org")04:02
Krenairres = designate_client.domains.create(domain)04:02
Krenair# res['id'] == '933a78c2-3d8d-4ee1-bbef-9ab30be5f972'04:02
Krenairrecord = designaterecords.Record(name="129.128-25.123.123.123.in-addr.arpa", type="PTR", data="our.domain.org", description="some text")04:02
Krenairresult = designate_client.records.create('933a78c2-3d8d-4ee1-bbef-9ab30be5f972', record)04:02
KrenairSo I looked through /var/log/designate and found this in designate-pool-manager.log:04:02
Krenairhttps://gist.github.com/Krenair/aa656d7e124ca828ceb180e29396b7a304:04
Krenairoh, this is with the pdns backend04:05
KrenairWhy is it trying to create the domain again? We're at the record creation stage when stuff goes wrong, and the database already contains the domain04:05
KrenairI do notice that it attempts to insert with account None (NULL in mysql I guess), but it's supposed to be using my project's name04:08
*** abalutoiu has joined #openstack-dns04:14
*** fawadkhaliq has joined #openstack-dns04:16
*** fawadkhaliq has quit IRC04:20
*** Alex_Stef has joined #openstack-dns05:11
*** haplo37_ has quit IRC05:52
*** stanzgy has joined #openstack-dns06:20
*** Alex_Stef has quit IRC06:31
*** rudrajit_ has joined #openstack-dns06:33
*** rudrajit has quit IRC06:37
*** rudrajit_ has quit IRC07:05
*** rudrajit has joined #openstack-dns07:06
*** rudrajit has quit IRC07:10
*** rudrajit has joined #openstack-dns07:36
*** rudrajit has quit IRC07:42
*** Alex_Stef has joined #openstack-dns08:15
*** fawadkhaliq has joined #openstack-dns08:47
*** fawadkhaliq has quit IRC08:47
*** fawadkhaliq has joined #openstack-dns08:48
*** fawadkhaliq has quit IRC08:48
*** fawadkhaliq has joined #openstack-dns08:50
*** fawadkhaliq has quit IRC08:52
*** fawadkhaliq has joined #openstack-dns08:52
*** fawadkhaliq has quit IRC08:56
KiallKrenair: "129.128-25.123.123.123.in-addr.arpa" would be the issue - well - 2 issues... it should end with a period (.) and, I'm not certain our validation will allow the 128-25 through10:53
*** stanzgy has quit IRC11:00
KiallKrenair: oh, also.. re the domain re-create, I'd bet thats from running the script twice. `res = designate_client.domains.create(domain)` will fail the second time around as it already exists11:47
*** ducttape_ has joined #openstack-dns12:07
*** ducttape_ has quit IRC12:12
*** chrido has joined #openstack-dns12:31
openstackgerritMerged openstack/designate: update doc index, add ops FAQ and notifications  https://review.openstack.org/34158312:44
*** ducttape_ has joined #openstack-dns12:58
*** richm has joined #openstack-dns13:04
*** ducttape_ has quit IRC13:18
*** abalutoiu_ has joined #openstack-dns13:18
*** abalutoiu has quit IRC13:21
*** EricGonczer_ has joined #openstack-dns13:46
*** ducttape_ has joined #openstack-dns13:49
*** Alex_Stef has quit IRC14:02
*** abalutoiu__ has joined #openstack-dns14:13
*** abalutoiu_ has quit IRC14:16
*** pglass has joined #openstack-dns14:26
*** EricGonczer_ has quit IRC14:26
*** mlavalle has joined #openstack-dns14:32
openstackgerritSwapnil Kulkarni (coolsvap) proposed openstack/designate: [WIP] Testing latest u-c  https://review.openstack.org/31802014:39
openstackgerritFederico Ceratto proposed openstack/designate: Add gdns devstack plugin  https://review.openstack.org/32147714:42
*** abalutoiu__ has quit IRC14:43
openstackgerritFederico Ceratto proposed openstack/designate: Add Monasca-statsd metric generation  https://review.openstack.org/32225214:44
openstackgerritFederico Ceratto proposed openstack/designate: Move unit and functional testing to MySQL  https://review.openstack.org/30011214:47
*** haplo37_ has joined #openstack-dns15:04
KrenairKiall, why would it not allow the 128-25 through?15:17
