Page MenuHomePhabricator
Create Task
Maniphest T204013

Horizon Designate dashboard not allowing creation of NS records
Closed, ResolvedPublic
Actions

Description

For testing around T199711: Deploy a scalable service for ACME (LetsEncrypt) certificate management I set up a development version of gdnsd (using our authdns puppet module with cut-down config and zones) inside a labs instance, gave it a floating IP and a security group that allowed port 53 TCP+UDP in, set up an A record pointing to the floating IP. Great.
But then I wanted to actually delegate a zone to it to test the whole process (I needed to complete LE challenges with it). It turns out that Horizon doesn't actually seem to let you create NS records? I've got a workaround using a non-wmflabs.org domain but this is unideal.
I think this is a problem in upstream designate-dashboard.

Related Objects

Event Timeline

Krenair created this task.Sep 11 2018, 1:54 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 11 2018, 1:54 AM
Krenair moved this task from Backlog to Reported Upstream on the Upstream board.Sep 11 2018, 1:59 AM

https://bugs.launchpad.net/designate-dashboard/+bug/1791865

ema triaged this task as Medium priority.Sep 11 2018, 8:32 AM
ema added a project: Traffic.
Restricted Application added a project: SRE. · View Herald TranscriptSep 11 2018, 8:32 AM
ema moved this task from Backlog to Radar/Not for service by Traffic on the Traffic board.Sep 11 2018, 8:32 AM
Krenair added a comment.EditedOct 3 2018, 4:59 PM

I got projectadmin in the openstack tenant and made an m1.medium instance called labs-t204013-osdev. Then I followed https://docs.openstack.org/designate/latest/contributor/devstack.html, with these differences before step 5:

P7622 working devstack on stretch
1diff --git a/files/debs/general b/files/debs/general
2index df872a0a..742ddfde 100644
3--- a/files/debs/general
4+++ b/files/debs/general
5@@ -14,7 +14,7 @@ iputils-ping
6 libapache2-mod-proxy-uwsgi
7 libffi-dev # for pyOpenSSL
8 libjpeg-dev # Pillow 3.0.0
9-libmysqlclient-dev # MySQL-python
10+default-libmysqlclient-dev # MySQL-python
11 libpcre3-dev # for python-pcre
12 libpq-dev # psycopg2
13 libssl-dev # for pyOpenSSL
14diff --git a/files/debs/neutron-common b/files/debs/neutron-common
15index e30f678f..92fe9ec9 100644
16--- a/files/debs/neutron-common
17+++ b/files/debs/neutron-common
18@@ -6,7 +6,7 @@ haproxy # to serve as metadata proxy inside router/dhcp namespaces
19 iptables
20 iputils-arping
21 iputils-ping
22-libmysqlclient-dev
23+default-libmysqlclient-dev
24 mysql-server #NOPRIME
25 postgresql-server-dev-all
26 python-mysqldb
27diff --git a/files/debs/nova b/files/debs/nova
28index 5e14aec8..2bde5413 100644
29--- a/files/debs/nova
30+++ b/files/debs/nova
31@@ -9,7 +9,7 @@ iptables
32 iputils-arping
33 kpartx
34 libjs-jquery-tablesorter # Needed for coverage html reports
35-libmysqlclient-dev
36+default-libmysqlclient-dev
37 libvirt-bin # dist:xenial NOPRIME
38 libvirt-clients # not:xenial NOPRIME
39 libvirt-daemon-system # not:xenial NOPRIME
40diff --git a/lib/databases/mysql b/lib/databases/mysql
41index cf610563..9383f2ea 100644
42--- a/lib/databases/mysql
43+++ b/lib/databases/mysql
44@@ -86,8 +86,8 @@ function configure_database_mysql {
45 # because the package might have been installed already.
46 sudo mysqladmin -u root password $DATABASE_PASSWORD || true
47
48- # Update the DB to give user '$DATABASE_USER'@'%' full control of the all databases:
49- sudo mysql -uroot -p$DATABASE_PASSWORD -h127.0.0.1 -e "GRANT ALL PRIVILEGES ON *.* TO '$DATABASE_USER'@'%' identified by '$DATABASE_PASSWORD';"
50+ # Update the DB to give user '$DATABASE_USER'@'localhost' full control of the all databases:
51+ sudo mysql -uroot -p$DATABASE_PASSWORD -h127.0.0.1 -e "GRANT ALL PRIVILEGES ON *.* TO '$DATABASE_USER'@'localhost' identified by '$DATABASE_PASSWORD';"
52
53 # Now update ``my.cnf`` for some local needs and restart the mysql service

