Description of problem: Cisco ACI integration does not work with Neutron to provide instance DNS resolution natively. Andrew Austin (from Red Hat) has identified that this can be resolved with a single line of code in the ACI plugin setting _dns_integration to false. (Cisco has been made aware of this issue and plans to support integrated DNS later in FY17) Neutron code, while checking the _dns_integration flag on floating IP create and update functions, does _not_ check this same flag on the floating IP delete function. Launchpad bug: https://bugs.launchpad.net/neutron/+bug/1702693 Where are you experiencing the behavior? What environment? RHOSP 10: 3 Controller node / 6 Compute / external Ceph environment with integrated ACI and F5 load balancing When does the behavior occur? Frequently? Repeatedly? At certain times? Repeatedly What information can you provide around timeframes and the business impact? This is urgent and can significantly impact time to production and/or project viability
So I agree with the patch, but I also wonder why dns-integration extension is advertised by the core plugin (ml2)? It seems the only way to get it is by enabling 'dns' extension driver in ml2_conf.ini. Can't we just remove it from there? It seems like your setup doesn't support dns integration, so it doesn't make much sense to advertise it to api users.
The environment where this issue is being encountered has an odd combination of DNS requirements. The operator requires that instance ports created by Nova be resolvable by instance name via the dnsmasq resolver provided by neutron, but they do not care about floating IP resolution or external DNS integration. In order to get that working, I need to be able to enable the DNS extension for ML2, but have it ignore the fact that the L3 service plugin from Cisco doesn't implement any of the DNS methods for floating IPs. By setting _dns_integration = False in the Cisco plugin, that can be accomplshed for create and update floating IP operations, but not delete without this patch.
We got the upstream patch merged, I've attached the upstream stable/newton backport. We'll also get going with an OSP 10 backport and build.
Build is up in brew, hotfix approved for Bluecross.
*** Bug 1468630 has been marked as a duplicate of this bug. ***
As I don't have Cisco equipment I did code verification on openstack-neutron-9.4.0-2.el7ost.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2663