*** james_li has joined #openstack-dns15:18
KiallThe V1 api uses a validation rule that only allows "1.2.3.4.in-addr.arpa." style names15:21
KrenairKiall, I tried with and without the trailing fulls top15:22
KiallAlso 129.128-25.123.123.123.in-addr.arpa just isn't valid -15:22
KrenairKiall, wat? so it completely kills RFC 2317 delegation of in-addr.arpa addresses?15:22
Kiallit's got 5 sections for the IP where there should be at most 4 for IPv4 / in-addr.arpa. RR's15:22
KiallYea, V1 won't accept RFC 231715:23
Krenairwill V2?15:23
KiallIt should, though I haven't tested that myself. It's a bug if it doesn't.15:24
*** james_li has quit IRC15:24
KrenairIsn't it also a bug in V1 as it doesn't?15:24
KiallThe V1 API is deprecated, and is getting no new features (supporting 2317 would be a a feature)15:25
*** krotscheck is now known as krotscheck_dcm15:30
*** EricGonczer_ has joined #openstack-dns15:30
*** EricGonczer_ has quit IRC15:31
KrenairKiall, 2317 is a 1998 "best current practice" RFC15:33
Krenairconforming DNS implementations should already support everything that it describes15:34
mugsie Krenair i would consider it a feature, and as we will be turning the v1 API off by default in the next few months, we will not be making any changes to it, unless they are completely required15:44
mugsiewe were not RFC 2317 conformant in the v1 API15:45
KiallYea, it was certainly an oversight that we didn't implement it, but it's not so much a bug as not having implemented it in V1215:57
KiallV1*15:57
*** EricGonczer_ has joined #openstack-dns16:03
*** dxu has joined #openstack-dns16:05
*** EricGonczer_ has quit IRC16:07
*** rudrajit has joined #openstack-dns16:07
*** EricGonczer_ has joined #openstack-dns16:08
*** james_li has joined #openstack-dns16:11
KrenairWell, I found a server with the v2 designate python api bindings16:12
Krenairdesignate_client.recordsets.create raises "designateclient.exceptions.Unknown: Unknown"16:13
*** EricGonczer_ has quit IRC16:14
KrenairKiall, looking at the logs it appears to have been attempting to create the domain in the background?16:17
KiallKrenair: I believe that's most likely just running the script your writing twice? (Hard to tell from this angle :)) You have an explicit create domain in it, so running it twice means it'll create it the first time, then fail with a duplicate error the second time16:20
KrenairI'm not running some saved script file here16:20
KrenairI'm pasting lines into a python console16:20
KrenairI'm not continually trying to run designate_client.zones.create, designate already lists the domain in zones.list()16:21
KrenairSo why does designate_client.recordsets.create trigger a status >= 500?16:23
*** rudrajit has quit IRC16:24
*** rudrajit has joined #openstack-dns16:24
*** rudrajit has quit IRC16:28
pglassKrenair: can you fetch the zone in the v2 api and check its status?16:30
*** v12aml has quit IRC16:30
*** v12aml has joined #openstack-dns16:33
pglassalso what is the syntax for rfc2317? reading through that I see things like `129.128/26.2.0.192.in-addr.arpa.` and not `129.128-26.2.0.192.in-addr.arpa.`16:37
pglassI can create a recordset with type=PTR and name=1.128-25.5.5.in-addr.arpa.16:42
pglassbut with bind9, this puts `1.128-25.5.5.in-addr.arpa.`as the record name in the zone file16:42
pglassbased on docs at http://www.zytrax.com/books/dns/ch9/reverse.html, these should be slashes (not dashes) instead.16:43
Kiallpglass: the specific syntax is left as an exercise to the reader, the RFC uses /'s - but anything works.. -'s are actually more common from what I understand.16:44
KiallThe RFC is mostly definine the pattern to use (CNAME the "real" PTR name to a "virtual" PTR name, where the virtual PTR is in a tenant specific zone)16:45
Kialldefines*16:45
