Bug 1441788 - [RFE][overcloud-inspector][spine-leaf] dnsmasq-based dhcp filter
Summary: [RFE][overcloud-inspector][spine-leaf] dnsmasq-based dhcp filter
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-ironic-inspector
Version: 7.0 (Kilo)
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: Upstream M1
: 13.0 (Queens)
Assignee: mkovacik
QA Contact: Alexander Chuzhoy
URL:
Whiteboard:
Depends On: 1441780
Blocks: 1214284 1288035
TreeView+ depends on / blocked
 
Reported: 2017-04-12 17:53 UTC by mkovacik
Modified: 2018-06-27 13:31 UTC (History)
11 users (show)

Fixed In Version: openstack-ironic-inspector-7.2.0-0.20180217115157.a8d621f.el7ost instack-undercloud-8.4.0-3.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-06-27 13:29:27 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
OpenStack gerrit 439862 None MERGED Multiple PXE filtering backends 2020-07-26 00:30:49 UTC
OpenStack gerrit 457765 None MERGED Follow up PXE filter driver 2020-07-26 00:30:49 UTC
OpenStack gerrit 466448 None MERGED Introducing a dnsmasq PXE filter driver 2020-07-26 00:30:49 UTC
OpenStack gerrit 553689 None MERGED inspector: configure "dnsmasq" DHCP filter 2020-07-26 00:30:49 UTC
OpenStack gerrit 556677 None MERGED Use the new dnsmasq PXE filter in ironic-inspector 2020-07-26 00:30:49 UTC
Red Hat Product Errata RHEA-2018:2086 None None None 2018-06-27 13:31:00 UTC

Description mkovacik 2017-04-12 17:53:59 UTC
Implement a dnsmasq-based (either through the configuration-file-update&SIGHUP or lease-based) filter driver for ironic inspector. This should enable both the leaf--spine and HA efforts.

Comment 1 Ramon Acedo 2017-04-13 09:07:02 UTC
Hi Milan, as this RFE is a dependency for leaf-spine BZ#1214284, along with its dependency on BZ#1441780 (which, in turn, is also dependency for leaf-spine) we have to target it to OSP 12. Please, change back to OSP 13 if this assessment is not correct.

Comment 2 mkovacik 2017-04-25 16:19:47 UTC
This should be fine for 12, I'm confident ;)

Comment 3 Dmitry Tantsur 2017-06-12 15:43:16 UTC
I believe we won't be able to integration the new driver in time, so let's postpone it to Queens.

Comment 8 Bob Fournier 2018-04-10 17:54:49 UTC
Moving this back to POST.  Patch in https://review.openstack.org/#/c/556677/ is needed.   It has merged upstream but is currently not in a puddle.

Comment 9 Bob Fournier 2018-04-18 14:50:02 UTC
It appears the use of the filter (https://review.openstack.org/#/c/556677/) has introduced a selinux issue - https://bugzilla.redhat.com/show_bug.cgi?id=1568993.

Comment 10 Alexander Chuzhoy 2018-05-04 22:10:18 UTC
Environment:
openstack-ironic-inspector-7.2.1-0.20180409163359.2435d97.el7ost.noarch
instack-undercloud-8.4.1-2.el7ost.noarch


Ran introspection of nodes residing on 2 leafs:

(undercloud) [stack@undercloud ~]$ openstack overcloud node introspect --all-manageable --provide
Waiting for introspection to finish...
Started Mistral Workflow tripleo.baremetal.v1.introspect_manageable_nodes. Execution ID: f0f5fe86-aa67-4805-bc98-2136f5adf04f
Waiting for messages on queue 'tripleo' with no timeout.
Introspection of node 281e33b3-3e1a-483a-a956-7bb9705d54a8 completed. Status:SUCCESS. Errors:None
Introspection of node 543635cf-3388-4b6f-a1b1-44eb9fed66e6 completed. Status:SUCCESS. Errors:None
Introspection of node d5e1c94a-0f44-4017-bfcc-dd4a3b9e9020 completed. Status:SUCCESS. Errors:None
Introspection of node 73825c8d-80c7-44e7-ab3d-21e09da415d7 completed. Status:SUCCESS. Errors:None
Introspection of node 1020c1b3-3bb5-40de-90f7-61a903c1cf28 completed. Status:SUCCESS. Errors:None
Introspection of node bdce4e3d-5540-4205-ba74-8ef533f1ca6d completed. Status:SUCCESS. Errors:None
Successfully introspected 6 node(s).

Introspection completed.
Started Mistral Workflow tripleo.baremetal.v1.provide_manageable_nodes. Execution ID: b2220882-c6e6-40e3-b983-6c2febc533b3
Waiting for messages on queue 'tripleo' with no timeout.

6 node(s) successfully moved to the "available" state.





Looking under /var/lib/ironic-inspector/dhcp-hostsdir (was empty before introspection):

[root@undercloud dhcp-hostsdir]# find ./ -type f |xargs cat
a0:2b:b8:1f:c0:34,ignore
a0:2b:b8:1f:be:40,ignore
a0:2b:b8:1f:ba:bc,ignore
a0:2b:b8:1f:bb:2c,ignore
a0:2b:b8:1f:c0:40,ignore
a0:2b:b8:1f:c2:28,ignore

Comment 11 Alexander Chuzhoy 2018-05-04 23:21:04 UTC
Also,

Sent one node (A) to introspection and at the same time booted another node (B).

Checking /var/log/httpd/ipxe_vhost_access.log:

10.37.168.171 - - [04/May/2018:19:10:56 -0400] "GET /inspector.ipxe HTTP/1.1" 200 473 "-" "iPXE/1.0.0+ (4e85b27)"
10.37.168.171 - - [04/May/2018:19:10:56 -0400] "GET /agent.kernel HTTP/1.1" 200 6381872 "-" "iPXE/1.0.0+ (4e85b27)"
10.37.168.171 - - [04/May/2018:19:10:57 -0400] "GET /agent.ramdisk HTTP/1.1" 200 425431201 "-" "iPXE/1.0.0+ (4e85b27)"

Only for the (A) node being introspected and nothing for the other (B) node.

Checking the console of the B node I see:
no DHCP or proxyDHCP offers were received


And looking for mac of the B node in the output from journalctl -l -u openstack-ironic-inspector-dnsmasq:


May 04 19:11:24 undercloud.localdomain dnsmasq-dhcp[9418]: 3156196928 DHCPDISCOVER(br-ctlplane) a0:2b:b8:1f:be:40 ignored

Comment 12 Alexander Chuzhoy 2018-05-04 23:21:33 UTC
Verified based on comment #10 and comment #11

Comment 14 errata-xmlrpc 2018-06-27 13:29:27 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:2086


Note You need to log in before you can comment on or make changes to this bug.