subject:"\[xcat\-user\] Questions on prerequisites for external DNS and makedns \-e"

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

2014-10-06 Thread Lissa Valletta

Josh we will investigate the area.  Unless you sign a contributors
agreemen,t we cannot use you code.
Here are the details.
https://sourceforge.net/p/xcat/wiki/XCAT_Developer_Guide/#contributor-and-maintainer-agreements


Lissa K. Valletta
8-3/B10
Poughkeepsie, NY 12601
(tie 293) 433-3102





From:   Josh Nielsen jniel...@hudsonalpha.org
To: xCAT Users Mailing list xcat-user@lists.sourceforge.net,
Lissa Valletta/Poughkeepsie/IBM@IBMUS, w...@cn.ibm.com
Date:   10/03/2014 03:05 PM
Subject:Re: [xcat-user] Questions on prerequisites for external DNS and
makedns -e



Lissa / Xiao,

I may have possibly discovered a bug(?) in ddns.pm, unless it is a print
formatting issue. I traced the autovivification of the $ctx hash in ddns.pm
throughout the code, and then wrote a few lines of test code to descend
into all the hash values of $ctx and print them out (prefixed with the
string CTX Key/Value).

For $ctx-{resolver} the value looks like it may not have executed the
Net::DNS::Resolver Perl call correctly, and instead treated the
Net::DNS::Resolver function as a literal string (and what caught my eye is
that the string has a space between the two colons after Net (e.g.
Net: :). Here is what my code printed for the key/value of $ctx-
{resolver}:

CTX Key/Value ||resolver|| = Net: :DNS::Resolver=HASH(0x2ca6b08)

Maybe the actual Perl module call Net: :DNS::Resolver is meant to be
literally placed in the value of the $ctx_{resolver} though, so I may be
mistaken. By contrast, however, some of the other key/value pairs under
$ctx looked like this:

CTX Key/Value ||domain|| = morgan.haib.org

CTX Key/Value ||forwarders|| = ARRAY(0x2b9b2d8)
  ||forwarders|| (ARRAY VALUE) 172.24.12.1
  ||forwarders|| (ARRAY VALUE) 172.24.12.2

The relevant code on line 723 of ddns.pm is:

if ($external)
    {
        # based on /etc/resolv.conf
        $ctx-{resolver} = Net::DNS::Resolver-new();
    }
    else
    {
        # default to localhost
        $ctx-{resolver} = Net::DNS::Resolver-new(nameservers=
['127.0.0.1']);
    }

    my $ret = add_or_delete_records($ctx);
    unless($ret) {
        xCAT::SvrUtils::sendmsg(DNS setup is completed, $callback);
    }

Is the value of $ctx-{resolver} normally supposed to be
Net::DNS::Resolver=HASH(0x2ca6b08) (once I remove the whitespace between
the two colons)? Or is it not supposed to include the Perl module call?

Regards,
Josh

On Thu, Oct 2, 2014 at 1:47 PM, Josh Nielsen jniel...@hudsonalpha.org
wrote:
  Okay, so I moved to an RPM based install of BIND instead of from source
  and the problem did not go away. My setup is that I am using a
  development machine which I exported the current xCAT settings that are
  on my iDataPlex headnode to that dev VM which I installed xCAT on
  (definitely a newer version on the VM than the headnode) and when I first
  ran restorexCATdb I got errors when running 'makedns' which said: 
  Ignoring host node0014, it does not belong to any nets defined in
  networks table or the net it belongs to is configured to use an external
  nameserver.

  I thought: That's odd, because the network definition looks fine to me
  and I don't see why xCAT would change it between versions. On the
  headnode the networks database looks like this for the relevant network
  (compute)  a secondary network (I snipped out the other entries):

  
#netname,net,mask,mgtifname,gateway,dhcpserver,tftpserver,nameservers,ntpservers,logservers,dynamicrange,staticrange,staticrangeincrement,nodehostname,ddnsdomain,vlanid,domain,comments,disable
  
compute,10.20.0.0,255.255.0.0,eth0,,,10.20.0.1,10.20.0.1,,,10.20.200.254-10.20.254.254
  10gig,10.60.0.0,255.255.0.0,,10.20.0.1,,

  When I restored the tables on the dev VM it would fail to parse compute
  but not for 10gig (the only obvious difference being that 10gig had
  less fields filled in). I modified the ddns.pm code to echo messages when
  parsing the networks to determine what was going on, and once I
  discovered that it liked 10gig but not compute I deleted all the
  extra fields in compute to make it match 10gig and suddenly it would
  parse. Maybe it has to do with the dynamicrange field in the networks
  definition?

  Below are my code modifications (just adding sendmsg commands) and the
  corresponding output from a test execution:


     # exclude the nodes not belong to any nets defined in networks table
              #   because only the nets defined in networks table will be
  add
              #   zones later.
              my $found = 0;
              foreach (@networks)
              {
                  xCAT::SvrUtils::sendmsg(ADDR is $addr , $callback);
                  xCAT::SvrUtils::sendmsg(MASK is $_-{mask} ,
  $callback);
                  xCAT::SvrUtils::sendmsg(NETWORK is $_-{net} ,
  $callback);
                  if(xCAT::NetworkUtils-ishostinsubnet($addr, $_-{mask},
  $_-{net}))
                  {
                      $found = 1;

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

2014-10-03 Thread Josh Nielsen

Lissa / Xiao,

I may have possibly discovered a bug(?) in ddns.pm, unless it is a print
formatting issue. I traced the autovivification of the $ctx hash in ddns.pm
throughout the code, and then wrote a few lines of test code to descend
into all the hash values of $ctx and print them out (prefixed with the
string CTX Key/Value).

