Friday, 2020-05-29

« Thursday, 2020-05-28 Index Saturday, 2020-05-30 »
*** hamalq has joined #openstack-dns00:14
*** hamalq has quit IRC00:54
*** hamalq has joined #openstack-dns04:54
hamalqmgagne: jens: hi how are u, if u have time lets discuss the bug https://bugs.launchpad.net/designate/+bug/1875939 i think it will be great a feature to add and the use can always have an option to disable through config (we can add an option for that)04:57
openstackLaunchpad bug 1875939 in Designate "DNS notification based on TSIG is not supported" [Wishlist,Triaged]04:57
hamalqmugsie_:  sorry wrong mention ^^04:59
hamalqfrickler: ^^05:01
*** hamalq has quit IRC05:04
*** hamalq has joined #openstack-dns05:06
*** hamalq has quit IRC05:38
*** hamalq has joined #openstack-dns05:59
*** hamalq has quit IRC06:04
openstackgerritOpenStack Proposal Bot proposed openstack/designate master: Imported Translations from Zanata  https://review.opendev.org/73165506:05
openstackgerritOpenStack Proposal Bot proposed openstack/designate-dashboard master: Imported Translations from Zanata  https://review.opendev.org/73166006:26
*** hamalq has joined #openstack-dns06:35
*** hamalq has quit IRC06:40
fricklerhamalq: sorry, I wanted to answer earlier, but you were offline. for your neutron bug let's move to #openstack-neutron, as neutron cores will eventually have to decide on that patch06:40
fricklerthere isn't a regular IRC meeting anymore, due to lack of interest06:41
fricklerregarding the TSIG feature I personally have not interest in that, maybe you can try to convince eandersson, nicolasbock or mugsie of it06:42
*** njohnston has quit IRC07:47
*** salmankhan has joined #openstack-dns08:32
*** salmankhan has quit IRC08:40
*** salmankhan has joined #openstack-dns08:41
*** hamalq has joined #openstack-dns09:33
*** hamalq has quit IRC09:37
*** sorin-mihai has joined #openstack-dns10:02
*** sorin-mihai_ has quit IRC10:04
*** sorin-mihai_ has joined #openstack-dns10:21
*** sorin-mihai has quit IRC10:22
*** sorin-mihai has joined #openstack-dns10:26
*** sorin-mihai_ has quit IRC10:28
*** njohnston has joined #openstack-dns11:02
openstackgerritMerged openstack/designate master: Imported Translations from Zanata  https://review.opendev.org/73165511:31
*** sorin-mihai has quit IRC12:16
*** sorin-mihai has joined #openstack-dns12:16
openstackgerritMerged openstack/designate master: Cap jsonschema 3.2.0 as the minimal version  https://review.opendev.org/73094412:30
openstackgerritMerged openstack/designate-dashboard master: Imported Translations from Zanata  https://review.opendev.org/73166012:30
*** bnemec is now known as beekneemech15:25
*** sorin-mihai has quit IRC15:28
*** sorin-mihai_ has joined #openstack-dns15:28
*** also_stingrayza has joined #openstack-dns15:50
*** stingrayza has quit IRC15:53
*** hamalq has joined #openstack-dns16:20
*** hamalq has quit IRC16:25
*** hamalq has joined #openstack-dns16:30
openstackgerritSean McGinnis proposed openstack/designate master: Use unittest.mock instead of third party mock  https://review.opendev.org/72103616:35
*** sorin-mihai_ has quit IRC17:02
*** sorin-mihai has joined #openstack-dns17:02
*** sorin-mihai has quit IRC17:11
*** sorin-mihai has joined #openstack-dns17:12
*** hamalq has quit IRC17:19
*** hamalq has joined #openstack-dns17:19
*** hamalq has quit IRC17:22
*** hamalq has joined #openstack-dns17:22
*** sorin-mihai_ has joined #openstack-dns17:33
*** sorin-mihai has quit IRC17:34
*** salmankhan1 has joined #openstack-dns17:53
*** salmankhan has quit IRC17:57
*** salmankhan1 has quit IRC17:57
hamalqeandersson: nicolasbock: mugsie: hi how are u, if u have time i would like to discuss https://bugs.launchpad.net/designate/+bug/187593918:05
openstackLaunchpad bug 1875939 in Designate "DNS notification based on TSIG is not supported" [Wishlist,Triaged]18:05
hamalqwhat am trying to do is to add TSIG signe to the also_notify and add some support for the split view to designate18:06
*** sorin-mihai has joined #openstack-dns18:07
*** sorin-mihai_ has quit IRC18:08
nicolasbockHi hamalq! Today is going to be difficult for me but Monday or any other time next week works.18:26
