Tuesday, 2017-03-14

« Monday, 2017-03-13 Index Wednesday, 2017-03-15 »
*** hoangcx has joined #openstack-dns00:43
*** cuongnv has joined #openstack-dns01:07
*** trugnvfet has joined #openstack-dns01:19
*** zhurong has joined #openstack-dns01:30
*** khushbu has joined #openstack-dns02:20
*** trugnvfet has quit IRC02:49
*** khushbu has quit IRC02:58
*** khushbu has joined #openstack-dns03:08
*** khushbu has quit IRC03:13
*** sonuk has joined #openstack-dns03:21
*** tdink has quit IRC03:46
*** tdink has joined #openstack-dns04:04
*** khushbu has joined #openstack-dns04:36
*** tdink has quit IRC04:44
sonuktimsim mugsie : Hi. does designate contain OCF resource agent for HA deployment?05:05
*** cuongnv has quit IRC05:27
*** cuongnv has joined #openstack-dns05:28
*** richm has quit IRC05:43
*** castlemilk has quit IRC05:57
*** faizy has joined #openstack-dns06:35
*** pcaruana has joined #openstack-dns07:50
*** castlemilk has joined #openstack-dns08:35
ftpdHi all. I'm trying to use infoblox backend and changed listen= for my mdns service from 5354 to 53.09:12
ftpdAnd the service can't go up, because 'permission denied'. Why, as it's run by root?09:13
*** yee379 has quit IRC09:20
*** yee379 has joined #openstack-dns09:20
*** haplo37 has quit IRC09:21
*** haplo37 has joined #openstack-dns09:30
*** abalutoiu_ has quit IRC09:34
*** kiall has quit IRC09:53
*** zhurong has quit IRC09:54
*** kiall has joined #openstack-dns09:56
*** kiall has quit IRC09:56
*** kiall has joined #openstack-dns09:56
*** cuongnv has quit IRC10:07
*** richm has joined #openstack-dns10:13
*** hoangcx has quit IRC10:24
*** kiall has quit IRC10:26
*** kiall has joined #openstack-dns10:35
*** abalutoiu has joined #openstack-dns10:44
mugsieftpd: it sounds like something is blocking it - apparmour or selinux maybe?10:51
mugsiesonuk: no, we are active / active HA, so we don't need pacemaker / corosync10:51
sonukmugsie: can we start all the services of designate (api, mdns, central etc) in active/ active HA ?11:00
mugsieyeap11:00
mugsiepool-mamager needs zookeeper to do it properly11:00
sonukmugsie: how can i test it ?11:00
mugsiebut the new worker / producer is fully active active HA11:00
mugsietest the HA ness?11:01
sonukyes11:01
mugsieboot 2 or 3 VMs, run the serviuces on them, and then power off a VM ?11:01
sonukmugsie: ok, ill try that, but no special configuration is needed for active/active HA right?11:04
mugsienope11:06
sonukmugsie:ok thanks. let me try that.11:08
*** abalutoiu has quit IRC11:15
ftpdmugsie: selinux is disabled. As I've checked, mdns service runs from user designate, which is not allowed to bind ports < 1024.11:31
ftpdTBH I would like to learn more about infoblox backend, as documentation (https://docs.openstack.org/developer/designate/backends/infoblox.html) is kinda poor. If someone of you guys would spare some time to discuss my setup, it would be great. No rush, the next time window when I can test it is 48h ahead ;-)11:36
ftpdBut I assume I will have many stupid and obvious questions :/11:36
mugsieftpd: I do not know a huge amount about it - we never had access to an Infoblox server to test it11:36
mugsieit was written by infoblox11:36
mugsiebut, ask away - if I dont know I can find out11:37
ftpdThe basic question si: how the workflow is done. For bind, as I've learned, it is something like: <user> -> <api instance> -> <central instance> -> (rndc, tcp 953) -> <backend bind9 servers> -> (zone transfer, tcp 53) -> <mdns instance>.11:38
ftpdAnd what with infoblox?11:38
ftpdAdmins of my backed doesn't allow any rndc control commands. Any control commands at all. They want just simple zone transfer.11:39
ftpdIs it even possible? They servers would be main esolvers for user later.11:39
mugsieinfoblox calls the API11:39
mugsieit is possible, but designate needs to create the zone some how11:40
ftpdSo users need to create record(s) in designate and have it somehow pushed to inflobox servers.11:40
mugsieyeah, so infoblox does zone transfer from us11:40
*** faizy has quit IRC11:40
mugsieso, flow is designate -> infoblox api -> zone transfer -> minidns11:40
mugsiewe just call the zone create and delete APIs on the infoblox server11:41
mugsie(we do not use the rndc interface)11:41
ftpdIs there any example of working pools.yaml? I don't have any idea what to put there as masters and nameservers.11:41
