Thursday, 2018-04-26

« Wednesday, 2018-04-25 Index Friday, 2018-04-27 »
*** caowei has joined #openstack-dns00:37
*** kbyrne has quit IRC01:27
*** kbyrne has joined #openstack-dns01:32
*** wlmbasson_ has joined #openstack-dns02:08
*** beekneemech has joined #openstack-dns02:10
*** keithmnemonic[m] has quit IRC02:12
*** wlmbasson has quit IRC02:12
*** mordred has quit IRC02:12
*** bnemec has quit IRC02:12
*** wlmbasson_ is now known as wlmbasson02:12
*** mordred has joined #openstack-dns02:13
*** daidv has joined #openstack-dns02:46
*** daidv has quit IRC02:49
*** trungnv has joined #openstack-dns03:00
*** trungnv_ has joined #openstack-dns03:01
*** trungnv_ has quit IRC03:05
*** caowei has quit IRC03:59
*** diman_ has joined #openstack-dns04:08
*** diman_ has quit IRC04:13
*** caowei has joined #openstack-dns04:42
*** trungnv has quit IRC06:43
*** trungnv has joined #openstack-dns06:44
*** openstackgerrit has joined #openstack-dns07:28
*** ChanServ sets mode: +v openstackgerrit07:28
openstackgerritOpenStack Proposal Bot proposed openstack/designate-dashboard stable/pike: Imported Translations from Zanata  https://review.openstack.org/56440907:28
*** pcaruana has joined #openstack-dns07:31
*** AlexeyAbashkin has joined #openstack-dns07:45
*** diman_ has joined #openstack-dns08:03
*** keithmnemonic[m] has joined #openstack-dns08:46
*** Alexey_Abashkin has joined #openstack-dns08:57
*** AlexeyAbashkin has quit IRC09:01
*** Alexey_Abashkin is now known as AlexeyAbashkin09:01
*** trungnv has quit IRC09:27
*** trungnv has joined #openstack-dns09:28
*** trungnv_ has joined #openstack-dns09:34
*** trungnv has quit IRC09:39
*** keithmnemonic[m] has quit IRC09:39
*** trungnv_ has quit IRC10:00
*** keithmnemonic[m] has joined #openstack-dns10:17
*** diman_ has quit IRC10:29
*** rfreire has joined #openstack-dns10:40
*** caowei has quit IRC10:52
rfreiremugsie, hullo there Graham! o/11:34
rfreiremugsie, I have reviewed my setup procedures and I think this is a more refined step-by-step Designate install for CentOS/RHEL/RDO/etc11:34
rfreirewondering if would you be interested in taking a look11:34
rfreireURL: https://pastebin.com/yKUVtz1G11:42
rfreireeandersson, ^^11:42
*** tacco has joined #openstack-dns11:49
taccoHi there. Anyone knows how to configure multiple bind server to send axfr to via rndc by designate?11:50
rfreiretacco, hi, I think I know this11:53
rfreiretacco, https://pastebin.com/cXr4n5zE11:55
rfreiretacco, relevant lines: 10-1511:55
rfreireif I understood correctly your question ¯\_(ツ)_/¯11:56
taccomaybe. :)11:57
taccobut from my point if view nameservers w il only be used to check if the record is active11:57
taccomore importang maybe are the masters and options11:57
rfreireAh11:58
taccowhat is behind? $EXTERNAL_DNS_SERVER_IP some of the $EXTERNAL_DNS_SERVER_IP_1-3?11:58
rfreiremasters: those are the designate servers, which runs the mdns service (port 5453)11:58
taccoif i see this correctly in this setup the records get distributed by bind itself11:58
rfreireI think that yes, you are right, the designate then sends a NOTIFY message to the server listed in port 2811:59
rfreireops11:59
rfreirelisted in line 2811:59
taccoor by designate and behind every designate should be one of the external_DNS_Server 1-311:59
rfreirethe external dns -> systems running ISC bind12:00
rfreirethe designate_sever -> systems running Designate/mdns12:00
rfreireI have multiple designate services because we built a HA system12:00
rfreirewith three Designate nodes.12:00
taccoyes. i understand that12:00
rfreireI crafted quickly this yml file for you with lines 12-1512:01
rfreireBut I think that you are right12:01
rfreirethat will not be of help12:01
rfreireWhen theres a zone update12:01
rfreirethe notify is sent to specified in line 28, which is the bind server12:01
rfreireand there's no provision for multiple servers as far as i know12:01
rfreireI know about that because I misconfigured it12:01