For $ctx-{resolver} the value looks like it may not have executed the
Net::DNS::Resolver Perl call correctly, and instead treated the
Net::DNS::Resolver function as a literal string (and what caught my eye is
that the string has a space between the two colons after Net (e.g. Net:
:). Here is what my code printed for the key/value of $ctx-{resolver}:

CTX Key/Value ||resolver|| = Net: :DNS::Resolver=HASH(0x2ca6b08)

Maybe the actual Perl module call Net: :DNS::Resolver is meant to be
literally placed in the value of the $ctx_{resolver} though, so I may be
mistaken. By contrast, however, some of the other key/value pairs under
$ctx looked like this:

CTX Key/Value ||domain|| = morgan.haib.org

CTX Key/Value ||forwarders|| = ARRAY(0x2b9b2d8)
  ||forwarders|| (ARRAY VALUE) 172.24.12.1
  ||forwarders|| (ARRAY VALUE) 172.24.12.2

The relevant code on line 723 of ddns.pm is:

if ($external)
{
# based on /etc/resolv.conf
$ctx-{resolver} = Net::DNS::Resolver-new();
}
else
{
# default to localhost
$ctx-{resolver} =
Net::DNS::Resolver-new(nameservers=['127.0.0.1']);
}

my $ret = add_or_delete_records($ctx);
unless($ret) {
xCAT::SvrUtils::sendmsg(DNS setup is completed, $callback);
}

Is the value of $ctx-{resolver} normally supposed to be
Net::DNS::Resolver=HASH(0x2ca6b08) (once I remove the whitespace between
the two colons)? Or is it not supposed to include the Perl module call?

Regards,
Josh

On Thu, Oct 2, 2014 at 1:47 PM, Josh Nielsen jniel...@hudsonalpha.org
wrote:

 Okay, so I moved to an RPM based install of BIND instead of from source
 and the problem did not go away. My setup is that I am using a development
 machine which I exported the current xCAT settings that are on my iDataPlex
 headnode to that dev VM which I installed xCAT on (definitely a newer
 version on the VM than the headnode) and when I first ran restorexCATdb I
 got errors when running 'makedns' which said: *Ignoring host node0014,
 it does not belong to any nets defined in networks table or the net it
 belongs to is configured to use an external nameserver*.

 I thought: That's odd, because the network definition looks fine to me and
 I don't see why xCAT would change it between versions. On the headnode the
 networks database looks like this for the relevant network (compute)  a
 secondary network (I snipped out the other entries):


 #netname,net,mask,mgtifname,gateway,dhcpserver,tftpserver,nameservers,ntpservers,logservers,dynamicrange,staticrange,staticrangeincrement,nodehostname,ddnsdomain,vlanid,domain,comments,disable

 compute,10.20.0.0,255.255.0.0,eth0,,,10.20.0.1,10.20.0.1,,,10.20.200.254-10.20.254.254
 10gig,10.60.0.0,255.255.0.0,,10.20.0.1,,

 When I restored the tables on the dev VM it would fail to parse compute
 but not for 10gig (the only obvious difference being that 10gig had
 less fields filled in). I modified the ddns.pm code to echo messages when
 parsing the networks to determine what was going on, and once I discovered
 that it liked 10gig but not compute I deleted all the extra fields in
 compute to make it match 10gig and suddenly it would parse. Maybe it
 has to do with the dynamicrange field in the networks definition?

 Below are my code modifications (just adding sendmsg commands) and the
 corresponding output from a test execution:


# exclude the nodes not belong to any nets defined in networks table
 #   because only the nets defined in networks table will be
 add
 #   zones later.
 my $found = 0;
 foreach (@networks)
 {
 xCAT::SvrUtils::sendmsg(ADDR is $addr , $callback);
 xCAT::SvrUtils::sendmsg(MASK is $_-{mask} , $callback);
 xCAT::SvrUtils::sendmsg(NETWORK is $_-{net} ,
 $callback);
 if(xCAT::NetworkUtils-ishostinsubnet($addr, $_-{mask},
 $_-{net}))
 {
 $found = 1;
 xCAT::SvrUtils::sendmsg(Found! , $callback);
 }
 else {
 xCAT::SvrUtils::sendmsg(Not Found! , $callback);
 }
 }

 if ($found)
 {
 push @nodes,$node;
 $ctx-{nodeips}-{$node}-{$addr}=1;
 }
 else
 {
 unless ($node =~ /localhost/)
 {
 xCAT::SvrUtils::sendmsg(:Ignoring host $node, it does
 not belong to any nets defined in networks table or the net it belongs to
 is configured to use an external nameserver., $callback);

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

2014-10-02 Thread Josh Nielsen

Okay, so I moved to an RPM based install of BIND instead of from source and
the problem did not go away. My setup is that I am using a development
machine which I exported the current xCAT settings that are on my iDataPlex
headnode to that dev VM which I installed xCAT on (definitely a newer
version on the VM than the headnode) and when I first ran restorexCATdb I
got errors when running 'makedns' which said: *Ignoring host node0014, it
does not belong to any nets defined in networks table or the net it belongs
to is configured to use an external nameserver*.

I thought: That's odd, because the network definition looks fine to me and
I don't see why xCAT would change it between versions. On the headnode the
networks database looks like this for the relevant network (compute)  a
secondary network (I snipped out the other entries):

#netname,net,mask,mgtifname,gateway,dhcpserver,tftpserver,nameservers,ntpservers,logservers,dynamicrange,staticrange,staticrangeincrement,nodehostname,ddnsdomain,vlanid,domain,comments,disable
compute,10.20.0.0,255.255.0.0,eth0,,,10.20.0.1,10.20.0.1,,,10.20.200.254-10.20.254.254
10gig,10.60.0.0,255.255.0.0,,10.20.0.1,,

When I restored the tables on the dev VM it would fail to parse compute
but not for 10gig (the only obvious difference being that 10gig had
less fields filled in). I modified the ddns.pm code to echo messages when
parsing the networks to determine what was going on, and once I discovered
that it liked 10gig but not compute I deleted all the extra fields in
compute to make it match 10gig and suddenly it would parse. Maybe it
has to do with the dynamicrange field in the networks definition?