hamalqnicolasbock: hi, sure Monday is good for me too, i will send u in Monday18:27
nicolasbockThanks18:28
* andrewbogott is still in the market for a designate debugging buddy if anyone needs a distraction18:32
* andrewbogott 's city is in flames so he /really/ needs a distraction18:33
*** sorin-mihai_ has joined #openstack-dns18:41
*** sorin-mihai has quit IRC18:42
*** sorin-mihai has joined #openstack-dns18:46
*** sorin-mihai_ has quit IRC18:47
hamalqandrewbogott: whats is the issue u trying to solve?18:49
andrewbogotthamalq: I'm seeing a variety of issues with pdns4 not syncing properly with designate18:49
andrewbogottand no errors or warnings as far as I can see18:49
andrewbogottBasically everything in designate is marked as PENDING which take to mean it's trying to sync and waiting for a response or failing18:50
hamalqdid u check the pdns using command line to see its working right?18:50
andrewbogottI'm just now curling to the pdns api from both of my designate hosts, and that seems to work fine18:51
andrewbogott(for getting a list of zones at least)18:51
andrewbogottand digging against pdns works for things that pdns knows about18:52
andrewbogott(Is that what you mean, or is there another cli test you suggest?)18:52
hamalqthere is pdnsutil that can do that? but using APIs should be ok. do u use TSIG18:53
andrewbogottI don't think so but I can check :) Is that a flag in pdns.conf?18:54
andrewbogottgrep -i tsig /etc/powerdns/pdns.conf returns nothing18:55
hamalqso u did not create TSIG for zone18:55
andrewbogottnope18:56
andrewbogottbtw, I see failures both with creating new zones AND with adding new records to an existing zone.18:56
andrewbogottAs I understand it those use different code paths?  (Or they did with pdns3, maybe they're both API calls with pdns4)18:57
hamalqhttps://docs.openstack.org/designate/pike/contributor/backends/pdns4.html18:58
andrewbogottoh yeah, I've read that a dozen times in the last couple of days :)18:58
andrewbogottlemme redact my pools.yaml and paste, hang on18:58
andrewbogottok, here it comes18:59
andrewbogotthttps://www.irccloud.com/pastebin/sElAw8fU/19:00
andrewbogottthat's the output of 'designate-manage pool generate_file' so should reflect the actual state in the designate db19:00
andrewbogottI assume that any relevant warnings would be in the worker log but maybe I'm looking in the wrong place?  I have my error level set to WARN but tried turning on DEBUG and didn't see anything new there (other than a million heartbeats)19:02
hamalqmmmm designate-manage powerdns sync <pool_id>19:03
hamalqpersonally i prefer this https://docs.openstack.org/designate/pike/contributor/backends/powerdns.html19:03
hamalqbut it does not work for pdns419:04
andrewbogotthamalq: iirc the powerdns sync command was for pdns3 and doesn't do anything with the pdns4 backend19:05
andrewbogotthm, is there a good cli way to test mdns?  Should it respond to 'dig @'?19:06
hamalqyeah i know, but i still like that approach , mdns (dig command should do that)19:07
andrewbogottok, confirmed, if I dig @ mdns it responds with correct records19:08
andrewbogott(it knows about the things that are missing from pdns)19:08
hamalqthen try to create a record in pdns using the API19:09
andrewbogottgood idea, googling for the syntax for that...19:12
andrewbogottit's telling me '{"error": "Key 'name' not present or not a String"}' which is surely from a typo but I can't find it19:18
andrewbogottcurl PATCH --data '{"rrsets": [ {"name":"andrewtesttest.andrewtest.example.org.", "type":"A", "ttl":30, "changetype":"REPLACE", "records": [ {"content": "192.0.5.4", "disabled": false } ] } ] }'   -s -H 'X-API-Key: <redacted>' http://208.80.154.135:8081/api/v1/servers/localhost/zones19:18
hamalqzones/zone_name19:20
andrewbogottoh!19:21
andrewbogottok, trying...19:21
andrewbogottyou mean in the url?  Like http://208.80.154.135:8081/api/v1/servers/localhost/zone_name ?19:22
andrewbogottor http://208.80.154.135:8081/api/v1/servers/localhost/zone_name/andrewtest.example.org ?19:23
andrewbogottBoth get me a 'not found'19:23
hamalqhttp://127.0.0.1:8081/api/v1/servers/localhost/zones/example.org.19:23
*** sorin-mihai_ has joined #openstack-dns19:24
andrewbogotthm, 'Method Not Allowed'  — that's interesting!19:24