taccoyes i'm looking for the case if i have 3 bind servers and want to notify them12:01
rfreireand it was trying to send notifies to 127.0.0.112:02
taccothere is a also-notify for designate12:02
taccobut12:02
taccothere i can only specify a host and port12:02
taccono rndc keys etc12:02
rfreireAnd tnhen eandersson pointed that I forgot to declare lines 28-29. By then, it started sending notifies to my external dns server.12:02
taccook maybe i just try to use multiple notify-to parts.. don't know if this is possible12:03
rfreireI don't know man, sorry ;-/12:03
taccono worrys thanks for your help anyway12:03
rfreiretacco, re-thinking;12:04
rfreiretacco, I _think_ that, upon the notify from the master by rndc/mdns;12:05
rfreirethe receiving BIND server would send notifies to other BIND servers12:05
rfreireI _think_12:05
taccofrom https://docs.openstack.org/designate/pike/admin/pools.html#managing-pools i think it should be done by also_notifies option on the bottom of the config12:06
* rfreire mira12:06
taccorfreire: yes this is also a option what i was thinking about12:06
taccobecause bind can notify slaves by themself12:06
rfreiretacco, and by that, it would need the multiple nameservers12:07
rfreireso the bind servers would know who are all the members for that zone and send the notifies12:07
rfreirejust speculating12:07
taccoyes should but i'm in a environment that is not perfect. already build up and running but with some issues.12:08
tacco;)12:08
taccobut my first tought was that bind should handle this by themself12:08
rfreirelife's hard, right?12:10
taccoyes but there will be a solution. i just want to figure out if this is a easy way just to use designate for notify or bind12:11
*** diman has joined #openstack-dns12:11
rfreiretacco, I just saw the document12:11
rfreireand yes12:11
rfreirethe also_notifies looks pretty much what you need!12:11
taccook so i will try this with multiple hosts because we have 3 :)12:12
rfreireso thats going to be12:12
rfreire- host:12:12
rfreire  port:12:12
rfreire- host:12:12
rfreire  port:12:12
rfreire- host:12:12
rfreire  port:12:12
rfreire--12:12
taccook12:12
taccothanks a lot man12:12
rfreireI did nothing! :-)12:12
rfreireGood luck!! And let us know12:12
taccosure12:12
taccocan't do this change right now but will see when we can do the change and let you know what happend.12:13
rfreirealrighto!12:13
*** diman has quit IRC12:16
openstackgerritMerged openstack/designate-dashboard stable/pike: Imported Translations from Zanata  https://review.openstack.org/56440912:41
*** diman has joined #openstack-dns12:41
*** diman has quit IRC12:46
*** diman has joined #openstack-dns12:48
*** diman has quit IRC12:53
openstackgerritMerged openstack/designate-dashboard master: Fix horizon install for tox  https://review.openstack.org/55957813:26
*** diman has joined #openstack-dns13:45
*** diman has quit IRC13:56
rfreiretacco, hi14:19
rfreiretacco, I got curious on what you have mentioned and I'm doing some tests here14:19
rfreiretacco, this is what I have right now: https://pastebin.com/W2Yf47s414:20
rfreiretacco, I have created a zone, and it indeed list the records correctly in the zone:14:21
rfreire--14:21
rfreire[root@aa10-cont1 designate(keystone_admin)]# openstack recordset list 82c357d2-66b2-4a28-93a5-8d2d76b17bd014:21
rfreire+-----------------------+-----------------------+------+------------------------+--------+--------+14:21
rfreire| id                    | name                  | type | records                | status | action |14:21
rfreire+-----------------------+-----------------------+------+------------------------+--------+--------+14:21
rfreire| 9211f7fb-f1e7-49ad-   | openstack.rf01.co.    | SOA  | ll-                    | ACTIVE | NONE   |14:21
rfreire| a6aa-8c6e35c8e6d8     |                       |      | rhel7.interna.rf01.co. |        |        |14:21
rfreire|                       |                       |      | admin.openstack.rf01.c |        |        |14:21
