Monday, 2017-02-06

*** EricGonczer_ has joined #openstack-dns		00:11
*** EricGonczer_ has quit IRC		00:12
*** cuongnv has joined #openstack-dns		00:46
*** hoangcx has joined #openstack-dns		00:49
*** hoangcx_ has joined #openstack-dns		02:11
*** hoangcx has quit IRC		02:14
*** hoangcx has joined #openstack-dns		02:16
*** hoangcx_ has quit IRC		02:18
*** hoangcx_ has joined #openstack-dns		02:43
*** hoangcx has quit IRC		02:45
*** mikal has quit IRC		03:29
*** mikal has joined #openstack-dns		03:34
*** AlexeyAbashkin has joined #openstack-dns		06:06
*** cvstealth has quit IRC		06:17
*** cvstealth has joined #openstack-dns		06:18
*** AlexeyAbashkin has quit IRC		06:21
*** AlexeyAbashkin has joined #openstack-dns		07:45
openstackgerrit	Rui Chen proposed openstack/python-designateclient master: Set client module __version__ https://review.openstack.org/429545	07:48
*** pcaruana has joined #openstack-dns		07:55
*** pcaruana has quit IRC		08:07
*** pcaruana has joined #openstack-dns		08:07
*** databus23_ has joined #openstack-dns		08:39
*** ct_ has joined #openstack-dns		08:41
*** AlexeyAbashkin has quit IRC		09:57
*** cuongnv has quit IRC		10:11
*** slevchenko_ has quit IRC		10:20
*** hoangcx_ has quit IRC		10:30
*** ct_ has quit IRC		10:49
*** EricGonczer_ has joined #openstack-dns		12:20
Tahvok	Is there any mitaka specific guide for ubuntu I should follow? Or I should use the developer one? http://docs.openstack.org/developer/designate/	12:35
*** EricGonczer_ has quit IRC		12:46
*** leitan has joined #openstack-dns		13:00
*** catintheroof has joined #openstack-dns		13:03
*** EricGonczer_ has joined #openstack-dns		13:10
leitan	Hi mugsie , good morning, any news about this bug https://bugs.launchpad.net/ubuntu/+source/designate-dashboard/+bug/1659620 ?	13:12
openstack	Launchpad bug 1659620 in Designate Dashboard "Panels get broken with COMPRESS_OFFLINE = True" [Critical,Triaged]	13:12
mugsie	leitan: I think it is the ubuntu packaging of the horion dashboard	13:15
mugsie	I could not replicate it in devstack	13:16
leitan	mugsie: i see, so installing the dashboard from source should address this ?	13:17
mugsie	I think so	13:19
mugsie	(not the plugin, the actual horizon dashboard	13:19
leitan	yes, i mean the actual horizon	13:20
leitan	ill try this	13:21
*** EricGonczer_ has quit IRC		13:26
*** EricGonczer_ has joined #openstack-dns		13:37
*** EricGonczer_ has quit IRC		13:38
*** chlong has joined #openstack-dns		14:19
*** cleong has joined #openstack-dns		14:28
*** tdink has joined #openstack-dns		14:54
*** EricGonczer_ has joined #openstack-dns		14:58
*** mlavalle has joined #openstack-dns		15:09
ftpd	Hi again. I'm creating new zone via 'openstack zone create', after a bit of waiting got status 'ERROR'. Where to search logs describing the error?	15:17
*** tdink has quit IRC		15:17
mugsie	ftpd: pool manager is the best bet	15:26
mugsie	then minidns	15:26
ftpd	Found it already. Stderr: u'rndc: /etc/rndc.conf does not exist\n'.	15:28
ftpd	Don't know what to put into it.	15:28
ftpd	I have rndc.key on central service VM	15:28
mugsie	that needs to be on the vm where pool manager is	15:28
ftpd	Ok.	15:28
ftpd	Is there any example available?	15:29
mugsie	http://docs.openstack.org/developer/designate/backends/bind9.html	15:29
ftpd	I have it open, but no .conf example, just for .key.	15:30
mugsie	if the key is there, it shouldnt need it	15:31
mugsie	afaik	15:31