andrewbogottlet me see if the same happens on my working install19:24
hamalqam not sure though about the API i never used it before ( did u check the API key is right)19:25
*** sorin-mihai has quit IRC19:25
andrewbogottyes, creating the zone worked, but creating the record fails19:25
andrewbogotthm, nope, 'Method Not Allowed' on the working host as well19:26
hamalqhttps://n40lab.wordpress.com/2015/05/16/centos-7-using-the-powerdns-web-api-to-add-and-edit-records/19:29
andrewbogottI think that agrees with what I'm doing already...19:33
eanderssonNot super familiar with the TSIG code :'(19:34
eanderssonor how TSIG works in general19:34
andrewbogottthis may be a red herring since I'm pretty sure records are sync'd via xfr and not the API anyway19:35
hamalqit seems so https://github.com/openstack/designate/blob/master/designate/backend/impl_pdns4.py19:38
eanderssonAre you seeing any errors in the logs?19:38
andrewbogotteandersson: complaints about stale domains but no actual errors during sync attempts19:38
andrewbogott(this would be the -worker logs right?)19:38
eanderssonIf you do an AXFR against both designate and pdns does it match?19:39
andrewbogotte.g. 'Found 5 zones PENDING for more than 455 seconds'19:39
andrewbogotteandersson: is there a way to do axfr by hand?19:39
andrewbogottI mean, I can see in the pdns database that it doesn't know about a bunch of things19:39
andrewbogottso I'd expect them to be missing from xfr as well19:40
eanderssonsure jsut do dig @localhost <zone> AXFR19:40
eanderssonand do the same against both pdns and designate19:40
andrewbogottah, ok!  stay tuned...19:40
andrewbogottby 'designate' you mean mdns?19:40
eanderssonyep19:41
eanderssondig @208.80.153.109 -p 5354 <zone> AXFR19:42
eanderssonI believe19:42
hamalqyub that should could call the mdns service19:43
andrewbogottagainst mdns I get lots of things19:43
andrewbogottagainst pdns I get19:43
andrewbogotthttps://www.irccloud.com/pastebin/MJDB7cQK/19:43
andrewbogottvs19:43
andrewbogotthttps://www.irccloud.com/pastebin/6enRBvVj/19:43
eanderssonWhat about with just the ip? 208.80.153.109 (e.g. dig @208.80.153.109 <zone> AXFR)19:44
eanderssonbut something looks off with pdns there19:44
andrewbogottsame, Transfer failed.19:45
eanderssonIs it the same against both ns0 and ns1?19:45
andrewbogottyep, same19:45
eanderssonDoes any of the servers actually resolve?19:45
eandersson*a records19:45
andrewbogottthey do, yes19:46
andrewbogottlog says19:46
andrewbogottMay 29 19:45:51 cloudservices2003-dev pdns_server[1167]: AXFR of domain 'codfw1dev.wikimedia.cloud' failed: 208.80.153.76 cannot request AXFR19:46
andrewbogottso that suggests there's an ACL someplace that I need to fill in19:46
andrewbogottfull log snippet is19:46
andrewbogotthttps://www.irccloud.com/pastebin/WC9oNqDU/19:46
andrewbogottlet me see if that happens on my working system19:46
eanderssonhttps://github.com/openstack/designate/blob/master/devstack/designate_plugins/backend-pdns419:47
eanderssonThis is always a good reference19:47
hamalqallow-axfr-ips - must list the IPs of the Designate nodes, which will be located on the OpenStack API nodes19:47
andrewbogottnope, same '19:47
andrewbogottsame 'Transfer failed' on my working host19:48
andrewbogottbut let me try that nevertheless!19:48
eanderssonhttps://github.com/openstack/designate/blob/master/devstack/designate_plugins/backend-pdns4#L10519:48
andrewbogottsorry, is there supposed to be an 'allow-axfr-ips' config documented someplace?  I don't see that in your links19:49
andrewbogottok, found it elsewhere, trying...19:50
eanderssonhttps://doc.powerdns.com/authoritative/settings.html#allow-axfr-ips19:50
eanderssonCan you try dig @localhost <zone> AXFR19:51
eanderssonon the host itself19:51
eanderssonif that works its the allow-axfr-ips that is causing the issues19:51
andrewbogottadding that setting makes the dig AXFR work.19:54
andrewbogottNow testing to see if that actually fixes things :)19:54
andrewbogottstill testing — so far no real sign that this has changed anything (although the change seems correct in any case)20:02
andrewbogottyeah, created a new record and it's stuck in | PENDING | CREATE |20:03