ftpdI belive the 3 infobloxes would be ns_servers.11:41
mugsiemasters == miniDNS (but it has to be port 53 AFAIK)11:42
ftpdOk.11:42
ftpdSo all 'options:' section with rndc is not needed?11:42
mugsieno, in the option we need the following11:43
mugsiewapi_url11:43
mugsieusername11:43
mugsiepassword11:43
mugsiehttps://github.com/openstack/designate/blob/master/designate/backend/impl_infoblox/config.py11:44
mugsieis the list11:44
mugsiebut they should be in the options block of the pools.yaml11:44
ftpdAnd can I talk to more than one wapi_url?11:45
mugsieI dont think so11:47
ftpdSo somethink like it: http://pastebin.com/j49HEYkH11:47
ftpdBut what with 'nameservers' section?11:47
mugsieit should be the IP addresses of the 3 servers11:47
mugsiewe use that to check if the zone or records have been published11:48
ftpdOk.11:48
ftpdBy simple dns query?11:48
mugsieyeah11:49
mugsieit just does a check on the serial number11:49
ftpdOk.11:50
ftpdSo now I need to have wapi_url, username and password from infoblox admins11:50
ftpdAnd here: https://pypi.python.org/pypi/designate-infoblox/0.0.1.dev13 there is some example configuration from designate.conf, but nameservers are by uids. it's in the case nameservers are also in openstack and there are uids of instances?11:52
ftpdOh, no. It's just some generated string.11:52
mugsieyeah, that is the old config11:53
mugsieit was terrible11:53
ftpd;-)11:53
ftpdSo the best option is to use pools.yaml and designate-manage pool update?11:53
mugsieyes11:53
ftpdOk, will do.11:53
ftpdAnd still, the zone have to be created on designate and later transfered (via api) to infoblox?11:55
ftpdLike in bind9, but api instead of rndc.11:55
mugsieyeah11:56
ftpdIt might be a problem, inflobox admins won't agree to any controlling commands via any method from anywhere.11:56
ftpdBut it's my internal problem and my internal little battle ;-)11:56
* mugsie is running to grab some equipement - will be back in a few11:56
ftpdThanks again (I can't count, how many times now) for your support. I wish every opensource project have so helpfull maintainers.11:56
ftpdAlso, Im thinking about that: https://docs.openstack.org/developer/designate/howtos/secondary-zones.html11:59
ftpdBut no, it won't solve my problem, as the idea is to manage records by users on designate, not external dns (infoblox).12:00
ftpdOne more thing: what is 'also_notifies' used for?12:15
ftpdI'm still thinking how to deal with multiple infobloxes and just one wapi_url.12:16
*** faizy has joined #openstack-dns12:25
*** abalutoiu has joined #openstack-dns12:26
openstackgerritzhongshengping proposed openstack/designate master: Add bindep support  https://review.openstack.org/44546912:32
*** faizy has quit IRC12:34
openstackgerritzhongshengping proposed openstack/designate master: Add bindep support  https://review.openstack.org/44546912:40
*** khushbu has quit IRC12:41
*** khushbu has joined #openstack-dns12:44
mugsieftpd: sorry, got distracted12:53
* mugsie is moving company so setting up new workstations etc12:53
mugsiealso notifies is for a small sub set of backends, not releated to infoblox unfortunately12:53
mugsiewhat you could do for multiple urls, is have multiple targets in the pool12:54
*** abalutoiu has quit IRC12:57
*** catintheroof has joined #openstack-dns12:58
*** catintheroof has quit IRC12:59
*** catintheroof has joined #openstack-dns12:59
*** chlong has joined #openstack-dns13:05
ftpdmugsie: Great, will check it on Thursday (during my next meeting with infoblox team).13:09
*** abalutoiu has joined #openstack-dns13:21
*** khushbu has quit IRC13:21
*** faizy has joined #openstack-dns13:21
*** vcn has joined #openstack-dns13:27
*** vcn is now known as cuongnv13:28
-openstackstatus- NOTICE: Gerrit is going to be restarted due to performance problems13:38
*** ChanServ changes topic to "Gerrit is going to be restarted due to performance problems"13:38
*** catinthe_ has joined #openstack-dns13:41
*** khushbu has joined #openstack-dns13:41
*** catintheroof has quit IRC13:41
-openstackstatus- NOTICE: Gerrit has been successfully restarted13:44