pglassoh. okay. this is just a combination of cname and ns records in the zone file. so what does it mean in designate to create something like "129.128-25.123.123.in-addr.arpa" as a ptr record?16:54
KiallWell, PTR record would be the wrong name for it.. It's a CNAME, who happens to have a name that would usually only be used for a PTR16:56
*** sonuk has quit IRC16:57
*** EricGonczer_ has joined #openstack-dns17:00
openstackgerritJames Li proposed openstack/designate: Improve performance of recordsets API  https://review.openstack.org/32881317:03
Krenairpglass, seems to be in status ERROR17:06
Krenairwe're not making the CNAME in designate itself17:07
Krenairdesignate is running the server that's being delegated to17:07
pglassokay, but nowhere in the rfc does it say you can create a ptr record with a name like 129.128-25.123.123.in-addr.arpa17:12
pglassunless that syntax is already valid?17:12
pglassi.e. you can delegate blocks of ip address to designate. that's fine. but I don't think there's a "catch all" ptr record. you need one ptr record per ip.17:15
pglassbut also I've never done this before, so I'm probably wrong17:16
*** rudrajit has joined #openstack-dns17:18
*** penick has joined #openstack-dns17:20
*** rudrajit_ has joined #openstack-dns17:21
openstackgerritPaul Glass proposed openstack/designate-tempest-plugin: Unauthed tests support both v2/v3 identity  https://review.openstack.org/34175317:24
*** rudrajit has quit IRC17:25
*** pcaruana has quit IRC17:27
*** EricGonczer_ has quit IRC17:28
*** james_li has quit IRC17:35
*** ducttape_ has quit IRC17:43
*** pglass has quit IRC17:50
*** darkxploit has joined #openstack-dns17:53
*** dxu_ has joined #openstack-dns18:05
*** dxu has quit IRC18:05
Krenairpglass, the record name is of the form 129.128-25.123.123.123.in-addr.arpa.18:07
Krenairclients will look up 129.123.123.123.in-addr.arpa. on our production server, find the CNAME to 129.128-25.123.123.123.in-addr.arpa., and that 128-25.123.123.123.in-addr.arpa. is IN NS our designate servers18:08
Krenairthat just leaves Designate needing a PTR response to 129.128-25.123.123.123.in-addr.arpa.18:09
*** visbits has joined #openstack-dns18:11
KrenairWe have to use classless in-addr.arpa delegation because the IP range given to OpenStack is a /25 - 123.123.123.128 to 123.123.123.255 - we *can't* delegate the whole of 123.123.123.in-addr.arpa to designate18:11
visbitsI have a successful installation of designate with powerdns, however I'm having issues with consistently snycing zones.   It does not send notify to my nameservers after adding new records18:12
KrenairAnd the RfC literally contains this:18:12
Krenair   $ORIGIN 128/26.2.0.192.in-addr.arpa.18:12
Krenair   129             PTR     host1.B.domain.18:12
Krenairthat is 129.128/26.2.0.192.in-addr.arpa.18:12
KrenairWe will be creating one PTR record per IP18:15
*** ducttape_ has joined #openstack-dns18:28
*** _ducttape_ has joined #openstack-dns18:29
*** pglass has joined #openstack-dns18:31
*** ducttape_ has quit IRC18:33
visbitsim seeing notify sent to 127.0.0.1 but my pool isnt configured for that18:46
visbitshttp://pastebin.com/rxQzAMRC18:47
visbitsanyone see an issue with this?18:47
*** pcaruana has joined #openstack-dns18:48
*** _ducttape_ has quit IRC18:59
*** ducttape_ has joined #openstack-dns18:59
visbitsmy powerdns servers are pulling the latest zone themselves but the master isnt sending notifys to them.. bug report i guess19:04
pglassoh i get this now, Krenair. so the only issue is designate doesn't allow you to create a ptr record with five "octets" (one of which is the cidr notation)19:05
Krenairit seems that way yes19:05
pglassKrenair: i'm testing this out though. in the v2 api, you can create ptr records with more than 4 octets19:09
*** dxu_ is now known as dxu19:09
pglassand with hyphens19:09
