Created attachment 1910399 [details] Executed CLIs and "DNSIntegrationDomainPerProjectTests" class from the existing Neutron Tempest Plugin test suite. There are 3 use cases provided in U/S documentation [1], use cases #1 and #2 are PASS on OOO deployed setup with Designate DNS support enabled (CI Job to deploy [2]), but use case #3 [3] fails with: ------------------------------------------------------------------------------- POST call to network for http://10.0.0.102:9696/v2.0/subnets used request id req-20c59168-48e7-4fcd-b9a3-98d45b8fd500 BadRequestException: 400: Client Error for url: http://10.0.0.102:9696/v2.0/subnets, Unrecognized attribute(s) 'dns_publish_fixed_ip' clean_up CreateSubnet: BadRequestException: 400: Client Error for url: http://10.0.0.102:9696/v2.0/subnets, Unrecognized attribute(s) 'dns_publish_fixed_ip' ------------------------------------------------------------------------------- A similar error occurs wile trying to run the existing Neutron Tempest Test testing this area: -------------------------------------------------------------------------------- (.venv) [stack@undercloud-0 my_workspace]$ stestr run neutron_tempest_plugin.scenario.test_dns_integration.DNSIntegrationDomainPerProjectTests {0} setUpClass (neutron_tempest_plugin.scenario.test_dns_integration.DNSIntegrationDomainPerProjectTests) [0.000000s] ... FAILED tempest.lib.exceptions.BadRequest: Bad request Details: {'type': 'HTTPBadRequest', 'message': "Unrecognized attribute(s) 'dns_publish_fixed_ip'", 'detail': ''} -------------------------------------------------------------------------------- [1] - https://docs.openstack.org/neutron/yoga/admin/config-dns-int-ext-serv.html [2] - https://rhos-ci-jenkins.lab.eng.tlv2.redhat.com/job/DFG-network-openstack-designate-17.0_director-rhel-virthost-3cont_2comp-ipv4-geneve/ [3] - https://docs.openstack.org/neutron/yoga/admin/config-dns-int-ext-serv.html#use-case-3-ports-are-published-directly-in-the-external-dns-service Note: you can find executed CLI commands + executed Neutron Tempest Plugin tests from “DNSIntegrationDomainPerProjectTests” class in the attached file.
This is caused by a configuration problem. The dns_domain option in the config file /var/lib/config-data/puppet-generated/neutron/etc/neutron/neutron.conf has to be set to a domain name other than 'openstacklocal'. Otherwise, these two lines of code https://github.com/openstack/neutron/blob/87b434dcfba7038319cd074da88c081f8d725f56/neutron/plugins/ml2/extensions/dns_integration.py#L94-L95 will prevent the sending of the port's dns data to Designate. Once I change the value in the config file to: dns_domain=midominio.org. I was able to create a port and have its dns data sent to Designate: (overcloud) [stack@undercloud-0 ~]$ openstack recordset list 5dd34595-92a6-4884-8431-9205cdd7f81f +--------------------------------------+----------------+------+----------------------------------------------------------------------+--------+--------+ | id | name | type | records | status | action | +--------------------------------------+----------------+------+----------------------------------------------------------------------+--------+--------+ | 45ba383f-2ba7-4ca6-8249-46a4f20d72a7 | my-domain.org. | NS | ns1.example.org. | ACTIVE | NONE | | | | | ns3.example.org. | | | | | | | ns2.example.org. | | | | 69666877-6e1b-49f6-9c7d-0041a63bf417 | my-domain.org. | SOA | ns2.example.org. mlavalle.redhat.com. 1662507060 3557 600 86400 3600 | ACTIVE | NONE | +--------------------------------------+----------------+------+----------------------------------------------------------------------+--------+--------+ (overcloud) [stack@undercloud-0 ~]$ openstack port create --network external --dns-name my-vm my-vm +-------------------------+------------------------------------------------------------------------------------+ | Field | Value | +-------------------------+------------------------------------------------------------------------------------+ | admin_state_up | UP | | allowed_address_pairs | | | binding_host_id | | | binding_profile | | | binding_vif_details | | | binding_vif_type | unbound | | binding_vnic_type | normal | | created_at | 2022-09-09T23:10:29Z | | data_plane_status | None | | description | | | device_id | | | device_owner | | | device_profile | None | | dns_assignment | fqdn='my-vm.my-domain.org.', hostname='my-vm', ip_address='172.31.251.162' | | | fqdn='my-vm.my-domain.org.', hostname='my-vm', ip_address='fd5e:7a6b:1a62::2ea' | | dns_domain | None | | dns_name | my-vm | | extra_dhcp_opts | | | fixed_ips | ip_address='172.31.251.162', subnet_id='7c13e619-9d97-409a-8de8-d78f5c9a1f53' | | | ip_address='fd5e:7a6b:1a62::2ea', subnet_id='d605cc77-e396-4525-bca8-88f15c6096b0' | | id | a5fb6974-7d77-4ca5-9ff5-99c9cf68a3d7 | | ip_allocation | immediate | | mac_address | fa:16:3e:ed:59:6f | | name | my-vm | | network_id | 325116e0-8423-4344-9a92-505e10070502 | | numa_affinity_policy | None | | port_security_enabled | True | | project_id | 16febe272c43478899f107ebad01ce47 | | propagate_uplink_status | None | | qos_network_policy_id | None | | qos_policy_id | None | | resource_request | None | | revision_number | 1 | | security_group_ids | bb9645cc-3148-47ea-888e-0f25730a8e05 | | status | DOWN | | tags | | | trunk_details | None | | updated_at | 2022-09-09T23:10:29Z | +-------------------------+------------------------------------------------------------------------------------+ (overcloud) [stack@undercloud-0 ~]$ openstack recordset list 5dd34595-92a6-4884-8431-9205cdd7f81f +--------------------------------------+----------------------+------+----------------------------------------------------------------------+--------+--------+ | id | name | type | records | status | action | +--------------------------------------+----------------------+------+----------------------------------------------------------------------+--------+--------+ | 45ba383f-2ba7-4ca6-8249-46a4f20d72a7 | my-domain.org. | NS | ns1.example.org. | ACTIVE | NONE | | | | | ns3.example.org. | | | | | | | ns2.example.org. | | | | 69666877-6e1b-49f6-9c7d-0041a63bf417 | my-domain.org. | SOA | ns2.example.org. mlavalle.redhat.com. 1662765031 3557 600 86400 3600 | ACTIVE | NONE | | 0d68b12b-7c3d-41e2-b789-60883bdfe0d1 | my-vm.my-domain.org. | A | 172.31.251.162 | ACTIVE | NONE | | 70b92a3d-6a3e-49c5-9c06-6428a612ac27 | my-vm.my-domain.org. | AAAA | fd5e:7a6b:1a62::2ea | ACTIVE | NONE | +--------------------------------------+----------------------+------+----------------------------------------------------------------------+--------+--------+ For this to work, the following needs to happen: 1) The zone has to be created by the project that creates the port 2) The network where the port is created has to have a valid dns_domain value and a a segmentation id outside the tenant networks range. In this example, I created the network as follows: openstack network create --share --provider-network-type geneve --provider-segment 100000 --dns-domain my-domain.org. external This is the tenant range for geneve networks in the system that I used for testing: [ml2_type_geneve] vni_ranges=1:65536