Below are my code modifications (just adding sendmsg commands) and the
corresponding output from a test execution:


   # exclude the nodes not belong to any nets defined in networks table
#   because only the nets defined in networks table will be add
#   zones later.
my $found = 0;
foreach (@networks)
{
xCAT::SvrUtils::sendmsg(ADDR is $addr , $callback);
xCAT::SvrUtils::sendmsg(MASK is $_-{mask} , $callback);
xCAT::SvrUtils::sendmsg(NETWORK is $_-{net} , $callback);
if(xCAT::NetworkUtils-ishostinsubnet($addr, $_-{mask},
$_-{net}))
{
$found = 1;
xCAT::SvrUtils::sendmsg(Found! , $callback);
}
else {
xCAT::SvrUtils::sendmsg(Not Found! , $callback);
}
}

if ($found)
{
push @nodes,$node;
$ctx-{nodeips}-{$node}-{$addr}=1;
}
else
{
unless ($node =~ /localhost/)
{
xCAT::SvrUtils::sendmsg(:Ignoring host $node, it does
not belong to any nets defined in networks table or the net it belongs to
is configured to use an external nameserver., $callback);
}
}

---

My test run:

# makedns -e node0014
Handling node0014 in /etc/hosts.
ADDR is 10.20.101.14
MASK is
NETWORK is
Not Found!

ADDR is 10.20.101.14
MASK is
NETWORK is
Not Found!

ADDR is 10.20.101.14
MASK is 255.255.0.0
NETWORK is 10.40.0.0
Not Found!

ADDR is 10.20.101.14
MASK is 255.255.0.0
NETWORK is 10.20.0.0
Found!
-
ADDR is 10.20.101.14
MASK is 255.255.0.0
NETWORK is 10.60.0.0
Not Found!
-


As you can see, some other networks are being parsed as blank (the first
two encountered in the foreach loop) but after I modified the compute/
10.20.0.0 network then it printed finally my Found! message (perviously
it was also parsing as blank). I suspect that there are other lurking
problems in the tables between the two xCAT versions due to the
backup/restore of the databases which might be causing this problem. I'm
not sure how to address this without a full reinstall from scratch for xCAT
if a backup/restore between versions is not possible/compatible. I'm
exploring alternatives though.

Regards,
Josh


On Wed, Oct 1, 2014 at 10:45 AM, Josh Nielsen jniel...@hudsonalpha.org
wrote:

 So I'm thinking that either:

 A) My DNS server (BIND) is somehow misconfigured (which may include some
 bug when BIND is compiled from the latest source) - even though the keys
 obviously work in some instances and I am indeed getting partial remote
 updates successfully.
 - OR -
 B) There is a bug in makedns or the underlying config/tools it uses on the
 OS. Possibly there was some unclean transfer or mismatch of settings when I
 used dumpxCATdb/restorexCATdb, even though I updated the site table and
 have my resolv.conf pointing only to the external DNS server. Even so, as I
 pointed out, some of the entries are being correctly sent with the key, but
 I am occasionally seeing request is not signed for some requests OR I am
 not seeing the request for a forward lookup entry at all (which is

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

2014-10-01 Thread Josh Nielsen

So I'm thinking that either:

A) My DNS server (BIND) is somehow misconfigured (which may include some
bug when BIND is compiled from the latest source) - even though the keys
obviously work in some instances and I am indeed getting partial remote
updates successfully.
- OR -
B) There is a bug in makedns or the underlying config/tools it uses on the
OS. Possibly there was some unclean transfer or mismatch of settings when I
used dumpxCATdb/restorexCATdb, even though I updated the site table and
have my resolv.conf pointing only to the external DNS server. Even so, as I
pointed out, some of the entries are being correctly sent with the key, but
I am occasionally seeing request is not signed for some requests OR I am
not seeing the request for a forward lookup entry at all (which is what
happened the first few times I tried).

I just can't tell whether it is a sending problem (makedns/nsupdate) or a
receiving problem (external BIND server).

-Josh

On Tue, Sep 30, 2014 at 10:29 AM, Josh Nielsen jniel...@hudsonalpha.org
wrote:

 Xiao,

 For some additional details I am running BIND 9.10.0-P2 which I compiled
 from source. I used --enable-largefile which specfies 64-bit file
 support but I noticed this in the kernel boot messages in
 /var/log/messages:

 Sep 29 11:25:25 dns01 kernel: warning: `named' uses 32-bit capabilities
 (legacy support in use)

 When I start named in the foreground here are the first few lines, where
 you can see my compile options and a few things about startup:

 30-Sep-2014 09:59:20.672 built with '--prefix=/opt/bind9'
 '--sysconfdir=/etc' '--with-gtest' '--with-log4cplus=/opt/log4cplus'
 '--with-pythonpath=/usr/bin/python' '--localstatedir=/var'
 '--mandir=/usr/share/man' '--enable-threads' '--enable-largefile'
 '--with-libtool' '--disable-static' '--with-openssl'
 30-Sep-2014 09:59:20.672
 
 30-Sep-2014 09:59:20.672 BIND 9 is maintained by Internet Systems
 Consortium,
 30-Sep-2014 09:59:20.672 Inc. (ISC), a non-profit 501(c)(3) public-benefit
 30-Sep-2014 09:59:20.672 corporation.  Support and training for BIND 9 are
 30-Sep-2014 09:59:20.672 available at https://www.isc.org/support
 30-Sep-2014 09:59:20.672
 
