Issue #19842 has been reported by Vincent Gallissot.
----------------------------------------
Feature #19842: Unnecessary amount of dns requests with SRV records
https://projects.puppetlabs.com/issues/19842
* Author: Vincent Gallissot
* Status: Unreviewed
* Priority: Normal
* Assignee:
* Category: server
* Target version: 3.x
* Affected Puppet version: 3.1.1
* Keywords: srv dns requests
* Branch:
----------------------------------------
Hi,
I want to make you a feedback of using SRV records with Puppet 3.1.1
My architecture is :
- puppetca = puppet master acting as ca and able to manage all nodes
files (centos 6.3 with Puppet server 3.1.1)
- puppet1 and puppet2 = puppet master not ca. They are configured the
old way (not with SRV) with ca_server=puppetca, server=fqdn and ca=false
- mynode = desktop with puppet 3.1.1, under Fedora 16
Here are my DNS records :
_x-puppet._tcp IN SRV 0 50 8140
puppet1.foobar.fr.
_x-puppet._tcp IN SRV 0 50 8140
puppet2.foobar.fr.
_x-puppet._tcp IN SRV 10 100 8140
puppetca.foobar.fr.
_x-puppet-ca._tcp IN SRV 0 100 8140
puppetca.foobar.fr.
_x-puppet-report._tcp IN SRV 0 100 8140
puppetca.foobar.fr.
First of all, thanks for correcting the bug in
http://projects.puppetlabs.com/issues/18161, works fine now !
Secondly, the tips given in http://projects.puppetlabs.com/issues/16840 work
for me too.
Thirdly, as you can see in logs (files mynode, puppet1 and puppet2 .foobar.fr),
with SRV, nodes try to reach every masters and generate a lot of requests, not
only dns ones. It tries to access all servers in "_x-puppet._tcp.foobar.fr."
and it's not the best way. It also continue to resolve SRV even if it's
downloading its configuration from the master.
Using SRV records is for high availability and load distribution. It shouldn't
double the nodes connexions. In facts, the more masters you have the more your
network is overloaded.
Nodes should try to resolve "_x-puppet._tcp.foobar.fr." only one time and if
the returned server is available to connect, the node shouldn't do any other
SRV request for "_x-puppet._tcp.foobar.fr." or tries to connect to the other
masters.
As it's written in the doc, the amount of DNS requests is very high, but is not
needed at all.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