For upstream case 3c (https://docs.openstack.org/neutron/latest/admin/config-dns-int-ext-serv.html#use-case-3c-the-dns-extension): 1) Configure ml2 extension 'dns': [heat-admin@controller-0 ~]$ sudo cat /var/lib/config-data/puppet-generated/neutron/etc/neutron/plugins/ml2/ml2_conf.ini | grep dns extension_drivers=qos,port_security,dns 2) Using network created with (overcloud) [stack@undercloud-0 ~]$ openstack network create --share --provider-network-type geneve --provider-segment 100000 --dns-domain my-domain.org. external 3) Port creation (overcloud) [stack@undercloud-0 ~]$ openstack port create --network external --dns-name my-vm my-vm +-------------------------+-----------------------------------------------------------------------------------+ | Field | Value | +-------------------------+-----------------------------------------------------------------------------------+ | admin_state_up | UP | | allowed_address_pairs | | | binding_host_id | | | binding_profile | | | binding_vif_details | | | binding_vif_type | unbound | | binding_vnic_type | normal | | created_at | 2022-09-12T23:14:44Z | | data_plane_status | None | | description | | | device_id | | | device_owner | | | device_profile | None | | dns_assignment | fqdn='my-vm.my-domain.org.', hostname='my-vm', ip_address='172.31.251.6' | | | fqdn='my-vm.my-domain.org.', hostname='my-vm', ip_address='fd5e:7a6b:1a62::c3' | | dns_domain | None | | dns_name | my-vm | | extra_dhcp_opts | | | fixed_ips | ip_address='172.31.251.6', subnet_id='7c13e619-9d97-409a-8de8-d78f5c9a1f53' | | | ip_address='fd5e:7a6b:1a62::c3', subnet_id='d605cc77-e396-4525-bca8-88f15c6096b0' | | id | e7e56b1d-f82d-4fd0-ad2c-6a2d8364f7c0 | | ip_allocation | immediate | | mac_address | fa:16:3e:38:5b:e9 | | name | my-vm | | network_id | 325116e0-8423-4344-9a92-505e10070502 | | numa_affinity_policy | None | | port_security_enabled | True | | project_id | 16febe272c43478899f107ebad01ce47 | | propagate_uplink_status | None | | qos_network_policy_id | None | | qos_policy_id | None | | resource_request | None | | revision_number | 1 | | security_group_ids | bb9645cc-3148-47ea-888e-0f25730a8e05 | | status | DOWN | | tags | | | trunk_details | None | | updated_at | 2022-09-12T23:14:44Z | +-------------------------+-----------------------------------------------------------------------------------+ 4) Result in Designate zone (overcloud) [stack@undercloud-0 ~]$ openstack recordset list my-domain.org. +--------------------------------------+----------------------+------+----------------------------------------------------------------------+--------+--------+ | id | name | type | records | status | action | +--------------------------------------+----------------------+------+----------------------------------------------------------------------+--------+--------+ | 45ba383f-2ba7-4ca6-8249-46a4f20d72a7 | my-domain.org. | NS | ns1.example.org. | ACTIVE | NONE | | | | | ns3.example.org. | | | | | | | ns2.example.org. | | | | 69666877-6e1b-49f6-9c7d-0041a63bf417 | my-domain.org. | SOA | ns2.example.org. mlavalle.redhat.com. 1663024486 3557 600 86400 3600 | ACTIVE | NONE | | 420fa060-44c7-46fb-a0d9-d312d6668b37 | my-vm.my-domain.org. | A | 172.31.251.6 | ACTIVE | NONE | | c7f24ba4-7f4e-4028-b712-44c018493878 | my-vm.my-domain.org. | AAAA | fd5e:7a6b:1a62::c3 | ACTIVE | NONE | +--------------------------------------+----------------------+------+----------------------------------------------------------------------+--------+--------+