eanderssonDo you still see the AXFR errors in the pdns logs?20:04
andrewbogottI only saw those when doing an explicit xfr request with dig20:04
eanderssonI see20:04
andrewbogottbacking up… my understanding is that pdns does an axfr request of mdns20:04
andrewbogottbut not the other way around20:04
eanderssonYea20:04
eanderssonYou are right20:04
andrewbogottso even though adding that allow-axfr thing makes sense, I don't think it allows a thing that we need for this particular problem20:05
andrewbogott(although could be useful for debugging/comparing)20:05
eanderssonyou may need to allow notify20:05
eanderssonbut pretty sure it allows that by default20:05
* andrewbogott tries it20:06
eanderssonAre there no errors in designate?20:06
andrewbogottyeah, it says Default: 0.0.0.0/0,::/020:06
eanderssonAlso, try to create a dummy record to bump the serial20:06
andrewbogotteandersson: only complaints about domains being stuck in pending20:06
hamalqfrom the pdns servers can u do the AXFR to designate?20:07
andrewbogottI've been testing by creating a new VM and confirming that the new record appears in designate20:07
andrewbogottthat should be equivalent to creating the dummy record I think20:07
eanderssonYep20:07
andrewbogotthamalq: I believe that designate notifies pdns that it needs to do an axfr, then pdns initiates an axfr sync20:07
eanderssonalso test what hamalq said20:07
eanderssonyep20:07
eanderssonbut still worth making sure that pdns can hit both designate servers20:08
andrewbogotti will doublecheck that20:08
eanderssoniptables etc20:08
andrewbogotthm, connection refused if I use the AAAA address20:10
andrewbogottdoes mdns have an acl for this?20:10
andrewbogottor is that somehow in the pool config I wonder...20:10
eanderssonWhat version of Designate?20:11
eanderssonI believe I fixed IPV6 support in like Train20:11
andrewbogottI'm running R20:12
eanderssonhttps://github.com/openstack/designate/commit/2ad08a6a0554b1166520b40d503fca597367287020:12
eanderssonI don't think that is it20:13
andrewbogotthow can I tell which ip/name/whatever pdns is using for its axfr request?20:13
andrewbogottI already hacked my /etc/hosts to ensure that hostname lookups would always get v4 addresses20:14
andrewbogottbut that doesn't mean that the outgoing address from a request is v420:14
eanderssonIt should be using what ever you put in pools, but honestly don't know20:14
eanderssonmaybe you can enable debug logging for pdns20:15
eanderssonloglevel = 6 I believe20:16
andrewbogottyeah, it was at 6 already — pdns logs don't say much20:17
andrewbogottlet me see if I can get it to say what it's doing though...20:17
eanderssonbtw highly recommend upgrading Designate to U :D20:18
eanderssonI am running Train (with Nova/Neutron running Rocky)20:19
andrewbogotteandersson: I can't upgrade past R until I upgrade my base OS to Buster20:20
andrewbogottwhich is what I'm doing now — testing moving R from Stretch to Buster20:20
eanderssonYou using rpms?20:20
eandersson*debs20:20
andrewbogottyeah20:20
eanderssonI would just install designate in a venv :D20:20
eanderssonbut probably a lot of effort if you don't have the tooling20:21
andrewbogottIt's nice to use validated upstream packages when you have the option :)20:21
eanderssonYep20:22
andrewbogottI see /some/ axfr success in the pdns log20:22
andrewbogotthttps://www.irccloud.com/pastebin/ozcsCsvH/20:22
eanderssonNice20:22
andrewbogottoddly, the domain in which I just now created a record does not appear there20:22
eanderssonThat looks good20:22
eanderssonlol20:22
andrewbogottand it is still showing as PENDING20:22
andrewbogott(sorry, I should mention — I always see /some/ activity like that)20:22
eanderssonSo one domain/zone is working20:23
andrewbogottI have two nodes, and it might be that it's working on one node and not the other, or something20:23
eanderssonbut the new one isn't?20:23
eanderssonYea - try hitting port 5354 from host1 to host2 (and host2 -> host1)20:23
eanderssonuse telnet or similar20:23
andrewbogottI have definitely tried that 30 times but will try again :)20:23
eanderssonbecause tcp vs udp20:23
eanderssondig wouldn't detect that20:24