visbitsalso_notifies19:09
visbits:(19:09
Krenairpglass, that's great... so why is the domain in error state? I presume that's what's causing the record creations to trigger an HTTP 5xx error19:10
Krenairand where might I find details about the http error?19:11
pglasswhen designate creates a zone (or when any change to the zone occurs), it updates the zone on the backend "target", and then polls the "nameserver" to see the change show up.19:11
pglassif it fails to see the change on the nameserver, the zone will go to error.19:12
Krenairseems to be sticking at the pdns backend stage19:12
pglassthe pool manager is the one that orchestrates the polling19:12
Krenairah19:12
pglassbut the pool manager asks mdns to actually do the queries19:12
pglassif you dig you powerdns server and it has the zone/recordset you last created, then there is an issue with the polling.19:14
pglassif the nameserver doesn't have it, then there was an issue with putting the zone/recordset on the nameserver19:14
visbitswhen you add a pdns server, is there any provision to create domain records automatically?  I've had to dump my db onto it19:15
KrenairI don't get the PTR, I get the zone's SOA19:15
Krenairso the zone was created19:15
Krenairbut designate thinks it doesn't - a polling failure at the zone creation stage?19:15
Krenairthinks it wasn't*19:17
pglassif the soa record is there, then a zone was created.19:20
Krenairyep19:20
pglassbut the nameserver may not have the latest version of the zone from designate (you can compare the zone's serial in designate with the serial in the soa record)19:21
pglasswhat was the 500 error you got?19:22
pglassvisbits: i think in your pool_target sections, you need `options = host: ..., port: ..., connection: ...`19:26
visbitspglass thanks ill give that a shot19:27
*** ducttape_ has quit IRC19:32
visbits@pglass does not like that19:35
*** mpbnka has joined #openstack-dns19:36
mpbnkaHi, Can you guys review this https://review.openstack.org/#/c/337416/19:36
pglassvisbits: can you paste your new config? and any errors?19:36
visbitsi added my 2 nameservers to the "also_notify" parameter and that corrected them not being notified.. i feel like thats not the expected behavior19:37
visbitsim trying to get the sink working but doesnt seem to be getting any messages19:37
pglassvisbits: i'm not as familiar with powerdns, but do you have something like this in your designate config: http://paste.openstack.org/show/538899/19:40
visbitsyeah thats what i have19:40
visbitsi can add domains no issue19:40
pglassvisbits: and restarted the pool manager?19:42
*** mpbnka has quit IRC19:45
*** mpbnka has joined #openstack-dns19:46
Krenairpglass, serial in designate is 1468985011, serial returned by pdns is 146898501119:50
Krenairpglass, HTTP 5xx is indicated by this: https://gist.github.com/Krenair/16894094b7f88649a7a3cb31fde2ccd019:53
pglassKrenair: can you print the client version you have? `import designateclient.version; print designateclient.version.version_info`19:59
Krenair1.5.019:59
Krenairwould it be helpful if I tried sending the request directly to designate using curl?20:04
Krenairand the rest api20:04
pglassKrenair: if you have the `openstack` cli, you can do an `openstack --debug zone list` and it should print the requests it makes20:06
pglassKrenair: just double checking - your 'nova_api_url' points to a keystone api?20:07
pglassin your config20:07
Krenairit's like this: http://control.our-domain.org:35357/v2.020:08
Krenairit's keystone yes20:08
Krenairmisnamed, probably because I copied that out of a script we used to contact nova20:09
pglassbut yeah, if you have the response body with the 500 that would help20:09
pglassdesignate should log the exception also20:10
Krenairpglass, okay so20:10