 30-Sep-2014 09:59:20.672 adjusted limit on open files from 4096 to 1048576
 30-Sep-2014 09:59:20.672 found 1 CPU, using 1 worker thread
 30-Sep-2014 09:59:20.672 using 1 UDP listener per interface
 30-Sep-2014 09:59:20.672 using up to 4096 sockets
 30-Sep-2014 09:59:20.672 Registering DLZ_dlopen driver
 30-Sep-2014 09:59:20.672 Registering SDLZ driver 'dlopen'
 30-Sep-2014 09:59:20.672 Registering DLZ driver 'dlopen'
 30-Sep-2014 09:59:20.676 decrement_reference: delete from rbt:
 0x7ff551ecd148 .
 30-Sep-2014 09:59:20.678 socket 0x7ff551ede010: created
 30-Sep-2014 09:59:20.678 sockmgr 0x7ff551ec6010: watcher got message -3
 for socket 20
 30-Sep-2014 09:59:20.678 sockmgr 0x7ff551ec6010: watcher got message -2
 for socket -1
 30-Sep-2014 09:59:20.678 socket 0x7ff551ede010: socket_recv: event
 0x7ff551ee0010 - task 0x7ff551ed9250
 30-Sep-2014 09:59:20.678 loading configuration from '/etc/named.conf'
 30-Sep-2014 09:59:20.679 reading built-in trusted keys from file
 '/etc/bind.keys'

 I've been planning to move to an RPM based installation rolled out with
 CentOS but was testing with a source install first. Does any of this look
 like a likely culprit for the problems I'm seeing?

 Thanks,
 Josh

 On Mon, Sep 29, 2014 at 9:40 PM, Xiao Peng Wang w...@cn.ibm.com wrote:

 Then, in this case, did you check the 'allow of key xcat_key' has been
 set correctly in name.conf for zone morgan.haib.org? And did you see any
 useful message for this error in the syslog of external server?

 Thanks
 Best Regards
 --
 Wang Xiaopeng (王晓朋)
 IBM China System Technology Laboratory
 Tel: 86-10-82453455
 Email: w...@cn.ibm.com
 Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road,
 Haidian District Beijing P.R.China 100193

 [image: Inactive hide details for Josh Nielsen ---2014/09/30
 06:49:50---Okay, I have the external DNS server working: partly. For 
 some]Josh
 Nielsen ---2014/09/30 06:49:50---Okay, I have the external DNS server
 working: partly. For some very odd reason the external DNS serv

 From: Josh Nielsen jniel...@hudsonalpha.org
 To: xCAT Users Mailing list xcat-user@lists.sourceforge.net
 Date: 2014/09/30 06:49
 Subject: Re: [xcat-user] Questions on prerequisites for external DNS and
 makedns -e
 --



 Okay, I have the external DNS server working: partly. For some very odd
 reason the external DNS server is only receiving the request to enter the
 reverse lookup for a new node (ex: makedns -e node0014), but does not even
 attempt to add the forward lookup zone. I see the key authorization passed
 successfully for the reverse entry, so there are no authentication

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

2014-09-30 Thread Josh Nielsen

Hi Xiao,

Here is the relevant zone:

zone morgan.haib.org in {
  type master;
  file morgan/db.morgan.haib.org;
  allow-transfer {
10.20.0.100/32;
10.20.0.101/32;
   };
   allow-update {
   key xcat_key;
   };
   notify yes;
};

Its allow-update looks the same as the one for zone
20.10.IN-ADDR.ARPA. I saw no messages in /var/log/messages
concerning named.

But I did just try it again this morning and the opposite happened:
'morgan.haib.org' updated but 20.10.IN-ADDR.ARPA. did not. So the
issue is very inconsistent, other than that one of the two entries
gets omitted. See below (which I have shortened some), and notice
where it says request is not signed for the 20.10 zone, but it
signed (this time!) the morgain.haib.org zone:

0-Sep-2014 10:01:39.446 socket 0x7ff551edebc8 172.26.42.60#58640:
packet received correctly
30-Sep-2014 10:01:39.446 client 172.26.42.60#58640: UDP request
30-Sep-2014 10:01:39.446 client 172.26.42.60#58640: using view '_default'
30-Sep-2014 10:01:39.446 client 172.26.42.60#58640: request is not signed
30-Sep-2014 10:01:39.446 client 172.26.42.60#58640: recursion available
30-Sep-2014 10:01:39.446 client 172.26.42.60#58640: query
30-Sep-2014 10:01:39.446 client 172.26.42.60#58640
(20.10.IN-ADDR.ARPA): ns_client_attach: ref = 1
30-Sep-2014 10:01:39.446 client 172.26.42.60#58640
(20.10.IN-ADDR.ARPA): query '20.10.IN-ADDR.ARPA/NS/IN' approved
30-Sep-2014 10:01:39.446 client 172.26.42.60#58640 (20.10.IN-ADDR.ARPA): send
30-Sep-2014 10:01:39.446 client 172.26.42.60#58640 (20.10.IN-ADDR.ARPA): sendto
30-Sep-2014 10:01:39.446 client 172.26.42.60#58640
(20.10.IN-ADDR.ARPA): senddone
30-Sep-2014 10:01:39.446 client 172.26.42.60#58640 (20.10.IN-ADDR.ARPA): next
30-Sep-2014 10:01:39.446 client 172.26.42.60#58640
(20.10.IN-ADDR.ARPA): ns_client_detach: ref = 0
30-Sep-2014 10:01:39.446 client 172.26.42.60#58640
(20.10.IN-ADDR.ARPA): endrequest
30-Sep-2014 10:01:39.446 client @0x7ff5480d7710: udprecv
...
...
30-Sep-2014 10:01:39.454 socket 0x7ff551edebc8 172.26.42.60#42345:
packet received correctly
30-Sep-2014 10:01:39.454 client 172.26.42.60#42345: UDP request
30-Sep-2014 10:01:39.454 client 172.26.42.60#42345: using view '_default'
30-Sep-2014 10:01:39.455 client 172.26.42.60#42345: request has valid
signature: xcat_key
30-Sep-2014 10:01:39.455 client 172.26.42.60#42345/key xcat_key:
recursion available
30-Sep-2014 10:01:39.455 client 172.26.42.60#42345/key xcat_key: update
30-Sep-2014 10:01:39.455 client 172.26.42.60#42345/key xcat_key:
ns_client_attach: ref = 1
30-Sep-2014 10:01:39.455 client 172.26.42.60#42345/key xcat_key:
updating zone 'morgan.haib.org/IN': prerequisites are OK
30-Sep-2014 10:01:39.455 client 172.26.42.60#42345/key xcat_key:
signer xcat_key approved
30-Sep-2014 10:01:39.455 client 172.26.42.60#42345/key xcat_key:
update 'morgan.haib.org/IN' approved
30-Sep-2014 10:01:39.455 client 172.26.42.60#42345/key xcat_key:
updating zone 'morgan.haib.org/IN': update section prescan OK
30-Sep-2014 10:01:39.455 client 172.26.42.60#42345/key xcat_key:
updating zone 'morgan.haib.org/IN': adding an RR at
'node0014.morgan.haib.org' A 10.20.101.14
30-Sep-2014 10:01:39.455 client 172.26.42.60#42345/key xcat_key:
updating zone 'morgan.haib.org/IN': checking for NSEC3PARAM changes
30-Sep-2014 10:01:39.455 client 172.26.42.60#42345/key xcat_key:
updating zone 'morgan.haib.org/IN': writing journal
morgan/db.morgan.haib.org.jnl
30-Sep-2014 10:01:39.455 writing to journal
30-Sep-2014 10:01:39.455 del morgan.haib.org. 86400 IN SOA
dns01.morgan.haib.org. root.dns01.morgan.haib.org. 2012080935 10800
3600 604800 86400
30-Sep-2014 10:01:39.455 add morgan.haib.org. 86400 IN SOA
dns01.morgan.haib.org. root.dns01.morgan.haib.org. 2012080936 10800
3600 604800 86400
30-Sep-2014 10:01:39.455 add node0014.morgan.haib.org. 86400 IN A 10.20.101.14
30-Sep-2014 10:01:39.476 client 172.26.42.60#42345/key xcat_key:
updating zone 'morgan.haib.org/IN': committing update transaction
30-Sep-2014 10:01:39.477 zone_needdump: zone morgan.haib.org/IN: enter
30-Sep-2014 10:01:39.477 zone_settimer: zone morgan.haib.org/IN: enter
30-Sep-2014 10:01:39.477 zone_settimer: zone morgan.haib.org/IN: enter

I'll send another email with other possibly relevant details to keep
this one's length down.

-Josh

On Mon, Sep 29, 2014 at 9:40 PM, Xiao Peng Wang w...@cn.ibm.com wrote:
 Then, in this case, did you check the 'allow of key xcat_key' has been set
 correctly in name.conf for zone morgan.haib.org? And did you see any useful
 message for this error in the syslog of external server?

 Thanks
 Best Regards
 --
 Wang Xiaopeng (王晓朋)
 IBM China System Technology Laboratory
 Tel: 86-10-82453455
 Email: w...@cn.ibm.com
 Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, Haidian
 District Beijing P.R.China 100193

 Josh Nielsen ---2014/09/30 06:49:50---Okay, I have the external DNS server
 working: partly. For some very odd reason the external

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

2014-09-30 Thread Josh Nielsen

Xiao,

For some additional details I am running BIND 9.10.0-P2 which I compiled
from source. I used --enable-largefile which specfies 64-bit file
support but I noticed this in the kernel boot messages in
/var/log/messages:

Sep 29 11:25:25 dns01 kernel: warning: `named' uses 32-bit capabilities
(legacy support in use)

When I start named in the foreground here are the first few lines, where
you can see my compile options and a few things about startup:

30-Sep-2014 09:59:20.672 built with '--prefix=/opt/bind9'
'--sysconfdir=/etc' '--with-gtest' '--with-log4cplus=/opt/log4cplus'
'--with-pythonpath=/usr/bin/python' '--localstatedir=/var'
'--mandir=/usr/share/man' '--enable-threads' '--enable-largefile'
'--with-libtool' '--disable-static' '--with-openssl'
30-Sep-2014 09:59:20.672

30-Sep-2014 09:59:20.672 BIND 9 is maintained by Internet Systems
Consortium,
30-Sep-2014 09:59:20.672 Inc. (ISC), a non-profit 501(c)(3) public-benefit
30-Sep-2014 09:59:20.672 corporation.  Support and training for BIND 9 are
30-Sep-2014 09:59:20.672 available at https://www.isc.org/support
30-Sep-2014 09:59:20.672

30-Sep-2014 09:59:20.672 adjusted limit on open files from 4096 to 1048576
30-Sep-2014 09:59:20.672 found 1 CPU, using 1 worker thread
30-Sep-2014 09:59:20.672 using 1 UDP listener per interface
30-Sep-2014 09:59:20.672 using up to 4096 sockets
30-Sep-2014 09:59:20.672 Registering DLZ_dlopen driver
30-Sep-2014 09:59:20.672 Registering SDLZ driver 'dlopen'
30-Sep-2014 09:59:20.672 Registering DLZ driver 'dlopen'
30-Sep-2014 09:59:20.676 decrement_reference: delete from rbt:
0x7ff551ecd148 .
30-Sep-2014 09:59:20.678 socket 0x7ff551ede010: created
30-Sep-2014 09:59:20.678 sockmgr 0x7ff551ec6010: watcher got message -3 for
socket 20
30-Sep-2014 09:59:20.678 sockmgr 0x7ff551ec6010: watcher got message -2 for
socket -1
30-Sep-2014 09:59:20.678 socket 0x7ff551ede010: socket_recv: event
0x7ff551ee0010 - task 0x7ff551ed9250
30-Sep-2014 09:59:20.678 loading configuration from '/etc/named.conf'
30-Sep-2014 09:59:20.679 reading built-in trusted keys from file
'/etc/bind.keys'

I've been planning to move to an RPM based installation rolled out with
CentOS but was testing with a source install first. Does any of this look
like a likely culprit for the problems I'm seeing?