ftpd	On pool manager vm i have /etc/designate/rndc.key	15:31
ftpd	only	15:31
ftpd	should I copy it to /etc/rndc.conf?	15:31
mugsie	no, it is separate	15:32
timsim	rndc.conf is pretty simple, I think this will work https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Reference_Guide/s1-bind-rndc.html	15:32
*** akholkin_ has joined #openstack-dns		15:32
* mugsie is getting ready to give a talk, so will hand over to timsim		15:32
timsim	Tirefire it up!	15:32
mugsie	:)	15:33
mugsie	also got the burning container ship in there	15:33
ftpd	Ok, got it.	15:34
ftpd	So: I have to set /etc/rndc.conf with my key and options {} on pool-manager VM and _also_ on bind9 backend host, right?	15:34
ftpd	2017-02-06 16:34:50.994 10038 ERROR designate.pool_manager.service Stderr: u'rndc: connection to remote host closed\nThis may indicate that\n* the remote server is using an older version of the command protocol,\n* this host is not authorized to connect,\n* the clocks are not synchronized, or\n* the key is invalid.\n'	15:35
ftpd	2017-02-06 16:34:50.994 10038 ERROR designate.pool_manager.service	15:35
ftpd	Sorry for long paste.	15:35
timsim	http://tecadmin.net/configure-rndc-for-bind9/# This should help	15:36
timsim	Yeah you need to configure the remote bind instance to use the rndc key	15:36
timsim	the same key	15:36
timsim	Of if this is just dev, you can not use them at all	15:37
ftpd	http://pastebin.com/B65EGgEa	15:39
ftpd	here is my setup	15:40
ftpd	rndc status on bind9 host is ok	15:41
ftpd	network traffic to 10.2.22.220 953 is allowed (tcp and utp)	15:42
ftpd	s/utp/udp/	15:42
ftpd	http://pastebin.com/itsZxveH - and full error from pool-manager.log	15:43
*** tdink has joined #openstack-dns		15:44
ftpd	In bind9 logs: Feb 06 16:45:36 bstalewski-fakebind.novalocal named[10125]: invalid command from 10.2.22.135#59026: bad auth	15:45
ftpd	So it seems like key was invalid.	15:46
ftpd	rndc version is the same	15:47
timsim	it seems like your rndc key paths are mixed? /etc/rndc.key /etc/des/rndc.key	15:47
ftpd	Nope, my mistek when creating paste. Couldn't edit it after, sorry.	15:48
ftpd	I have /etc/rndc on all hosts	15:48
ftpd	I don't have any rndc.conf on bind host	15:49
ftpd	Created it there, nothing changed.	15:50
ftpd	Lol.	15:53
ftpd	The key was different. I don't know, how.	15:53
ftpd	Anyway, now I have the same key everywhere	15:53
ftpd	2017-02-06 16:54:05.756 10038 ERROR designate.pool_manager.service Stderr: u"rndc: 'addzone' failed: permission denied\n"	15:54
ftpd	;-)	15:54
ftpd	It's almost working.	15:54
timsim	You can check syslog for that, but it's usually apparmor	15:59
timsim	Sometimes you have to `touch /etc/apparmor.d/disable/usr.sbin.named && service apparmor reload`	16:00
ftpd	selinux, they are RHEL's	16:00
ftpd	And yes, it's enabled on bind host. Let me reboot it.	16:00
ftpd	http://pastebin.com/EjTXBjAv - now I'm really confused ;-)	16:06
ftpd	Got named working, rndc status is ok, everything is ok, selinux is disabled... still permission denied on addzone.	16:09
ftpd	but I have a clue	16:09
ftpd	"create_zone": "rule:admin_or_owner", in policy.json	16:09
ftpd	And I'm authorizing as 'member' in tenant.	16:09
timsim	Designate policy doesn't go that far.	16:13
timsim	You'd have an earlier failure if policy was tripping you up.	16:13
timsim	At the API	16:13
timsim	I think on ubuntu it's actually the "bind" user, not the "named" user. idk about RHEL	16:13
ftpd	it's 'named'.	16:13
