Tuesday, 2022-03-08

« Monday, 2022-03-07 Index Wednesday, 2022-03-09 »
opendevreviewErik Olof Gunnar Andersson proposed openstack/designate-tempest-plugin master: Enable unset ptr test and add inactive value to floating ip status  https://review.opendev.org/c/openstack/designate-tempest-plugin/+/82390500:18
opendevreviewErik Olof Gunnar Andersson proposed openstack/designate master: [WIP] Removing more unused rpc calls  https://review.opendev.org/c/openstack/designate/+/83249807:22
opendevreviewErik Olof Gunnar Andersson proposed openstack/designate master: [WIP] Removing more unused rpc calls  https://review.opendev.org/c/openstack/designate/+/83249808:21
opendevreviewErik Olof Gunnar Andersson proposed openstack/designate master: [WIP] Removing more unused rpc calls  https://review.opendev.org/c/openstack/designate/+/83249809:22
zigofrickler: Hi there! I tried what you wrote, but now I understood I'm in case 3c. So I tried that. Then when I create a port, I can see that Neutron is loading the DNS plugin, but then I can't see any query to Designate in the neutron logs ... Is there something I missed in the Neutron config ?16:22
johnsomzigo Hi. There are all of the settings at the top of this neutron doc: https://docs.openstack.org/neutron/xena/admin/config-dns-int-ext-serv.html16:25
zigojohnsom: Yeah, I did that ... :/16:25
zigoLogs are saying:16:25
zigoExternal DNS driver loaded: designate _get_dns_driver /usr/lib/python3/dist-packages/neutron/plugins/ml2/extensions/dns_integration.py16:25
zigoneutron.plugins.ml2.extensions.dns_integration [req-90c7c506-cfc7-4338-b989-6a69d318d4a0 9d66f10fd5944507a2dc3d9611619db6 df6d92c34eed48d2b023b5d19bf94525 - default default] External DNS driver loaded: designate _get_dns_driver /usr/lib/python3/dist-packages/neutron/plugins/ml2/extensions/dns_integration.py:43016:25
zigoIs it supposed to log more, like the query to Designate?16:26
johnsomIt doesn't log much from what I have seen.16:27
johnsomI have or planned to open a bug about that against the neutron extensions.16:28
johnsomSo a couple of things to check:16:28
johnsomDoes the zone exist in designate? Does the user's project have access to it. (these can be seen in the designate API logs)16:28
zigojohnsom: I've set Neutron to use "admin" as user in [designate], so it has access to it...16:29
zigo(I'll fix this later ...)16:29
johnsomDoes the network have the dns_domain set? The port the dns_name? Did you set dns_publish_fixed_ip if it's a tenant network?16:30
zigojohnsom: I'm in case 3b, so there's no dns_publish_fixed_ip, right?16:30
zigo3c, sorry16:30
zigoThe zone exists, I just created it.16:31
johnsom3c will only work on external networks16:31
johnsomSee this list of "exceptions": https://docs.openstack.org/neutron/xena/admin/config-dns-int-ext-serv.html#configuration-of-the-externally-accessible-network-for-use-cases-3b-and-3c16:31
zigohe network may *not* have attribute router:external set to True.16:32
johnsomI have started to write a user document to clear some of this up. I find it very confusing/complicated. https://review.opendev.org/c/openstack/designate/+/82523616:32
zigoMy network has router:external Internal16:32
zigoSo it should be ok regarding this.16:32
johnsomYeah, so the neutron extension is going to ignore it.16:32
zigo(it's a VXLAN network for direct public IP association in the VMs)16:32
johnsomSilently, which I think is a bug16:33
zigoAh ?!?16:33
zigoWell, the doc is wrong then...16:33
zigoIt says "The network may *NOT* have router:external True16:33
zigoWe have router:external Internal ...16:33
johnsomOh, you have it not set to true. Sorry, misunderstood16:33
zigoThat's *NOT* "true" ...16:33
zigo:)16:33
johnsomThen, check the segment ID exception. That one also is tricky16:34
zigoThe segmentation ID is set to 1000 (it's a VXLAN).16:35
zigoI'm kind of not sure about that ... :P16:35
zigoIt should be checked against what?16:35
johnsomThere is a configuration line for that in neutron, in the ML2 config I think. I don't have a stack running at the moment to check (just about to patch-Monday my workstation) let me see if I can find it.16:36
zigoIt should be outside of the vni_ranges described in ml2_conf.ini ?!?16:37
johnsomhttps://docs.openstack.org/neutron/xena/admin/config-network-segment-ranges.html16:37
* zigo is reading over there ...16:38
johnsomI think that is the right setting in the ml2_conf. That part is a bit fuzzy for me. Basically, they want the VXLAN to explicitly be an admin network and not a tenant network so they are checking the tenant segment ID range. If it falls in the "tenant" range, it's ignored. (you are back to the dns_publish_fixed_ip flag that allows DNS on tenant networks)16:39
zigoOk, I'll try to fix the segmentation ID then.16:41
johnsomGive that a shot.16:41
zigoThanks so much, we were starting to become crazy ! :)16:41
zigoI'll let you know.16:41
johnsomWelcome to the club! grin16:41
zigoIt's going to be tricky to fix, as we have ports in that network already, so I'm going home and see how I can fix this tomorrow ! :P17:05
fricklerthe idea behind those use cases was to not allow normal tenants to create networks where DNS records were published, one has to be admin in order to create a net matching those criteria17:40
fricklerwhich kind of may make sense in the IPv4 world, but it seems nobody thought of IPv6 at the time17:41
fricklerthis is why I implemented dns_publish_fixed_ip, which is the suggested solution for those use cases. the other option would be to tune your neutron conf and disallow the vxlan id that you want to use17:43
fricklerbtw. all of this discussion would belong to the neutron channel really17:43
« Monday, 2022-03-07 Index Wednesday, 2022-03-09 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!