Thanks,
Josh

On Mon, Sep 29, 2014 at 9:40 PM, Xiao Peng Wang w...@cn.ibm.com wrote:

 Then, in this case, did you check the 'allow of key xcat_key' has been set
 correctly in name.conf for zone morgan.haib.org? And did you see any
 useful message for this error in the syslog of external server?

 Thanks
 Best Regards
 --
 Wang Xiaopeng (王晓朋)
 IBM China System Technology Laboratory
 Tel: 86-10-82453455
 Email: w...@cn.ibm.com
 Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road,
 Haidian District Beijing P.R.China 100193

 [image: Inactive hide details for Josh Nielsen ---2014/09/30
 06:49:50---Okay, I have the external DNS server working: partly. For some]Josh
 Nielsen ---2014/09/30 06:49:50---Okay, I have the external DNS server
 working: partly. For some very odd reason the external DNS serv

 From: Josh Nielsen jniel...@hudsonalpha.org
 To: xCAT Users Mailing list xcat-user@lists.sourceforge.net
 Date: 2014/09/30 06:49
 Subject: Re: [xcat-user] Questions on prerequisites for external DNS and
 makedns -e
 --



 Okay, I have the external DNS server working: partly. For some very odd
 reason the external DNS server is only receiving the request to enter the
 reverse lookup for a new node (ex: makedns -e node0014), but does not even
 attempt to add the forward lookup zone. I see the key authorization passed
 successfully for the reverse entry, so there are no authentication issues,
 and when I try a manual 'nsupdate' it adds the forward lookup definition
 just fine:

 # nsupdate -k /etc/rndc.key
  server [external_dns_ip]
  prereq nxdomain *node0014.morgan.haib.org*
 http://node0014.morgan.haib.org/.
  update add *node0014.morgan.haib.org* http://node0014.morgan.haib.org/.
 300 A 10.20.101.14
  send

 It looks like 'makedns -e node0014' is somehow sending ONLY the reverse
 lookup definition (though this is only a guess). This is what the client
 sees:

 [root@JNDev ~]# makedns -e node0014
 Handling node0014 in /etc/hosts.
 Getting reverse zones, this may take several minutes for a large cluster.
 Completed getting reverse zones.
 Updating DNS records, this may take several minutes for a large cluster.
 Error: No reply received when sending DNS update to zone *morgan.haib.org*
 http://morgan.haib.org/.
 Completed updating DNS records.

 It updates my reverse zone '20.10.IN-ADDR.ARPA' in the file 'db.10.20' but
 for the DNS zone '*morgan.haib.org* http://morgan.haib.org/' I see the
 message: Error: No reply received when sending DNS update to zone

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

2014-09-29 Thread Xiao Peng Wang

Then, in this case, did you check the 'allow of key xcat_key' has been set
correctly in name.conf for zone morgan.haib.org? And did you see any useful
message for this error in the syslog of external server?

Thanks
Best Regards
--
 Wang Xiaopeng (王晓朋)
 IBM China System Technology Laboratory
 Tel: 86-10-82453455
 Email: w...@cn.ibm.com
 Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road,
Haidian District Beijing P.R.China 100193



From:   Josh Nielsen jniel...@hudsonalpha.org
To: xCAT Users Mailing list xcat-user@lists.sourceforge.net
Date:   2014/09/30 06:49
Subject:Re: [xcat-user] Questions on prerequisites for external DNS and
makedns -e



Okay, I have the external DNS server working: partly. For some very odd
reason the external DNS server is only receiving the request to enter the
reverse lookup for a new node (ex: makedns -e node0014), but does not even
attempt to add the forward lookup zone. I see the key authorization passed
successfully for the reverse entry, so there are no authentication issues,
and when I try a manual 'nsupdate' it adds the forward lookup definition
just fine:

# nsupdate -k /etc/rndc.key
 server [external_dns_ip]
 prereq nxdomain node0014.morgan.haib.org.
 update add node0014.morgan.haib.org. 300 A 10.20.101.14
 send

It looks like 'makedns -e node0014' is somehow sending ONLY the reverse
lookup definition (though this is only a guess). This is what the client
sees:

[root@JNDev ~]# makedns -e node0014
Handling node0014 in /etc/hosts.
Getting reverse zones, this may take several minutes for a large cluster.
Completed getting reverse zones.
Updating DNS records, this may take several minutes for a large cluster.
Error: No reply received when sending DNS update to zone morgan.haib.org.
Completed updating DNS records.

It updates my reverse zone '20.10.IN-ADDR.ARPA' in the file 'db.10.20' but
for the DNS zone 'morgan.haib.org' I see the message: Error: No reply
received when sending DNS update to zone morgan.haib.org.