ftpd	named 2120 0.0 0.6 160408 12828 ? Ssl 17:07 0:00 /usr/sbin/named -u named	16:15
ftpd	Btw. if I'll set up zone in my bind9 server, will designate see it?	16:15
ftpd	I mean creating it manually.	16:16
timsim	Nope	16:16
ftpd	Ok, so the zone has to be created from designate.	16:16
timsim	Correct	16:16
timsim	bind 22888 0.0 0.5 432164 22812 ? Ssl Jan25 0:01 /usr/sbin/named -f -u bind	16:16
timsim	weird	16:16
ftpd	You have ubuntu, I have rhel, it's not weird ;-)	16:16
timsim	Just make it slightly different, not confusing at all	16:17
ftpd	Got named -g running (I'm an idiot, should drink yesterday - when running manually I had to use -u also, sorry).	16:20
ftpd	But still permission denied on addzone.	16:20
ftpd	06-Feb-2017 17:20:51.508 received control channel command 'addzone examples.com { type slave; masters { 10.2.22.220 port 53;}; file "slave.examples.com.db4b645c-8e0d-48f2-ae0f-e26132810aa7"; };	16:20
ftpd	In bind's log.	16:21
ftpd	But nothing happens.	16:21
ftpd	I don't have to have named configured on pool manager VM, correct? Just need /sbin/rndc.	16:24
timsim	Correct	16:29
ftpd	Hmmm.	16:29
ftpd	http://eavesdrop.openstack.org/irclogs/%23openstack-dns/%23openstack-dns.2015-03-27.log	16:29
ftpd	2015-03-27T00:24:18 <kfox1111> heh. chmod 770 /var/named	16:29
ftpd	2015-03-27T00:24:20 <kfox1111> problem solved. :/	16:29
ftpd	Aaaaand....	16:30
ftpd	2017-02-06 17:29:20.473 10038 INFO designate.mdns.rpcapi [req-3c052ed8-0fab-4c76-8702-be49f220b0e9 - - - - -] notify_zone_changed: Calling mdns for zone 'examples.com.', serial '1486397563' to nameserver '127.0.0.1:53'	16:30
ftpd	2017-02-06 17:29:20.478 10038 INFO designate.mdns.rpcapi [req-3c052ed8-0fab-4c76-8702-be49f220b0e9 - - - - -] poll_for_serial_number: Calling mdns for zone 'examples.com.', serial '1486397563' on nameserver '10.2.22.220:53'	16:30
ftpd	;-)	16:30
ftpd	But who openstack zone list still shows the zone as 'error'?	16:30
timsim	Designate periodically tries to fix those error'd zones, it won't change to active until it tries to create it again, sees that worked, and does a successful DNS query for it.	16:31
timsim	You could try creating another zone, and that should resolve itself a bit quicker if all is well	16:31
ftpd	06-Feb-2017 17:29:21.506 zone examples.com/IN: refresh: unexpected rcode (SERVFAIL) from master 10.2.22.220#53 (source 0.0.0.0#0)	16:31
ftpd	Something on named host	16:32
timsim	Yeah in your rndc addzone "masters { 10.2.22.220 port 53;}" That needs to be port 5354 (the port mdns runs on)	16:33
ftpd	So I have mistake in my pools.yaml.	16:33
timsim	Yeah, probably.	16:34
timsim	"masters" i believe	16:34
ftpd	http://pastebin.com/W7qL8JkA - it's my pools.json (other guy wrote it, I've got this to get running after him).	16:37
ftpd	10.2.22.220 is my bind host, 172.16.2.40 is minidns instance (with pool manager on it).	16:37
ftpd	Bind doesn't listen on 5354.	16:38
*** pcaruana has quit IRC		16:38
ftpd	So which host should be in masters, and which one in options?	16:38
timsim	That looks right to me	16:39
timsim	Is that rndc command what designate ran? Or something you ran ad-hoc?	16:39
timsim	Try creating another zone, and see what happens	16:40
ftpd	2017-02-06 17:39:05.412 10038 INFO designate.backend.impl_bind9 [req-2d154e28-e3c1-4285-8263-f3eb66bce447 - - - - -] RNDC call failure: Unexpected error while running command.	16:40
