| opendevreview | Omer Schwartz proposed openstack/designate master: Multi-pools implementation https://review.opendev.org/c/openstack/designate/+/857978 | 15:39 |
|---|---|---|
| opendevreview | Omer Schwartz proposed openstack/designate master: Add designate-tempest-plugin under devstack_plugins https://review.opendev.org/c/openstack/designate/+/920838 | 15:39 |
| opendevreview | Omer Schwartz proposed openstack/designate-tempest-plugin master: Add designate-manage path to tempest via a devstack script https://review.opendev.org/c/openstack/designate-tempest-plugin/+/920734 | 15:40 |
| opendevreview | Omer Schwartz proposed openstack/designate-tempest-plugin master: WIP Add designate-manage pool scenario tests https://review.opendev.org/c/openstack/designate-tempest-plugin/+/920653 | 15:40 |
| vsaienko | Hello DNS community, I'm trying to use neutron designate integration https://docs.openstack.org/neutron/latest/admin/config-dns-int.html and want to setup floating ip with dns in the zone that is not visible for my project. THis scenario seems works with designate-sink, but does not work with external_dns_driver in Neutron. If user knows dns zone name he can basically inject a record by just puttin wrong information in the FIP address, so this | 16:55 |
| vsaienko | looke like reasanoble that we do not allow to inject records in zone that we don't have access to. Was this done intentionally or it is a bug? | 16:55 |
| johnsom | I think this document is more of what you are looking for: https://docs.openstack.org/neutron/2024.1/admin/config-dns-int-ext-serv.html | 17:09 |
| johnsom | When using the neutron extension, it will use the service account in the configuration file, so the zone must be accessible by that service account. | 17:10 |
| vsaienko | I think it uses token from the user | 17:11 |
| vsaienko | https://github.com/openstack/neutron/blob/5a1e9826c26a6e4d2d078fcedff3a3f696b537a6/neutron/plugins/ml2/extensions/dns_integration.py#L549 | 17:16 |
| vsaienko | here it is user context | 17:16 |
| vsaienko | A records are created with user context https://github.com/openstack/neutron/blob/5a1e9826c26a6e4d2d078fcedff3a3f696b537a6/neutron/services/externaldns/drivers/designate/driver.py#L66 | 17:36 |
| vsaienko | only PTR are created with admin https://github.com/openstack/neutron/blob/5a1e9826c26a6e4d2d078fcedff3a3f696b537a6/neutron/services/externaldns/drivers/designate/driver.py#L92 | 17:37 |
| frickler | vsaienko: that sounds reasonable to me and I'm pretty sure that it is intentional. but also more of a topic for the neutron team rather than designate | 18:04 |
| opendevreview | Takashi Kajinami proposed openstack/designate master: Fix bashate errors https://review.opendev.org/c/openstack/designate/+/906943 | 22:27 |
| opendevreview | Michael Johnson proposed openstack/designate master: Fix bashate errors https://review.opendev.org/c/openstack/designate/+/906943 | 23:01 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!