For testing around T199711: Deploy a scalable service for ACME (LetsEncrypt) certificate management I set up a development version of gdnsd (using our authdns puppet module with cut-down config and zones) inside a labs instance, gave it a floating IP and a security group that allowed port 53 TCP+UDP in, set up an A record pointing to the floating IP. Great.
But then I wanted to actually delegate a zone to it to test the whole process (I needed to complete LE challenges with it). It turns out that Horizon doesn't actually seem to let you create NS records? I've got a workaround using a non-wmflabs.org domain but this is unideal.
I think this is a problem in upstream designate-dashboard.
Description
Related Objects
Event Timeline
I got projectadmin in the openstack tenant and made an m1.medium instance called labs-t204013-osdev. Then I followed https://docs.openstack.org/designate/latest/contributor/devstack.html, with these differences before step 5:
Can create such a record just fine in designate, so the problem here is just designate-dashboard (the horizon integration code):
krenair@labs-t204013-osdev:~/devstack$ openstack recordset list 07af47d4-ba30-4704-a4ed-143f6fadd26c +--------------------------------------+------------------+------+---------------------------------------------------------------------+--------+--------+ | id | name | type | records | status | action | +--------------------------------------+------------------+------+---------------------------------------------------------------------+--------+--------+ | cd323799-3b54-4f5f-b753-3baa98954900 | example.net. | NS | ns1.devstack.org. | ACTIVE | NONE | | e5767470-011b-491b-b400-55846298f79d | example.net. | SOA | ns1.devstack.org. admin.example.net. 1538585609 3502 600 86400 3600 | ACTIVE | NONE | | 0d0d1393-5195-4bb1-81c3-9265cb002241 | www.example.net. | A | 127.0.0.1 | ACTIVE | NONE | +--------------------------------------+------------------+------+---------------------------------------------------------------------+--------+--------+ krenair@labs-t204013-osdev:~/devstack$ openstack recordset create --records 'certcentralgdnsd.beta.wmflabs.org.' --type NS example.net. sub Option --records is deprecated, use --record instead. +-------------+--------------------------------------+ | Field | Value | +-------------+--------------------------------------+ | action | CREATE | | created_at | 2018-10-03T16:55:38.000000 | | description | None | | id | cb5c2d0a-205f-49cd-8efe-4b3569968fb8 | | name | sub.example.net. | | project_id | bbbf01bd94324afa938a0e59a6fbc0ec | | records | certcentralgdnsd.beta.wmflabs.org. | | status | PENDING | | ttl | None | | type | NS | | updated_at | None | | version | 1 | | zone_id | 07af47d4-ba30-4704-a4ed-143f6fadd26c | | zone_name | example.net. | +-------------+--------------------------------------+ krenair@labs-t204013-osdev:~/devstack$ openstack recordset list 07af47d4-ba30-4704-a4ed-143f6fadd26c +--------------------------------------+------------------+------+---------------------------------------------------------------------+---------+--------+ | id | name | type | records | status | action | +--------------------------------------+------------------+------+---------------------------------------------------------------------+---------+--------+ | cd323799-3b54-4f5f-b753-3baa98954900 | example.net. | NS | ns1.devstack.org. | ACTIVE | NONE | | e5767470-011b-491b-b400-55846298f79d | example.net. | SOA | ns1.devstack.org. admin.example.net. 1538585738 3502 600 86400 3600 | PENDING | UPDATE | | 0d0d1393-5195-4bb1-81c3-9265cb002241 | www.example.net. | A | 127.0.0.1 | ACTIVE | NONE | | cb5c2d0a-205f-49cd-8efe-4b3569968fb8 | sub.example.net. | NS | certcentralgdnsd.beta.wmflabs.org. | PENDING | CREATE | +--------------------------------------+------------------+------+---------------------------------------------------------------------+---------+--------+
I created an upstream patch, it got merged, now we just need to wait for OpenStack Stein to be released and upgrade to it. I also deleted my labs-t204013-osdev instance.
Also my original use case for this is gone as certcentral/gdnsd integration got deployed into prod late last week, I had been testing it in labs but I think I'll do designate integration for actual deployment-prep use.
(Stein got released on 10th April, Wikimedia probably wont have it for a while though)
Looks like this was fixed some time ago, we're now on Horizon Train and I see the option on Horizon.