andrewbogottand of course without knowing what the orig ip is I have to test a bunch of other things...20:24
eanderssonsince it just uses udp20:24
andrewbogottin all cases I get a telnet connection and then 'Connection closed by foreign host.'20:24
eanderssonIt tends to be something silly when you finally find it :D20:24
andrewbogottit will definitely be something silly20:25
eanderssonDid you test 53 as well with telnet?20:25
andrewbogottdoing20:25
eanderssondesignate-manage pool update --delete TRUE20:26
eanderssonMight be worth running as well20:26
eanderssonand then restart all of designate20:27
andrewbogottok, will try20:27
andrewbogottI still suspect this has to do with ipv6 origination IPs.  That's one thing I'm pretty sure changed when I upgraded20:27
eandersson--delete will make sure that the db matches what is the pools config20:28
eandersson(it will delete anything that isn't supposed to be there)20:28
andrewbogottI wonder if there's some system-wide setting I can make to just not using ipv6 at all20:28
eanderssonYea you can just apply sysctl20:28
andrewbogottok, one thing at a time, will do the —delete20:28
eanderssonmake sure to restart central, worker and producer after that (but probably worth just restarting all of them)20:29
eanderssonAre you using the worker/producer btw?20:29
andrewbogottyes20:29
andrewbogottBelieve me, I already have20:29
andrewbogottservice designate-sink restart && service designate-mdns restart && service designate-central restart && service designate-producer restart && service designate-worker restart20:29
andrewbogottin my command history :)20:30
eanderssonsystemctl restart designate-*20:30
eandersson:D20:30
andrewbogottit takes a /really/ long time for all those services to shut down20:30
eanderssonI haven't used debian in a long time20:30
eanderssonYea - that has been fixed in U :D20:30
eanderssonhttps://github.com/openstack/designate/commit/a09064a5d15859703b97d61a1f014681a17799c620:31
andrewbogottnice20:32
hamalqsysctl -w net.ipv6.conf.all.disable_ipv6=1, sysctl -w net.ipv6.conf.default.disable_ipv6=1 to disable all ipv6 in debian (not debian user myself :P)20:33
andrewbogottcool, will try that next20:33
hamalqam glad i joined this discussion it revised amost every thing in designate :)20:34
andrewbogottok, first, going to try creating another test record after the —delete20:34
andrewbogottthere it is in openstack recordset list20:35
andrewbogott| PENDING | CREATE |20:35
andrewbogottpdns says "Domain 'svc.newprojectdomaintest3.codfw1dev.wikimedia.cloud' is fresh (no DNSSEC)"20:35
andrewbogottoh nm20:35
andrewbogottthat's not the same domain I touched20:35
andrewbogottweird that pdns is telling me about some other domain that I haven't touched in a month20:36
andrewbogottI wonder how long I should give this to catch up before I decide it's still broken?  I have so many PENDING zones at this point, even if all is well it could take a while20:37
andrewbogottalthough I guess I should be seeing >0 zones change from PENDING20:37
hamalqif pdns shows no log of AXFR it should be sign that its not working20:38
andrewbogottok, going to disable ipv6 and reboot these boxes20:40
andrewbogottsorry, will be a long suspensful wait now :)20:40
andrewbogott(thank you both, btw, for talking me through this!  Lots of good ideas I didn't think of yesterday)20:41
hamalqyou welcome (but i should thank u also i enjoyed this)20:42
andrewbogotthuh, running 'sysctl -w net.ipv6.conf.all.disable_ipv6=1' on one of my hosts works fine20:51
andrewbogottbut on the other it causes it to fall off the network entirely20:51
andrewbogottafter a reboot it comes back but is also back to using v620:51
*** agomez has quit IRC20:56
*** sorin-mihai has joined #openstack-dns20:57
*** sorin-mihai_ has quit IRC20:59
eanderssonYou need to add it to /etc/sysctl.conf21:03
eanderssonmost likely21:03
eanderssonweird that you would lose network entirely21:03
*** sorin-mihai_ has joined #openstack-dns21:27
andrewbogottyeah, these hosts don't work at all without ipv6 enabled.  Must be something in the upstream network config21:27
andrewbogottso, that experiment isn't going to help21:27
*** sorin-mihai has quit IRC21:28
hamalqremove the server with ipv6 from the pool21:28