Can create such a record just fine in designate, so the problem here is just designate-dashboard (the horizon integration code):

krenair@labs-t204013-osdev:~/devstack$ openstack recordset list 07af47d4-ba30-4704-a4ed-143f6fadd26c
+--------------------------------------+------------------+------+---------------------------------------------------------------------+--------+--------+
| id                                   | name             | type | records                                                             | status | action |
+--------------------------------------+------------------+------+---------------------------------------------------------------------+--------+--------+
| cd323799-3b54-4f5f-b753-3baa98954900 | example.net.     | NS   | ns1.devstack.org.                                                   | ACTIVE | NONE   |
| e5767470-011b-491b-b400-55846298f79d | example.net.     | SOA  | ns1.devstack.org. admin.example.net. 1538585609 3502 600 86400 3600 | ACTIVE | NONE   |
| 0d0d1393-5195-4bb1-81c3-9265cb002241 | www.example.net. | A    | 127.0.0.1                                                           | ACTIVE | NONE   |
+--------------------------------------+------------------+------+---------------------------------------------------------------------+--------+--------+
krenair@labs-t204013-osdev:~/devstack$ openstack recordset create --records 'certcentralgdnsd.beta.wmflabs.org.'  --type NS example.net. sub
Option --records is deprecated, use --record instead.
+-------------+--------------------------------------+
| Field       | Value                                |
+-------------+--------------------------------------+
| action      | CREATE                               |
| created_at  | 2018-10-03T16:55:38.000000           |
| description | None                                 |
| id          | cb5c2d0a-205f-49cd-8efe-4b3569968fb8 |
| name        | sub.example.net.                     |
| project_id  | bbbf01bd94324afa938a0e59a6fbc0ec     |
| records     | certcentralgdnsd.beta.wmflabs.org.   |
| status      | PENDING                              |
| ttl         | None                                 |
| type        | NS                                   |
| updated_at  | None                                 |
| version     | 1                                    |
| zone_id     | 07af47d4-ba30-4704-a4ed-143f6fadd26c |
| zone_name   | example.net.                         |
+-------------+--------------------------------------+
krenair@labs-t204013-osdev:~/devstack$ openstack recordset list 07af47d4-ba30-4704-a4ed-143f6fadd26c
+--------------------------------------+------------------+------+---------------------------------------------------------------------+---------+--------+
| id                                   | name             | type | records                                                             | status  | action |
+--------------------------------------+------------------+------+---------------------------------------------------------------------+---------+--------+
| cd323799-3b54-4f5f-b753-3baa98954900 | example.net.     | NS   | ns1.devstack.org.                                                   | ACTIVE  | NONE   |
| e5767470-011b-491b-b400-55846298f79d | example.net.     | SOA  | ns1.devstack.org. admin.example.net. 1538585738 3502 600 86400 3600 | PENDING | UPDATE |
| 0d0d1393-5195-4bb1-81c3-9265cb002241 | www.example.net. | A    | 127.0.0.1                                                           | ACTIVE  | NONE   |
| cb5c2d0a-205f-49cd-8efe-4b3569968fb8 | sub.example.net. | NS   | certcentralgdnsd.beta.wmflabs.org.                                  | PENDING | CREATE |
+--------------------------------------+------------------+------+---------------------------------------------------------------------+---------+--------+
Krenair moved this task from Reported Upstream to Patch merged upstream on the Upstream board.EditedOct 20 2018, 1:37 PM

I created an upstream patch, it got merged, now we just need to wait for OpenStack Stein to be released and upgrade to it. I also deleted my labs-t204013-osdev instance.
Also my original use case for this is gone as certcentral/gdnsd integration got deployed into prod late last week, I had been testing it in labs but I think I'll do designate integration for actual deployment-prep use.

Phabricator_maintenance moved this task from Backlog to Acknowledged on the SRE board.Jan 26 2019, 10:21 PM
GTirloni added a project: cloud-services-team (Kanban).Mar 21 2019, 4:59 PM
bd808 moved this task from Backlog to Upstream on the Horizon board.Nov 10 2019, 11:12 PM
Krenair added a comment.Nov 10 2019, 11:31 PM

(Stein got released on 10th April, Wikimedia probably wont have it for a while though)

taavi closed this task as Resolved.Mar 21 2021, 6:32 PM
taavi assigned this task to Krenair.
taavi subscribed.

Looks like this was fixed some time ago, we're now on Horizon Train and I see the option on Horizon.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL