Bug 1468314 - Integrated DNS does not work with Cisco ACI due to Neutron bug
Integrated DNS does not work with Cisco ACI due to Neutron bug
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-neutron (Show other bugs)
10.0 (Newton)
x86_64 Linux
high Severity high
: z4
: 10.0 (Newton)
Assigned To: Assaf Muller
: Triaged, ZStream
Depends On:
  Show dependency treegraph
Reported: 2017-07-06 12:17 EDT by Siggy Sigwald
Modified: 2018-02-26 13:08 EST (History)
8 users (show)

See Also:
Fixed In Version: openstack-neutron-9.3.1-5.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1468630 (view as bug list)
Last Closed: 2017-09-06 13:17:18 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Launchpad 1702693 None None None 2017-07-06 12:17 EDT
OpenStack gerrit 481094 None None None 2017-07-06 14:17 EDT
OpenStack gerrit 481313 None None None 2017-07-06 18:52 EDT

  None (edit)
Description Siggy Sigwald 2017-07-06 12:17:40 EDT
Description of problem:
Cisco ACI integration does not work with Neutron to provide instance DNS resolution natively. Andrew Austin (from Red Hat) has identified that this can be resolved with a single line of code in the ACI plugin setting _dns_integration to false. (Cisco has been made aware of this issue and plans to support integrated DNS later in FY17) Neutron code, while checking the _dns_integration flag on floating IP create and update functions, does _not_ check this same flag on the floating IP delete function.

Launchpad bug:

Where are you experiencing the behavior?  What environment?

RHOSP 10: 3 Controller node / 6 Compute / external Ceph environment with integrated ACI and F5 load balancing

When does the behavior occur? Frequently?  Repeatedly?   At certain times?


What information can you provide around timeframes and the business impact?

This is urgent and can significantly impact time to production and/or project viability
Comment 2 Ihar Hrachyshka 2017-07-06 15:34:32 EDT
So I agree with the patch, but I also wonder why dns-integration extension is advertised by the core plugin (ml2)? It seems the only way to get it is by enabling 'dns' extension driver in ml2_conf.ini. Can't we just remove it from there? It seems like your setup doesn't support dns integration, so it doesn't make much sense to advertise it to api users.
Comment 3 Andrew Austin 2017-07-06 16:25:21 EDT
The environment where this issue is being encountered has an odd combination of DNS requirements. The operator requires that instance ports created by Nova be resolvable by instance name via the dnsmasq resolver provided by neutron, but they do not care about floating IP resolution or external DNS integration. 

In order to get that working, I need to be able to enable the DNS extension for ML2, but have it ignore the fact that the L3 service plugin from Cisco doesn't implement any of the DNS methods for floating IPs. By setting _dns_integration = False in the Cisco plugin, that can be accomplshed for create and update floating IP operations, but not delete without this patch.
Comment 4 Assaf Muller 2017-07-06 18:52:19 EDT
We got the upstream patch merged, I've attached the upstream stable/newton backport. We'll also get going with an OSP 10 backport and build.
Comment 5 Assaf Muller 2017-07-07 13:06:54 EDT
Build is up in brew, hotfix approved for Bluecross.
Comment 6 Siggy Sigwald 2017-07-10 15:08:03 EDT
*** Bug 1468630 has been marked as a duplicate of this bug. ***
Comment 13 GenadiC 2017-08-17 08:37:05 EDT
As I don't have Cisco equipment I did code verification on openstack-neutron-9.4.0-2.el7ost.noarch
Comment 15 errata-xmlrpc 2017-09-06 13:17:18 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.