hamalqand keep only one21:28
andrewbogottnah, they both fall off the network, I just didn't do a proper test with the first one21:31
*** sorin-mihai has joined #openstack-dns21:32
hamalqcan the old installation u have do AXFR from pdns servers to designate servers?21:32
*** sorin-mihai_ has quit IRC21:34
andrewbogottI'm unclear on what which direction you mean by 'from' but — things work in the old installation; records appear in pdns as soon as they're created in designate.21:35
hamalqtry the dig command and @designate-server-ip21:36
hamalqfrom the pdns servers21:36
andrewbogottI have two bare-metal hosts; each runs one instance of designate and one instance of pdns21:37
* andrewbogott tries21:37
andrewbogotthamalq: AXFR from pdns isn't relevant is it?  We don't want records to propagate from pdns to designate, only the other way21:39
hamalqthe port should 545321:39
hamalq-p545321:39
andrewbogottok21:44
andrewbogottI think we did this before, but here's the recap:21:44
andrewbogottdig -p5453 with hostname works in all directions21:44
andrewbogottit also works with the ipv4 address21:44
andrewbogottit does NOT work with the ipv6 address21:44
andrewbogottin the case of accessing the local host, it times out.  In the case of accessing the other host, the connection is refused21:45
andrewbogottThat fits the sort of very-slow/intermittent/unpredictable nature of the failure I'm seeing21:45
andrewbogottsorry, wrong way around: connection refused locally, times out remotely21:46
hamalqdo pdns on the two hosts share the same database?21:46
andrewbogottno21:47
andrewbogotthm, how do I do a telnet test with a v6 address?21:47
andrewbogottpdns each has their own database, designate has a shared db on a different host21:47
hamalqtimes out remotely ( this could be the issue u should solve)21:48
hamalqsince every pdns server will request AXFR from one of the designate servers right?21:49
andrewbogottyeah, looking at that now21:49
andrewbogottI'm staring right at the firewall rule that should allow it :)21:49
*** KeithMnemonic has quit IRC21:50
andrewbogottok, due to ipv6 addresses being impossible to read, my test had a typo in it21:51
andrewbogottI'm now seeing connection refused in all directions (now that I have the address right)21:52
hamalqyub that should be the issue21:52
andrewbogotthttps://www.irccloud.com/pastebin/SVhS8Gt1/21:52
andrewbogottso is it possible for me to tell mdns to respond to those queries?21:52
hamalqi dont think its designate refusing21:54
hamalqits an ACL or something in network i think21:55
hamalqtry telnet the port21:55
*** sorin-mihai_ has joined #openstack-dns21:55
hamalqcan u check if the dig works on the old system (if its then for sure its an ACL)21:56
andrewbogottI don't think the old system is using ipv621:57
andrewbogotttelnet is refused, same as dig21:57
andrewbogottIf the port were blocked it would time out wouldn't it?21:57
*** sorin-mihai has quit IRC21:57
hamalqtelnet: Unable to connect to remote host: Connection refused. This error means that firewall is blocking connections to the specified port on the remote host. The firewall can be at the remote host or at the intermediate level.21:58
andrewbogotthm...21:59
andrewbogottok, you're right, I tried it with a different port and a simple server and saw the same pattern22:01
andrewbogotthm22:01
eanderssonWhat do you have in designate.conf for mdns?22:02
andrewbogottall defaults at the moment22:03
andrewbogotthamalq: except it also fails if I telnet to 5354 on the current host — /that/ can't be a network filter22:04
* andrewbogott starting to think he has multiple problems22:04
eanderssonfor sure some weird stuff going on22:05
andrewbogottanyway, for the moment let's pretend like this is the issue:22:05
andrewbogotthttps://www.irccloud.com/pastebin/wMpMdtLe/22:05
hamalqif u bind the mdns service to the ip of designate server IP that should not work (its expected) the real problem is if host1 receive a notify form host2 he can do the AXFR from the based on the timeout22:08
eanderssonmaybe try adding host=::1 in the mdns config22:08
hamalqsorry he cant do the AXFR22:08
hamalqi hope that make sense22:08
andrewbogotteandersson: that seems to help!  and also maybe doesn't break ipv4?22:09
