Bug 1468314 - Integrated DNS does not work with Cisco ACI due to Neutron bug
Summary: Integrated DNS does not work with Cisco ACI due to Neutron bug
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-neutron
Version: 10.0 (Newton)
Hardware: x86_64
OS: Linux
high
high
Target Milestone: z4
: 10.0 (Newton)
Assignee: Assaf Muller
QA Contact: GenadiC
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-07-06 16:17 UTC by Siggy Sigwald
Modified: 2020-08-13 09:35 UTC (History)
8 users (show)

Fixed In Version: openstack-neutron-9.3.1-5.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1468630 (view as bug list)
Environment:
Last Closed: 2017-09-06 17:17:18 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1702693 0 None None None 2017-07-06 16:17:39 UTC
OpenStack gerrit 481094 0 None None None 2017-07-06 18:17:24 UTC
OpenStack gerrit 481313 0 None None None 2017-07-06 22:52:18 UTC
Red Hat Product Errata RHBA-2017:2663 0 normal SHIPPED_LIVE openstack-neutron bug fix advisory 2017-09-06 20:58:42 UTC

Description Siggy Sigwald 2017-07-06 16:17:40 UTC
Description of problem:
Cisco ACI integration does not work with Neutron to provide instance DNS resolution natively. Andrew Austin (from Red Hat) has identified that this can be resolved with a single line of code in the ACI plugin setting _dns_integration to false. (Cisco has been made aware of this issue and plans to support integrated DNS later in FY17) Neutron code, while checking the _dns_integration flag on floating IP create and update functions, does _not_ check this same flag on the floating IP delete function.

Launchpad bug:
https://bugs.launchpad.net/neutron/+bug/1702693

Where are you experiencing the behavior?  What environment?

RHOSP 10: 3 Controller node / 6 Compute / external Ceph environment with integrated ACI and F5 load balancing

When does the behavior occur? Frequently?  Repeatedly?   At certain times?

Repeatedly

What information can you provide around timeframes and the business impact?

This is urgent and can significantly impact time to production and/or project viability

Comment 2 Ihar Hrachyshka 2017-07-06 19:34:32 UTC
So I agree with the patch, but I also wonder why dns-integration extension is advertised by the core plugin (ml2)? It seems the only way to get it is by enabling 'dns' extension driver in ml2_conf.ini. Can't we just remove it from there? It seems like your setup doesn't support dns integration, so it doesn't make much sense to advertise it to api users.

Comment 3 Andrew Austin 2017-07-06 20:25:21 UTC
The environment where this issue is being encountered has an odd combination of DNS requirements. The operator requires that instance ports created by Nova be resolvable by instance name via the dnsmasq resolver provided by neutron, but they do not care about floating IP resolution or external DNS integration. 

In order to get that working, I need to be able to enable the DNS extension for ML2, but have it ignore the fact that the L3 service plugin from Cisco doesn't implement any of the DNS methods for floating IPs. By setting _dns_integration = False in the Cisco plugin, that can be accomplshed for create and update floating IP operations, but not delete without this patch.

Comment 4 Assaf Muller 2017-07-06 22:52:19 UTC
We got the upstream patch merged, I've attached the upstream stable/newton backport. We'll also get going with an OSP 10 backport and build.

Comment 5 Assaf Muller 2017-07-07 17:06:54 UTC
Build is up in brew, hotfix approved for Bluecross.

Comment 6 Siggy Sigwald 2017-07-10 19:08:03 UTC
*** Bug 1468630 has been marked as a duplicate of this bug. ***

Comment 13 GenadiC 2017-08-17 12:37:05 UTC
As I don't have Cisco equipment I did code verification on openstack-neutron-9.4.0-2.el7ost.noarch

Comment 15 errata-xmlrpc 2017-09-06 17:17:18 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2663


Note You need to log in before you can comment on or make changes to this bug.