Here is what I see from running named in the foreground when running
makedns -e node0014:

29-Sep-2014 15:13:07.022 client 172.26.42.60#60681: UDP request
29-Sep-2014 15:13:07.022 client 172.26.42.60#60681: using view '_default'
29-Sep-2014 15:13:07.022 client 172.26.42.60#60681: request has valid
signature: xcat_key
29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: recursion
available
29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: update
29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key:
ns_client_attach: ref = 1
29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: updating
zone '20.10.IN-ADDR.ARPA/IN': prerequisites are OK
29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: signer
xcat_key approved
29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: update
'20.10.IN-ADDR.ARPA/IN' approved
29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: updating
zone '20.10.IN-ADDR.ARPA/IN': update section prescan OK
29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: updating
zone '20.10.IN-ADDR.ARPA/IN': adding an RR at '14.101.20.10.IN-ADDR.ARPA'
PTR node0014.morgan.haib.org.
29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: updating
zone '20.10.IN-ADDR.ARPA/IN': checking for NSEC3PARAM changes
29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: updating
zone '20.10.IN-ADDR.ARPA/IN': writing journal morgan/db.10.20.jnl
29-Sep-2014 15:13:07.022 writing to journal
29-Sep-2014 15:13:07.022 del 20.10.IN-ADDR.ARPA. 86400 IN SOA
dns01.morgan.haib.org. root.dns01.morgan.haib.org. 2012072410 10800 3600
604800 86400
29-Sep-2014 15:13:07.022 add 20.10.IN-ADDR.ARPA. 86400 IN SOA
dns01.morgan.haib.org. root.dns01.morgan.haib.org. 2012072411 10800 3600
604800 86400
29-Sep-2014 15:13:07.022 add 14.101.20.10.IN-ADDR.ARPA. 86400 IN PTR
node0014.morgan.haib.org.
29-Sep-2014 15:13:07.033 client 172.26.42.60#60681/key xcat_key: updating
zone '20.10.IN-ADDR.ARPA/IN': committing update transaction
29-Sep-2014 15:13:07.034 zone_needdump: zone 20.10.IN-ADDR.ARPA/IN: enter
29-Sep-2014 15:13:07.034 zone_settimer: zone 20.10.IN-ADDR.ARPA/IN: enter
29-Sep-2014 15:13:07.034 zone_settimer: zone 20.10.IN-ADDR.ARPA/IN: enter
29-Sep-2014 15:13:07.034 client 172.26.42.60#60681/key xcat_key: send
29-Sep-2014 15:13:07.034 client 172.26.42.60#60681/key xcat_key: sendto
29-Sep-2014 15:13:07.034 client 172.26.42.60#60681/key xcat_key: senddone
29-Sep-2014 15:13:07.034 client 172.26.42.60#60681/key xcat_key: next
29-Sep-2014 15:13:07.034 client 172.26.42.60#60681/key xcat_key:
ns_client_detach: ref = 0
29-Sep-2014 15:13:07.034 client 172.26.42.60#60681/key xcat_key: endrequest

Any ideas what debugging steps I can take to see why the forward lookup is
not being sent as well? I would love to know the actual command makedns
ends up executing on the operating

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

2014-09-26 Thread Lissa Valletta

The procedure is documented here in detail
https://sourceforge.net/p/xcat/wiki/Cluster_Name_Resolution/

Specifically
https://sourceforge.net/p/xcat/wiki/Cluster_Name_Resolution/#option-2-use-a-dns-that-is-outside-of-the-cluster


Lissa K. Valletta
8-3/B10
Poughkeepsie, NY 12601
(tie 293) 433-3102





From:   Josh Nielsen jniel...@hudsonalpha.org
To: xCAT Users Mailing list xcat-user@lists.sourceforge.net
Date:   09/25/2014 10:03 AM
Subject:Re: [xcat-user] Questions on prerequisites for external DNS and
makedns -e



Hi Xiao,

Thanks for the response. So if I have this straight, I need to manually
create and maintain the zone files on the external DNS server, and already
have initially empty (but present) zone files in place. Is that right? And
I imagine that I will need to allow-update from the IP of the xCAT server
too.

Secondly, I still don't quite understand about the xcat_key. On the server
hosting xCAT the xcat_key is typically defined in /etc/rndc.key and
in /etc/named.conf. I should not even need /etc/named.conf since I am not
hosting DNS on the same server as xCAT correct? Or does makedns have some
sort of dependency on a local /etc/named.conf even when pushing externally?
If /etc/named.conf is not needed, however, then where does makedns (which
I think ends up running 'nsupdate') read the key from?

Note that I have already configured the xcat_key on the external DNS server
in its own /etc/named.conf, but I am not asking about that host but rather
the xCAT server (which for purposes of DNS I am calling the client).

Thanks,
Josh

On Wed, Sep 24, 2014 at 8:59 PM, Xiao Peng Wang w...@cn.ibm.com wrote:
  You can NOT depend on xCAT to setup dns server on remote server. You need
  get the xcat_key from local dns configuration.

  You need prepare the remote dns ready so that xCAT could push the new dns
  entry to the remote dns server, this is what xCAT 'makedns -e' does.

  Thanks
  Best Regards
  --
  Wang Xiaopeng (王晓朋)
  IBM China System Technology Laboratory
  Tel: 86-10-82453455
  Email: w...@cn.ibm.com
  Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road,
  Haidian District Beijing P.R.China 100193

  Inactive hide details for Josh Nielsen ---2014/09/25 05:46:04---I'm
  starting to see an older conversation that I had back in JaJosh Nielsen
  ---2014/09/25 05:46:04---I'm starting to see an older conversation that I
  had back in January of this year in a different lig

  From: Josh Nielsen jniel...@hudsonalpha.org
  To: xCAT Users Mailing list xcat-user@lists.sourceforge.net
  Date: 2014/09/25 05:46
  Subject: Re: [xcat-user] Questions on prerequisites for external DNS and
  makedns -e



  I'm starting to see an older conversation that I had back in January
  of this year in a different light now:
  http://permalink.gmane.org/gmane.comp.clustering.xcat.user/182

  There it was suggested that I be aware that you may need to run a
  separate makedns to populate the local zone files as well as makedns
  -e to do the external name servers. Does this mean that an xCAT
  installation is required on the external DNS server just to populate
  the zones initially? Wouldn't having two xCAT installations, whose
  records you have to keep in sync, get tedious after a while? Maybe I'm
  misunderstanding how the external DNS solution is supposed to work in
  connection with xCAT. Any clarifications are welcome.