For upstream case 3b https://docs.openstack.org/neutron/latest/admin/config-dns-int-ext-serv.html#use-case-3b-the-dns-domain-ports-extension: 1) I configure ml2 extension 'dns_domain_ports': [heat-admin@controller-0 ~]$ sudo cat /var/lib/config-data/puppet-generated/neutron/etc/neutron/plugins/ml2/ml2_conf.ini | grep dns_domain_ports extension_drivers=qos,port_security,dns_domain_ports 2) Using network created with (overcloud) [stack@undercloud-0 ~]$ openstack network create --share --provider-network-type geneve --provider-segment 100000 --dns-domain my-domain.org. external 3) Port creation: (overcloud) [stack@undercloud-0 ~]$ openstack port create --network external --dns-name my-vm-port --dns-domain my-domain.org. my-vm-port BadRequestException: 400: Client Error for url: http://10.0.0.118:9696/v2.0/ports, Unrecognized attribute(s) 'dns_domain' The reason this is happening is because the code deployed in the test system doesn't support the extension dns_domain_ports. Notice that upstream we have this code https://github.com/openstack/neutron/blob/bd3e67d4eba6624fba4d9d926290bd159d7ffc03/neutron/common/ovn/extensions.py#L98-L101, where extensions dns_domain_ports is listed, whereas in the code deployed in the test system we have: 68 ML2_SUPPORTED_API_EXTENSIONS_OVN_L3 = [ 69 l3.ALIAS, 70 extraroute.ALIAS, 71 l3_ext_gw_mode.ALIAS, 72 fip_port_details.ALIAS, 73 floatingip_pools.ALIAS, 74 pagination.ALIAS, 75 'qos-fip', 76 sorting.ALIAS, 77 project_id.ALIAS, 78 dns.ALIAS, 79 agent_def.ALIAS, 80 az_def.ALIAS, 81 raz_def.ALIAS, 82 ] which only lists the dns extension. So when the neutron server starts we get the following in the log file: 2022-09-12 23:38:13.785 2 DEBUG neutron.api.extensions [req-2f8fef8d-445d-4ecd-9782-c9394812ae59 - - - - -] Loading extension file: dns_domain_ports.py _load_all_extensions_from_path /usr/lib/python3.9/site-packages/neutron/api/extensions.py:450 2022-09-12 23:38:13.786 2 DEBUG neutron.api.extensions [req-2f8fef8d-445d-4ecd-9782-c9394812ae59 - - - - -] Ext name="dns_domain for ports" alias="dns-domain-ports" description="Allows the DNS domain to be specified for a network port." updated="2017-04-24T10:00:00-00:00" _check_extension /usr/lib/python3.9/site-packages/neutron/api/extensions.py:416 2022-09-12 23:38:13.786 2 INFO neutron.api.extensions [req-2f8fef8d-445d-4ecd-9782-c9394812ae59 - - - - -] Extension dns-domain-ports not supported by any of loaded plugins A similar thing is happening with the subnet_dns_publish_fixed_ip extension (case 3a upstream).
After adding extensions dns_domain_ports and subnet_dns_publish_fixed_ip to neutron/common/ovn/extensions.py: ML2_SUPPORTED_API_EXTENSIONS_OVN_L3 = [ l3.ALIAS, extraroute.ALIAS, l3_ext_gw_mode.ALIAS, fip_port_details.ALIAS, floatingip_pools.ALIAS, pagination.ALIAS, 'qos-fip', sorting.ALIAS, project_id.ALIAS, dns.ALIAS, dns_domain_ports.ALIAS, subnet_dns_publish_fixed_ip.ALIAS, agent_def.ALIAS, az_def.ALIAS, raz_def.ALIAS, ] I was able to test successfully the upstream use case 3b https://docs.openstack.org/neutron/latest/admin/config-dns-int-ext-serv.html#use-case-3b-the-dns-domain-ports-extension: (overcloud) [stack@undercloud-0 ~]$ openstack zone create --email mlavalle my-domain-port.org. +----------------+--------------------------------------+ | Field | Value | +----------------+--------------------------------------+ | action | CREATE | | attributes | | | created_at | 2022-09-13T21:17:05.000000 | | description | None | | email | mlavalle | | id | 43070661-f54c-4f6e-b25e-fb35457ad8f4 | | masters | | | name | my-domain-port.org. | | pool_id | 794ccc2c-d751-44fe-b57f-8894c9f5c842 | | project_id | 16febe272c43478899f107ebad01ce47 | | serial | 1663103825 | | status | PENDING | | transferred_at | None | | ttl | 3600 | | type | PRIMARY | | updated_at | None | | version | 1 | +----------------+--------------------------------------+ (overcloud) [stack@undercloud-0 ~]$ openstack recordset list my-domain-port.org. +--------------------------------------+---------------------+------+----------------------------------------------------------------------+--------+--------+ | id | name | type | records | status | action | +--------------------------------------+---------------------+------+----------------------------------------------------------------------+--------+--------+ | 3fbf7fe9-a660-4b67-a50d-0610e4e791b0 | my-domain-port.org. | SOA | ns2.example.org. mlavalle.redhat.com. 1663103825 3594 600 86400 3600 | ACTIVE | NONE | | 86696de9-5b24-45c5-9c07-d6a963d98e8e | my-domain-port.org. | NS | ns1.example.org. | ACTIVE | NONE | | | | | ns3.example.org. | | | | | | | ns2.example.org. | | | +--------------------------------------+---------------------+------+----------------------------------------------------------------------+--------+--------+ (overcloud) [stack@undercloud-0 ~]$ openstack port create --network external --dns-name my-vm-port --dns-domain my-domain-port.org. my-vm-port +-------------------------+------------------------------------------------------------------------------------------------+ | Field | Value | +-------------------------+------------------------------------------------------------------------------------------------+ | admin_state_up | UP | | allowed_address_pairs | | | binding_host_id | | | binding_profile | | | binding_vif_details | | | binding_vif_type | unbound | | binding_vnic_type | normal | | created_at | 2022-09-13T21:41:35Z | | data_plane_status | None | | description | | | device_id | | | device_owner | | | device_profile | None | | dns_assignment | fqdn='my-vm-port.my-domain-port.org.', hostname='my-vm-port', ip_address='172.31.251.12' | | | fqdn='my-vm-port.my-domain-port.org.', hostname='my-vm-port', ip_address='fd5e:7a6b:1a62::232' | | dns_domain | my-domain-port.org. | | dns_name | my-vm-port | | extra_dhcp_opts | | | fixed_ips | ip_address='172.31.251.12', subnet_id='7c13e619-9d97-409a-8de8-d78f5c9a1f53' | | | ip_address='fd5e:7a6b:1a62::232', subnet_id='d605cc77-e396-4525-bca8-88f15c6096b0' | | id | 57280f32-a710-40ba-ba14-0744bcb46c14 | | ip_allocation | immediate | | mac_address | fa:16:3e:4a:57:28 | | name | my-vm-port | | network_id | 325116e0-8423-4344-9a92-505e10070502 | | numa_affinity_policy | None | | port_security_enabled | True | | project_id | 16febe272c43478899f107ebad01ce47 | | propagate_uplink_status | None | | qos_network_policy_id | None | | qos_policy_id | None | | resource_request | None | | revision_number | 1 | | security_group_ids | bb9645cc-3148-47ea-888e-0f25730a8e05 | | status | DOWN | | tags | | | trunk_details | None | | updated_at | 2022-09-13T21:41:35Z | +-------------------------+------------------------------------------------------------------------------------------------+ (overcloud) [stack@undercloud-0 ~]$ openstack recordset list my-domain-port.org. +--------------------------------------+--------------------------------+------+----------------------------------------------------------------------+---------+--------+ | id | name | type | records | status | action | +--------------------------------------+--------------------------------+------+----------------------------------------------------------------------+---------+--------+ | 3fbf7fe9-a660-4b67-a50d-0610e4e791b0 | my-domain-port.org. | SOA | ns2.example.org. mlavalle.redhat.com. 1663105297 3594 600 86400 3600 | PENDING | UPDATE | | 86696de9-5b24-45c5-9c07-d6a963d98e8e | my-domain-port.org. | NS | ns1.example.org. | ACTIVE | NONE | | | | | ns3.example.org. | | | | | | | ns2.example.org. | | | | 0d7ff2c7-f774-4b00-a92c-1898ad9eaa7a | my-vm-port.my-domain-port.org. | AAAA | fd5e:7a6b:1a62::232 | PENDING | CREATE | | c5845479-89c4-4ea3-9b02-abeebfba4120 | my-vm-port.my-domain-port.org. | A | 172.31.251.12 | PENDING | CREATE | +--------------------------------------+--------------------------------+------+----------------------------------------------------------------------+---------+--------+