ftpd	Command: sudo designate-rootwrap /etc/designate/rootwrap.conf rndc -s 10.2.22.220 -p 953 -c /etc/rndc.conf -k /etc/rndc.key addzone examples.com { type slave; masters { 10.2.22.220 port 53;}; file "slave.examples.com.db4b645c-8e0d-48f2-ae0f-e26132810aa7"; };	16:40
ftpd	Exit code: 1	16:40
timsim	Umm. Have you run `designate-manage pool update` recently? and bounced the pool manager?	16:42
ftpd	I've deleted zone (by openstack zone delete <id> from my api VM) and now have this in bind logs:	16:42
ftpd	06-Feb-2017 17:40:57.604 received control channel command 'delzone examples.com '	16:42
ftpd	06-Feb-2017 17:40:57.604 zone examples.com removed via delzone	16:43
ftpd	06-Feb-2017 17:41:02.625 client 10.2.27.198#47377 (examples.com): query (cache) 'examples.com/SOA/IN' denied	16:43
ftpd	Last line occurs every 15 seconds	16:43
ftpd	openstack zone list shows nothing	16:43
ftpd	Why is designate trying to delete it?	16:43
ftpd	Ok, it stopped. Maybe it was ok.	16:44
ftpd	Let's go with new one	16:45
ftpd	openstack zone create --email admin@example.com ewjrwer.net.	16:45
ftpd	http://pastebin.com/4z6CFkg3 - same error	16:46
timsim	Have you run `designate-manage pool update` recently? and bounced the pool manager?	16:46
ftpd	Not today.	16:47
ftpd	Let me do it	16:47
ftpd	Ok, did pool update (http://pastebin.com/eC1kvecg - my designate-manage pool show_config) and bounced designate-central and designate-pool-manager. Let's try to create new zone.	16:49
ftpd	Almost there: http://pastebin.com/p2si9Bx6	16:51
timsim	Progress	16:51
ftpd	Do I have allow notify...	16:51
timsim	Yeah it looks like it	16:51
ftpd	Still 'PENDING'. I'll do a quick smoke break and see.	16:52
*** cliles has quit IRC		16:55
*** ducttape_ has quit IRC		16:55
*** cliles has joined #openstack-dns		16:56
ftpd	Still error, but now (on bind):	16:57
ftpd	06-Feb-2017 17:56:14.901 zone ewjrwer.net/IN: notify from 10.2.27.198#54602: refresh in progress, refresh check queued	16:57
ftpd	06-Feb-2017 17:57:23.057 zone ewjrwer.net/IN: refresh: retry limit for master 172.16.2.40#5354 exceeded (source 0.0.0.0#0)	16:57
timsim	Try doing (from the bind box) a `dig @mdnsip -p 5354 zonename -t AXFR`	16:58
ftpd	I don't think I have traffic allowed to @mdnsip.	17:01
*** nkinder has joined #openstack-dns		17:01
ftpd	I have, but from floating network, and I suppose it queries from local address.	17:02
timsim	Well you'll need it, BIND has to do zone transfers from it's master	17:02
ftpd	Is there any way to force bind to do this transfer from specific IP?	17:03
ftpd	Nope, VM isn't concious it's floating IP :/	17:03
ftpd	Ok, it's the problem to solve for tomorrow.	17:05
timsim	I think you can set a "transfer-source" ip. But sounds like that won't work for you	17:05
ftpd	But:	17:06
ftpd	06-Feb-2017 18:05:45.380 zone ewjrwer.net/IN: notify from 10.2.27.198#41643: refresh in progress, refresh check queued	17:06
ftpd	10.2.27.198 is floting ip of minidns instance	17:06
ftpd	And later:	17:06
ftpd	06-Feb-2017 18:05:57.703 zone ewjrwer.net/IN: refresh: failure trying master 172.16.2.40#5354 (source 0.0.0.0#0): operation canceled	17:06
ftpd	172.16.2.40 is local IP.	17:06
ftpd	Hmm, maybe I should change it to floating in pools.yaml?	17:07
ftpd	06-Feb-2017 18:09:36.021 client 10.2.27.198#56671: received notify for zone 'examplne.net'	17:11
ftpd	Here we go.	17:11
ftpd	Almost:	17:12
ftpd	06-Feb-2017 18:11:38.356 transfer of 'examplne.net/IN' from 10.2.27.198#5354: failed to connect: timed out	17:12