pglassyou can also try create another zone with just a simple A record and see if you get the same error20:10
Krenairpglass, openstack --debug zone list doesn't show the in-addr.arpa zones because they are under noauth-project20:10
Krenairoh, but I made this particular one jnot with noauth-project, but with an actual tenant20:11
KrenairI just need to set OS_TENANT_NAME to that I guess20:11
Krenairyep, there it is20:11
Krenairmy in-addr.arpa zone shows up20:11
Krenairstatus ERROR action CREATE20:11
pglassokay so it was an error on the create20:11
Krenairyes20:12
KrenairALso, where would designate be logging this? /var/log/designate/designate-api.log ?20:12
pglassthere is probably one log file per service. if the request 500s though, I think it should be in either the api or in central logs20:13
Krenair(I was confused about noauth-project before because I think the 10.in-addr.arpa zone openstack sets up uses that...)20:13
pglassthe noauth-project is the default tenant designate creates things on, if there is no X-Auth-Project-Id header sent with the api requests.20:13
Krenairyeah20:39
*** pglbutt has joined #openstack-dns20:39
Krenairpglass, I can successfully create an example.org zone and a www record in there20:41
Krenair(type A record)20:41
*** pglass has quit IRC20:42
openstackgerritTyr Johanson proposed openstack/designate-dashboard: [WIP] API v2 Dashboard  https://review.openstack.org/34118220:43
*** abalutoiu has joined #openstack-dns20:46
*** abalutoiu has quit IRC20:46
*** pcaruana has quit IRC20:53
KrenairI've got something pglbutt20:56
Krenairpglass* sorry20:56
Krenairwho has quit20:56
pglbuttthey're both me20:57
Krenairright, just figured that out :)20:57
KrenairI made it print response.text before raising the exception20:57
Krenairhttps://gist.github.com/Krenair/873ecb55546671ae33c11b3bd2f5763220:58
pglbuttumm, where is that from?21:00
pglbuttthat's in the body of the 500 response?21:00
Krenairthink so21:00
Krenairyep21:01
pglbuttdo you have the response.request.body?21:02
pglbutti think that's where it is21:02
Krenairthat is the value of response.text, in /usr/lib/python2.7/dist-packages/designateclient/v2/client.py DesignateAdapter.request21:02
Krenairyes21:03
Krenairroughly this: {"records": ["something.our-domain.org"], "type": "PTR", "name": "129.128-25.123.123.123.in-addr.arpa.", "description": "Manually created by Alex for testing"}21:04
Krenairwhy does that traceback/exception on the designate server end not show up in /var/log/designate?21:10
pglbuttwell i've never seen an exception from designate in the response body21:12
pglbuttnormally, exceptions do show up in the logs21:13
pglbuttwhat version of designate do you have?21:13
*** rudrajit_ has quit IRC21:13
Krenair>>> designate.version.version_info21:16
Krenairpbr.version.VersionInfo(designate:2015.1.0)21:16
*** rudrajit has joined #openstack-dns21:18
*** haplo37_ has quit IRC21:27
*** sonuk has joined #openstack-dns21:29
openstackgerritTyr Johanson proposed openstack/designate-dashboard: [WIP] API v2 Dashboard  https://review.openstack.org/34118221:31
*** bsv has joined #openstack-dns21:35
Krenairpglbutt, 2015.1.0 ^21:45
*** greghaynes has quit IRC21:46
*** greghaynes has joined #openstack-dns21:59
*** nyechiel has quit IRC21:59
*** EricGonczer_ has joined #openstack-dns22:09
*** pglbutt has quit IRC22:14
*** mlavalle has quit IRC22:35
*** rudrajit has quit IRC22:48
*** catintheroof has joined #openstack-dns22:52
*** rudrajit has joined #openstack-dns23:03
*** bsv has quit IRC23:11
*** bsv has joined #openstack-dns23:13
*** bsv is now known as Guest5815723:13
*** Guest58157 has quit IRC23:18
*** dxu has quit IRC23:43
*** penick has quit IRC23:59
« Tuesday, 2016-07-19 Index Thursday, 2016-07-21 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!