I should have mentioned in comment 4 above the configured dns extension: [heat-admin@controller-0 ~]$ sudo cat /var/lib/config-data/puppet-generated/neutron/etc/neutron/plugins/ml2/ml2_conf.ini | grep dns_domain_ports extension_drivers=qos,port_security,dns_domain_ports
I was also able to successfully test upstream use case 3a https://docs.openstack.org/neutron/latest/admin/config-dns-int-ext-serv.html#use-case-3a-the-subnet-dns-publish-fixed-ip-extension: heat-admin@controller-0 ~]$ sudo cat /var/lib/config-data/puppet-generated/neutron/etc/neutron/plugins/ml2/ml2_conf.ini | grep subnet_dns_publish_fixed_ip extension_drivers=qos,port_security,subnet_dns_publish_fixed_ip (overcloud) [stack@undercloud-0 ~]$ openstack network create --share --provider-network-type geneve --provider-segment 100001 --dns-domain my-domain.org. dualstack +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2022-09-13T22:35:12Z | | description | | | dns_domain | my-domain.org. | | id | 024bf3df-2a98-4f68-a072-150439183d27 | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | is_vlan_transparent | None | | mtu | 1442 | | name | dualstack | | port_security_enabled | True | | project_id | 16febe272c43478899f107ebad01ce47 | | provider:network_type | geneve | | provider:physical_network | None | | provider:segmentation_id | 100001 | | qos_policy_id | None | | revision_number | 1 | | router:external | Internal | | segments | None | | shared | True | | status | ACTIVE | | subnets | | | tags | | | updated_at | 2022-09-13T22:35:12Z | +---------------------------+--------------------------------------+ (overcloud) [stack@undercloud-0 ~]$ openstack subnet create --network dualstack dualstackv4 --subnet-range 172.31.252.0/24 +----------------------+--------------------------------------+ | Field | Value | +----------------------+--------------------------------------+ | allocation_pools | 172.31.252.2-172.31.252.254 | | cidr | 172.31.252.0/24 | | created_at | 2022-09-13T22:35:40Z | | description | | | dns_nameservers | | | dns_publish_fixed_ip | False | | enable_dhcp | True | | gateway_ip | 172.31.252.1 | | host_routes | | | id | 7d1ca5b2-4783-4787-9381-1e4d6f191832 | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | dualstackv4 | | network_id | 024bf3df-2a98-4f68-a072-150439183d27 | | prefix_length | None | | project_id | 16febe272c43478899f107ebad01ce47 | | revision_number | 0 | | segment_id | None | | service_types | None | | subnetpool_id | None | | tags | | | updated_at | 2022-09-13T22:35:40Z | +----------------------+--------------------------------------+ (overcloud) [stack@undercloud-0 ~]$ openstack subnet create --network dualstack dualstackv6 --ip-version 6 --subnet-range 2001:db8:42:42::/64 --dns-publish-fixed-ip +----------------------+------------------------------------------------------+ | Field | Value | +----------------------+------------------------------------------------------+ | allocation_pools | 2001:db8:42:42::1-2001:db8:42:42:ffff:ffff:ffff:ffff | | cidr | 2001:db8:42:42::/64 | | created_at | 2022-09-13T22:36:13Z | | description | | | dns_nameservers | | | dns_publish_fixed_ip | True | | enable_dhcp | True | | gateway_ip | 2001:db8:42:42:: | | host_routes | | | id | e2312c05-10fc-4f2e-a645-022e84f49d6b | | ip_version | 6 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | dualstackv6 | | network_id | 024bf3df-2a98-4f68-a072-150439183d27 | | prefix_length | None | | project_id | 16febe272c43478899f107ebad01ce47 | | revision_number | 0 | | segment_id | None | | service_types | None | | subnetpool_id | None | | tags | | | updated_at | 2022-09-13T22:36:13Z | +----------------------+------------------------------------------------------+ (overcloud) [stack@undercloud-0 ~]$ openstack recordset list my-domain-port.org. +--------------------------------------+---------------------+------+----------------------------------------------------------------------+--------+--------+ | id | name | type | records | status | action | +--------------------------------------+---------------------+------+----------------------------------------------------------------------+--------+--------+ | 3fbf7fe9-a660-4b67-a50d-0610e4e791b0 | my-domain-port.org. | SOA | ns2.example.org. mlavalle.redhat.com. 1663105773 3594 600 86400 3600 | ACTIVE | NONE | | 86696de9-5b24-45c5-9c07-d6a963d98e8e | my-domain-port.org. | NS | ns1.example.org. | ACTIVE | NONE | | | | | ns3.example.org. | | | | | | | ns2.example.org. | | | +--------------------------------------+---------------------+------+----------------------------------------------------------------------+--------+--------+ (overcloud) [stack@undercloud-0 ~]$ openstack port create --network dualstack --dns-name my-vm-port --dns-domain my-domain-port.org. my-vm-port +-------------------------+------------------------------------------------------------------------------------------------+ | Field | Value | +-------------------------+------------------------------------------------------------------------------------------------+ | admin_state_up | UP | | allowed_address_pairs | | | binding_host_id | | | binding_profile | | | binding_vif_details | | | binding_vif_type | unbound | | binding_vnic_type | normal | | created_at | 2022-09-13T22:38:32Z | | data_plane_status | None | | description | | | device_id | | | device_owner | | | device_profile | None | | dns_assignment | fqdn='my-vm-port.my-domain-port.org.', hostname='my-vm-port', ip_address='172.31.252.95' | | | fqdn='my-vm-port.my-domain-port.org.', hostname='my-vm-port', ip_address='2001:db8:42:42::2de' | | dns_domain | my-domain-port.org. | | dns_name | my-vm-port | | extra_dhcp_opts | | | fixed_ips | ip_address='172.31.252.95', subnet_id='7d1ca5b2-4783-4787-9381-1e4d6f191832' | | | ip_address='2001:db8:42:42::2de', subnet_id='e2312c05-10fc-4f2e-a645-022e84f49d6b' | | id | c472a1d1-bdce-4399-bdf5-0c06a8e2f735 | | ip_allocation | immediate | | mac_address | fa:16:3e:f6:1b:d0 | | name | my-vm-port | | network_id | 024bf3df-2a98-4f68-a072-150439183d27 | | numa_affinity_policy | None | | port_security_enabled | True | | project_id | 16febe272c43478899f107ebad01ce47 | | propagate_uplink_status | None | | qos_network_policy_id | None | | qos_policy_id | None | | resource_request | None | | revision_number | 1 | | security_group_ids | bb9645cc-3148-47ea-888e-0f25730a8e05 | | status | DOWN | | tags | | | trunk_details | None | | updated_at | 2022-09-13T22:38:33Z | +-------------------------+------------------------------------------------------------------------------------------------+ (overcloud) [stack@undercloud-0 ~]$ openstack recordset list my-domain-port.org. +--------------------------------------+--------------------------------+------+----------------------------------------------------------------------+---------+--------+ | id | name | type | records | status | action | +--------------------------------------+--------------------------------+------+----------------------------------------------------------------------+---------+--------+ | 3fbf7fe9-a660-4b67-a50d-0610e4e791b0 | my-domain-port.org. | SOA | ns2.example.org. mlavalle.redhat.com. 1663108713 3594 600 86400 3600 | PENDING | UPDATE | | 86696de9-5b24-45c5-9c07-d6a963d98e8e | my-domain-port.org. | NS | ns1.example.org. | ACTIVE | NONE | | | | | ns3.example.org. | | | | | | | ns2.example.org. | | | | d521c200-6976-48b8-8547-ea536aa06f48 | my-vm-port.my-domain-port.org. | AAAA | 2001:db8:42:42::2de | PENDING | CREATE | +--------------------------------------+--------------------------------+------+----------------------------------------------------------------------+---------+--------+ It is also important to mention that the upstream documentation suggests that in use case 3a the network doesn't need to meet the requirements listed in https://docs.openstack.org/neutron/latest/admin/config-dns-int-ext-serv.html#configuration-of-the-externally-accessible-network-for-use-cases-3b-and-3c. In fact, the example shown in documentation creates the network as follows, without specifying the segmentation id, as I did above: $ openstack network create dualstack This is an error. I added a couple of log statements (lines 85 and 92) to the dns extension as follows: 84 def process_create_port(self, plugin_context, request_data, db_data): 85 LOG.debug("mlavalle: %s", cfg.CONF.dns_domain) 86 if not (request_data.get(dns_apidef.DNSNAME) or 87 request_data.get(dns_apidef.DNSDOMAIN)): 88 return 89 dns_name, is_dns_domain_default = self._get_request_dns_name( 90 request_data) 91 if is_dns_domain_default: 92 LOG.debug("mlavalle returning due to default dns_domain") 93 return and this is what I got in the log file after processing the port creation shown above: heat-admin@controller-1 ~]$ sudo tail -f /var/log/containers/neutron/server.log | grep mlavalle 2022-09-13 22:38:33.096 15 DEBUG neutron.plugins.ml2.extensions.dns_integration [req-212f80d0-7681-440e-a585-cf977bef0df7 70700b84f1a0486b96b40661c050d6e1 16febe272c43478899f107ebad01ce47 - default default] mlavalle: midominio.org. process_create_port /usr/lib/python3.9/site-packages/neutron/plugins/ml2/extensions/dns_integration.py:85 In other words, the port creation still executed line 85 and would have executed lines 92-93 (failing the publishing of the port's data in Designate) should the network hadn't met the requirements in https://docs.openstack.org/neutron/latest/admin/config-dns-int-ext-serv.html#configuration-of-the-externally-accessible-network-for-use-cases-3b-and-3c
I checked in our downstream Neutron branch rhos/rhos-17.0-trunk-patches to see what DNS extensions the code supports and found that only dns is there: ML2_SUPPORTED_API_EXTENSIONS_OVN_L3 = [ l3.ALIAS, extraroute.ALIAS, l3_ext_gw_mode.ALIAS, fip_port_details.ALIAS, floatingip_pools.ALIAS, pagination.ALIAS, 'qos-fip', sorting.ALIAS, project_id.ALIAS, dns.ALIAS, agent_def.ALIAS, az_def.ALIAS, raz_def.ALIAS, ] I also check the upstream Wallaby branch and found the same: https://github.com/openstack/neutron/blob/e73a62cf1465cf7dbf5190ba72b6e375ce40293a/neutron/common/ovn/extensions.py#L66-L79 So I think this is a valid bz for Neutron. Here's what needs to be done: 1) Backport upstream patch https://review.opendev.org/c/openstack/neutron/+/813969 to Wallaby 2) Then backport downstream to rhos/rhos-17.0-trunk-patches
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Red Hat OpenStack Platform 17.0 (openstack-neutron) security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:0275