ftpd	06-Feb-2017 18:11:38.356 transfer of 'examplne.net/IN' from 10.2.27.198#5354: Transfer completed: 0 messages, 0 records, 0 bytes, 127.321 secs (0 bytes/sec)	17:12
ftpd	06-Feb-2017 18:11:38.875 zone examplne.net/IN: refresh: skipping zone transfer as master 10.2.27.198#5354 (source 0.0.0.0#0) is unreachable (cached)	17:12
ftpd	So...	17:12
ftpd	It's clearly network's fault.	17:13
ftpd	Ok, but I know where to look at.	17:16
ftpd	Thanks timsim, I hope tomorrow it will work	17:16
ftpd	Enough for today, I'm an hour longer at the office ;-)	17:16
timsim	No	17:16
ftpd	?	17:16
timsim	*np	17:17
timsim	Lol	17:17
ftpd	;-)	17:17
timsim	YOU WILL STAY UNTIL IT WORKS	17:17
ftpd	Haha. Lol, nope ;-)	17:17
ftpd	Not today.	17:18
ftpd	It's weird, I have security group and firewall rule which allows traffic to 5354	17:19
ftpd	It's TCP, right?	17:20
ftpd	afair DNS uses udp for queries and tcp for transfers	17:20
*** ducttape_ has joined #openstack-dns		17:20
ftpd	Hmm. But on my poll manager instance I don't have 5354 open.	17:22
ftpd	Anyway, I have to go. Thanks again and see you tomorrow :P	17:26
*** akholkin_ has quit IRC		17:31
*** pcaruana has joined #openstack-dns		18:36
*** chlong has quit IRC		18:52
*** haplo37 has quit IRC		19:08
*** chlong has joined #openstack-dns		19:09
*** pcaruana has quit IRC		19:11
*** haplo37 has joined #openstack-dns		19:18
*** ducttape_ has quit IRC		19:25
*** ducttape_ has joined #openstack-dns		19:27
*** ducttape_ has quit IRC		19:36
*** ducttape_ has joined #openstack-dns		19:37
*** kberger has joined #openstack-dns		19:37
*** kberger has quit IRC		19:37
*** kberger has joined #openstack-dns		19:38
*** ducttape_ has quit IRC		20:05
*** chlong has quit IRC		20:49
*** ducttape_ has joined #openstack-dns		21:00
*** ducttape_ has quit IRC		21:15
*** cleong has quit IRC		21:21
*** ducttape_ has joined #openstack-dns		22:00
*** haplo37 has quit IRC		22:01
*** haplo37_ has quit IRC		22:01
*** haplo37 has joined #openstack-dns		22:09
*** ducttape_ has quit IRC		22:11
*** haplo37_ has joined #openstack-dns		22:12
*** ducttape_ has joined #openstack-dns		22:13
*** ducttape_ has quit IRC		22:25
*** tdink has quit IRC		22:42
*** EricGonczer_ has quit IRC		22:45
*** ducttape_ has joined #openstack-dns		22:53
*** leitan has quit IRC		23:01
*** tdink has joined #openstack-dns		23:05
*** fyxim_ has joined #openstack-dns		23:27
*** boris-42_ has joined #openstack-dns		23:27
*** ratoder2 has joined #openstack-dns		23:29
*** iggy_ has joined #openstack-dns		23:29
*** ratoder2 is now known as ratoder3		23:29
*** harmw_ has joined #openstack-dns		23:29
*** ratoder3 is now known as ratoder2		23:31
*** simonmcc_ has joined #openstack-dns		23:32
*** v12aml_ has joined #openstack-dns		23:32
*** simonmcc has quit IRC		23:34
*** iggy has quit IRC		23:34
*** ratoder has quit IRC		23:34
*** v12aml has quit IRC		23:34
*** harmw has quit IRC		23:34
*** fyxim has quit IRC		23:34
*** tg90nor has quit IRC		23:34
*** boris-42 has quit IRC		23:34
*** v12aml_ is now known as v12aml		23:34
*** simonmcc_ is now known as simonmcc		23:35
*** fyxim_ is now known as fyxim		23:36
*** boris-42_ is now known as boris-42		23:37
*** ducttape_ has quit IRC		23:41
*** haplo37_ has quit IRC		23:45
*** ratoder2 is now known as ratoder		23:51
*** haplo37_ has joined #openstack-dns		23:54
*** catintheroof has quit IRC		23:54
*** EricGonczer_ has joined #openstack-dns		23:59

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!