rfreire|                       |                       |      | o. 1524751326 3569 600 |        |        |14:21
rfreire|                       |                       |      | 86400 3600             |        |        |14:21
rfreire| 989c709a-3235-470d-   | openstack.rf01.co.    | NS   | aa10-dns1.interna.rf01 | ACTIVE | NONE   |14:21
rfreire| ac88-c4e3bf6303e2     |                       |      | .co.                   |        |        |14:21
rfreire|                       |                       |      | ll-                    |        |        |14:21
rfreire|                       |                       |      | rhel7.interna.rf01.co. |        |        |14:21
rfreire| ebfbcb2b-96c3-4f5d-   | fafa.openstack.rf01.c | A    | 127.0.0.1              | ACTIVE | NONE   |14:21
rfreire| 81c3-c6119db3ed37     | o.                    |      |                        |        |        |14:21
rfreire+-----------------------+-----------------------+------+------------------------+--------+--------+14:21
rfreire--14:21
rfreireNotice that there are TWO NS servers, as per the file.14:21
rfreireHowever, the zone is only created at the server that is specified in targets: options: config in pool file14:22
rfreireAs we were discussing earlier, I _expected_ that the primary BIND server would replicate to the other14:22
rfreireBut that did not happen.14:22
rfreire--14:23
rfreireSo, it seems the missing link here is a BIND configuration to replicate zones created automatically in one node to other14:23
rfreiremugsie surely knows the black magic, but is not readily available today.14:23
rfreireeandersson, ^  maybe?14:23
mugsierfreire: you need a second target14:27
rfreiremugsie, tellmemoar14:27
rfreireah14:27
rfreireline 18; replicate14:27
rfreirerinse; repeat?14:27
mugsiehttps://pastebin.com/Xn1Pa08e14:27
mugsieyeah14:28
rfreireDammit <314:28
mugsie:)14:28
rfreireisn't this Designate Thing... LOVELY?14:29
rfreiretacco, ^ here it is. The answer to your question :-)14:29
*** beekneemech is now known as bnemec14:37
*** pcaruana has quit IRC14:42
*** Leo_m has joined #openstack-dns14:43
rfreiretacco, small word of advice. After changing the pool config and loading it with designate-manage pool update, at least in my OSP version, it will NOT start working immediately notifying the new servers of the new zones. You will need to restart the designate service.14:52
rfreireThen, it will make some checks (10 checks) for zone in the new dns servers, and after then, will populate the DNS server with the existing configuration.14:52
rfreirejust.works++ (TM)14:52
rfreirebut takes a while. be patient.14:58
*** diman has joined #openstack-dns15:05
-openstackstatus- NOTICE: We've successfully troubleshooted the issue that prevented paste.openstack.org from loading and it's now back online, thank you for your patience.15:05
*** diman has quit IRC15:07
*** diman has joined #openstack-dns15:07
*** diman has quit IRC15:12
*** AlexeyAbashkin has quit IRC15:56
*** diman has joined #openstack-dns16:37
*** diman has quit IRC16:43
eanderssonah man mugsie beat me to it :D17:14
rfreireeandersson, ;-D17:49
*** diman has joined #openstack-dns19:56
*** diman has quit IRC19:56
rfreireping tacco hey20:31
*** sapcc-bot has quit IRC21:00
*** sapcc-bot1 has quit IRC21:00
*** sapcc-bot2 has joined #openstack-dns21:00
*** sapcc-bot has joined #openstack-dns21:00
*** livelace-link has joined #openstack-dns21:03
mugsieOh, people may be interested in https://pypi.org/project/certbot-dns-openstack/21:37
mugsieIt is *very* new but does just about work21:37
mugsieNo docs or tests or anything really yet21:38
eanderssonfancy :D22:01
*** Leo_m has quit IRC22:22
rfreirebnemec, thanks for your update in SELinux AVC bug22:55
*** jmccrory has quit IRC23:17
*** jmccrory has joined #openstack-dns23:18
« Wednesday, 2018-04-25 Index Friday, 2018-04-27 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!