*** ChanServ changes topic to "Gerrit has been successfully restarted"13:44
*** catintheroof has joined #openstack-dns13:45
*** catinthe_ has quit IRC13:45
*** khushbu has quit IRC13:46
*** ChanServ changes topic to "OpenStack Designate - Logged @ http://eavesdrop.openstack.org/irclogs/%23openstack-dns | Review Dashboard @ http://graham.hayes.ie/designate/dashboard | Bugs Dashboard @ http://ham.ie/designate-bugs"13:50
-openstackstatus- NOTICE: Gerrit has been successfully restarted13:50
*** tdink has joined #openstack-dns13:57
*** mlavalle has joined #openstack-dns13:57
ftpdmugsie: I've just learned, that 'backend' is needed _only_ for creating/deleting zones. Am I right? If so, could I just create zone (manually) on infoblox (with minidns as hidden master) and create it in designate and later just work with the records, which should be exchanged by simple notify mechanism, which is simple dns fuctionality, backend-unaware?14:22
ftpd(I don't need to create/delete/change zones in the future, the full idea of my solution is to delegate one zone on existing dns infrastructure to be managed by cloud users.)14:27
*** tdink has quit IRC14:35
*** sonuk has quit IRC14:37
*** faizy_ has joined #openstack-dns14:58
*** faizy has quit IRC15:00
mugsieftpd: designate will get a bit wierd about it15:00
mugsieyou may have to update the DB mamually15:00
*** tdink has joined #openstack-dns15:02
ftpdI'm trying to test it currently.15:04
*** brad[] has quit IRC15:07
*** brad[] has joined #openstack-dns15:19
*** cuongnv has quit IRC15:19
*** tdink has quit IRC15:27
ftpdThe zone is still in 'pending' state.15:29
timsimCheck the poolmgr/worker logs15:32
timsimmdns too. To see what's happening.15:32
*** khushbu has joined #openstack-dns15:34
*** khushbu has quit IRC15:34
*** khushbu has joined #openstack-dns15:35
*** khushbu has quit IRC15:48
*** tdink has joined #openstack-dns15:48
*** khushbu has joined #openstack-dns16:39
*** khushbu has quit IRC16:51
*** kiall has quit IRC17:29
*** kiall has joined #openstack-dns17:29
*** kiall has quit IRC17:29
*** kiall has joined #openstack-dns17:29
*** kiall has quit IRC17:40
*** kiall has joined #openstack-dns17:43
*** kiall has joined #openstack-dns17:43
*** faizy_ has quit IRC18:00
*** kiall has quit IRC18:02
*** pcaruana has quit IRC18:03
*** kiall has joined #openstack-dns18:06
*** kiall has quit IRC18:06
*** kiall has joined #openstack-dns18:06
*** abalutoiu has quit IRC18:19
*** kiall has quit IRC19:33
*** kiall has joined #openstack-dns19:33
*** kiall has quit IRC19:33
*** kiall has joined #openstack-dns19:33
eanderssonmugsie, ftpd pretty sure that is a pretty common scenario for enterpise20:31
eanderssonWe have always used the fake backend.20:31
eanderssonWorked without an issue for us for years20:32
mugsiehummm... fake could work20:32
mugsiegood idea eandersson20:32
*** EricGonczer_ has joined #openstack-dns20:33
eanderssonWe have one master domain that is used by the sink.20:33
ftpdeandersson: Do you have any pools.yaml example to share? I have some problems with my testing env.20:33
eanderssonNever tried Infoblox unfortunately20:34
ftpdI mean fake backend.20:35
ftpdWith fake backend openstack zone create should just work.20:35
ftpdFor me it doesn't.20:35
mugsieoh?20:36
eanderssonSure20:36
ftpdDon't have vpn connection now, can't check/show logs.20:36
eanderssonhttp://paste.openstack.org/show/cXqlM8yhnN8WreCOBxSi/20:37
ftpdOk, and how do you tell mdns what is a slave for a zone to initiate transfer?20:38
timsimftpd: Those are the targets.20:38
eanderssonWe just set up the slave dns server to point at designate20:38
eanderssone.g. for powerdns we add the designate dns servers as the target20:39
eanderssonmanually add the SOA record20:39
ftpdWhen creating zone on powerdns side?20:39
eanderssonYea20:39
ftpdOk.20:39
ftpdSo in my case I want my infoblox as ns_server on designate's side and just proper slave in it.20:41
ftpdI'll try that tomorrow morning, will share my results.20:41
openstackgerritTim Simmons proposed openstack/designate master: Make Pools documentation better  https://review.openstack.org/44565120:51
*** abalutoiu has joined #openstack-dns21:20
*** catintheroof has quit IRC21:46
*** tdink has quit IRC22:07
*** EricGonczer_ has quit IRC22:33
*** EricGonczer_ has joined #openstack-dns22:33
*** EricGonczer_ has quit IRC22:38
*** a7ndrew has quit IRC22:52
*** EricGonczer_ has joined #openstack-dns23:42
*** mlavalle has quit IRC23:43
« Monday, 2017-03-13 Index Wednesday, 2017-03-15 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!