eanderssonor :: not ::1 I believe22:09
eanderssonIt shouldn't afaik22:09
eanderssonif it does22:10
eanderssonjust change host to listen22:10
eanderssonand do somthing like22:10
eanderssonlisten=[::]:5453,0.0.0.0:545322:10
eanderssonI just hope Rocky handles the brackets properly :D22:11
andrewbogottso far this is promising with just ::, testing more things...22:11
andrewbogottok, confirmed, I can now get axfr on v4 and v6 in both directions with mdns22:14
andrewbogottgoing to finalize this change before I move on to more testing22:14
* andrewbogott restarts everything everywhere, again22:16
andrewbogottbtw, what does the designate agent do?  I'm thinking I don't need it with my current setup but it keeps popping up in docs22:18
eanderssonI am a top 5 contributor to designate and I don't know22:23
eanderssonmugsie_ explained it at some point to me22:23
andrewbogotteandersson: is my install broken if it's not running?22:25
eanderssonNope22:25
hamalqi dont see that in the https://docs.openstack.org/designate/train/contributor/architecture.html22:25
andrewbogott:)22:25
andrewbogottBack to my original issue… if axfr was failing, where would you expect the warnings to appear?  the mdns log or the worker log or the producer log?  Or…?22:26
eanderssonworker logs22:26
andrewbogott'k22:26
andrewbogottI don't see any evidence that designate is initiating axfr22:27
andrewbogottpdns is all 'No new unfresh slave domains, 0 queued for AXFR already, 0 in progress'22:27
eanderssonDid you compare the axfr output between designate and pdns?22:27
eanderssonusing dig22:27
andrewbogotthm,  identical22:28
eanderssonthat is weird22:29
eanderssonhow about serial?22:29
andrewbogottoh, wait, hang on, it's because the error message is identical22:29
*** sorin-mihai has joined #openstack-dns22:29
andrewbogotthave to enable that in pdns again22:29
eanderssonprobably easiest to just do it from the host using localhost22:30
*** sorin-mihai_ has quit IRC22:30
andrewbogottok, here's a diff at last22:33
andrewbogotthttps://www.irccloud.com/pastebin/YQleHn8P/22:33
andrewbogottpretty much what you'd expect from "isn't updating very often"22:34
eanderssonAre you seeing anything like22:35
eandersson> Timeout on NOTIFY22:35
eanderssonIn the designate-worker logs?22:35
eanderssonor maybe Could not find %(serial)s for %(zone)s on enough22:35
andrewbogottgrep -i "Could not find" designate-worker.log  is totally empty22:36
andrewbogottas is grep "Timeout on NOTIFY" designate-worker.log22:36
andrewbogottit's like it isn't trying22:37
*** sorin-mihai_ has joined #openstack-dns22:38
eanderssonYou mean that designate-worker.log is completely empty?22:38
eanderssonor just no hits on the grep?22:38
andrewbogottjust no hits on the grep22:39
andrewbogottthe log the log has a lot of22:39
andrewbogotthttps://www.irccloud.com/pastebin/r8MttB69/22:39
*** sorin-mihai has quit IRC22:39
andrewbogott(this is with log-level WARNING)22:40
eanderssonbtw when you posted the pools config22:41
eanderssonnot sure if it is just copy and paste22:42
eanderssonbut it looks like the spacing is off22:42
andrewbogotthere it is again, I just regenerated it22:42
andrewbogotthttps://www.irccloud.com/pastebin/KNCrA8el/22:42
andrewbogottwhoops, with my live API token, guess I'll go rotate that22:42
eanderssonhaha happens22:42
eanderssonI am always terrified when pasting into irc :D22:43
andrewbogottI even remembered to redact it and pasted a file with .redacted in its name.  Must've done :q! instead of :wq! or something22:44
andrewbogott*shrug*22:44
andrewbogottit bugs me that designate-manage inserts those quotes around the pdns port but they aren't in the database so I'm trying to get over it :)22:45
eanderssonhttp://paste.openstack.org/show/0t7eh1qA6DjXBJdz7q8g/22:52
eanderssonCan you try this just in case22:52
eanderssonfollowed by22:53
eanderssondesignate-manage pool update --delete TRUE22:53
eanderssonand then a restart of all fun services again22:53
andrewbogotthow is that different?  Just removing22:55
andrewbogotthttps://www.irccloud.com/pastebin/PTeUhcYy/22:55
andrewbogott?22:55
eanderssonjust worried about the spacing22:55
andrewbogott'k22:55
* andrewbogott waits for restarts22:55
eanderssonactually tried yours in a python script and looks fine22:55
andrewbogottthe file I pasted is generated /by/ designate-admin so I would hope it would parse :)22:56
eanderssonbut does not hurt trying22:56
andrewbogottum, designate-manate22:56
andrewbogottugh22:56
eanderssonhehe22:56
andrewbogottI'm all out of types for the day22:56
andrewbogottwhat does it mean to specify or not specify the pool ID in that file?22:56
andrewbogottam I in danger of getting a new different pool now?22:57
eanderssonit just defaults to the same one22:57
eanderssonfeel free to re-add it22:57
eanderssonI was just hand re-writing it22:57
eandersson> default='794ccc2c-d751-44fe-b57f-8894c9f5c842',22:58
eanderssonThis is the default pool22:58
eanderssonso if you don't put anything it will just default to that one22:58
andrewbogott'k22:58
andrewbogottinspecting the db confirms, still just one pool22:58
eanderssonbtw does it work after a while?22:59
eanderssonIf so it's almost certanily an issue with NOTIFY22:59
andrewbogottit's often the case that hours later I see records showing up23:01
andrewbogottalthough I don't think I ever see designate move something out of PENDING23:02
eanderssonCan you enable debug and give me like 5 minutes of logs?23:02
eanderssonFeel free to PM them to me if you don't want to share with the world23:02
andrewbogottsure, which service?23:02
andrewbogottall?23:02
eanderssonworker23:02
andrewbogottok23:02
eanderssonworker and maybe producer23:02
andrewbogottI don't have central logging so it'll be multiple files, alas23:02
eanderssonjournalctl helps a lot :D23:03
andrewbogottwant me to create a record during those logs, or just give you the steady state logs?23:04
eanderssonideally yea23:04
andrewbogottI'll let them settle in for a minute first23:05
andrewbogotteandersson: in those logs I waited a minute or two, then created a single domain (test8.svc.andrewtestproject.codfw1dev.wmcloud.org.) and then waited another minute or so and then created VM named dnstest-34 which should have prompted at least two other record creations.23:13
andrewbogottThere aren't any new domains in there, just new records.23:13
andrewbogottI need to stretch my legs but will return to receive whatever wisdom you learn from those logs :)23:15
*** sorin-mihai_ is now known as sorin-mihai23:18
eanderssonHow many designate hosts do you have?23:20
eanderssonIs it just one?23:20
hamalqcan u try something if u can just re-create the zones (delete/create) that worked for me once23:22
hamalqhe have two servers both with designate and pdns23:27
andrewbogotteandersson: two hosts, I sent you logs from each23:45
andrewbogottIs it possible I just have rabbit split-brain such that the worker never finds out that there are things to update?23:46
andrewbogottlemme kill all but one of my rabbits23:46
eanderssonIt's possible but would result in rpc timeouts23:48
andrewbogotthamalq: I can't create new domains, they get stuck in 'pending' as well23:48
andrewbogottyeah, I'd think it would show up someplace23:48
andrewbogottrabbit murder doesn't seem to make a difference23:50
andrewbogotteandersson: do you agree that the logs are totally cheerful about failure?  Or are there warnings hiding in there that I missed?23:53
eanderssonhttps://zuul.opendev.org/t/openstack/build/bd3aa12677da4f76a34fb20ce3bf58af/log/controller/logs/screen-designate-worker.txt23:56
eanderssonYou should be seeing a lot of these23:56
eandersson> Attempting UPDATE on zone 932833962.com.23:56
andrewbogottyeah, I agree :)23:57
andrewbogottI mean, that should be showing even if pdns isn't running at all, right?23:58
andrewbogottBecause 'Attempting'23:58
eanderssonYea afaik23:58
eanderssonI mean it's possible it is stuck trying to connect23:59
andrewbogottBut it has some kind of exponential backoff right?23:59
andrewbogottSo maybe all existing domains are in a state of despair where it's going to wait 8 hours before trying to refresh?23:59
andrewbogottIf that's in the db I can try to clear it23:59
* andrewbogott not totally sure that's how it works23:59
« Thursday, 2020-05-28 Index Saturday, 2020-05-30 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!