  -Josh

  On Wed, Sep 24, 2014 at 4:03 PM, Josh Nielsen jniel...@hudsonalpha.org
  wrote:
   Hello all,
  
   I am in the process of trying to move to an external DNS implementation
  for
   name resolution with our compute cluster. The only requirement I see in
  the
   man page for makedns is to have one (and only one?) IP of the external
  DNS
   server that you want to update in /etc/resolv.conf and also a valid
   xcat_key.
  
   Firstly, how do you specify the xcat_key to be used on the client
  server
   that is pushing out the dns changes with makedns -e? For a local setup
  the
   key definition in /etc/named.conf is sufficient, but since makedns -e
  isn't
   dependent on the local config (or is it?), how is the xcat_key
  specified?
   The local /etc/named.conf file doesn't even need to exist on the client
  does
   it?
  
   Secondly, the server I am pushing to only has a 127.0.0 zone since it
  is a
   fresh BIND install and I'm wanting 'makedns -e' to create the new zones
  (and
   zone files under /var/named/) for me on the remote server. With a local
  DNS
   setup, makedns would parse your settings and handle all the file
  updates and
   creation for you. But when I try makedns -e I see the following  but no
   files or zone updates (is this an xcat_key problem?):
  
   (I ran the remote DNS BIND daemon in the foreground with -d 60
  verbosity)
  
   24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: UDP request
   24-Sep-2014 15:30:14.686 client 172.26.42.60#56844:

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

2014-09-26 Thread Josh Nielsen

Thank you for the clarifications. I read the wiki entry on Cluster Name
Resolution but wanted to be sure of the particulars.

Regards,
Josh

On Thu, Sep 25, 2014 at 10:36 PM, Xiao Peng Wang w...@cn.ibm.com wrote:

 #1, you are right, you need prepare configuration files in external dns
 server.

 #2, the xcat_key is gotten from passwd table like this
 'omapi,xcat_key,TjFYM2kwTUNOcWVVZG5QNWFhb2xPVkg1eTZLMXpuSGs='



 Thanks
 Best Regards
 --
 Wang Xiaopeng (王晓朋)
 IBM China System Technology Laboratory
 Tel: 86-10-82453455
 Email: w...@cn.ibm.com
 Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road,
 Haidian District Beijing P.R.China 100193

 [image: Inactive hide details for Josh Nielsen ---2014/09/25 21:58:19---Hi
 Xiao, Thanks for the response. So if I have this straight, I]Josh Nielsen
 ---2014/09/25 21:58:19---Hi Xiao, Thanks for the response. So if I have
 this straight, I need to manually

 From: Josh Nielsen jniel...@hudsonalpha.org
 To: xCAT Users Mailing list xcat-user@lists.sourceforge.net
 Date: 2014/09/25 21:58
 Subject: Re: [xcat-user] Questions on prerequisites for external DNS and
 makedns -e
 --



 Hi Xiao,

 Thanks for the response. So if I have this straight, I need to manually
 create and maintain the zone files on the external DNS server, and already
 have initially empty (but present) zone files in place. Is that right? And
 I imagine that I will need to allow-update from the IP of the xCAT server
 too.

 Secondly, I still don't quite understand about the xcat_key. On the server
 hosting xCAT the xcat_key is typically defined in /etc/rndc.key and in
 /etc/named.conf. I should not even need /etc/named.conf since I am not
 hosting DNS on the same server as xCAT correct? Or does makedns have some
 sort of dependency on a local /etc/named.conf even when pushing externally?
 If /etc/named.conf is not needed, however, then where does makedns (which
 I think ends up running 'nsupdate') read the key from?

 Note that I have already configured the xcat_key on the external DNS
 server in its own /etc/named.conf, but I am not asking about that host but
 rather the xCAT server (which for purposes of DNS I am calling the
 client).

 Thanks,
 Josh

 On Wed, Sep 24, 2014 at 8:59 PM, Xiao Peng Wang *w...@cn.ibm.com*
 w...@cn.ibm.com wrote:

You can NOT depend on xCAT to setup dns server on remote server. You
need get the xcat_key from local dns configuration.

You need prepare the remote dns ready so that xCAT could push the new
dns entry to the remote dns server, this is what xCAT 'makedns -e' does.

Thanks
Best Regards
--
Wang Xiaopeng (王晓朋)
IBM China System Technology Laboratory
Tel: 86-10-82453455
Email: *w...@cn.ibm.com* w...@cn.ibm.com
Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road,
Haidian District Beijing P.R.China 100193

[image: Inactive hide details for Josh Nielsen ---2014/09/25
05:46:04---I'm starting to see an older conversation that I had back in 
 Ja]Josh
Nielsen ---2014/09/25 05:46:04---I'm starting to see an older conversation
that I had back in January of this year in a different lig

From: Josh Nielsen *jniel...@hudsonalpha.org*
jniel...@hudsonalpha.org
To: xCAT Users Mailing list *xcat-user@lists.sourceforge.net*
xcat-user@lists.sourceforge.net
Date: 2014/09/25 05:46
Subject: Re: [xcat-user] Questions on prerequisites for external DNS
and makedns -e
--



I'm starting to see an older conversation that I had back in January
of this year in a different light now:
 *http://permalink.gmane.org/gmane.comp.clustering.xcat.user/182*
http://permalink.gmane.org/gmane.comp.clustering.xcat.user/182

There it was suggested that I be aware that you may need to run a
separate makedns to populate the local zone files as well as makedns
-e to do the external name servers. Does this mean that an xCAT
installation is required on the external DNS server just to populate
the zones initially? Wouldn't having two xCAT installations, whose
records you have to keep in sync, get tedious after a while? Maybe I'm
misunderstanding how the external DNS solution is supposed to work in
connection with xCAT. Any clarifications are welcome.

-Josh

On Wed, Sep 24, 2014 at 4:03 PM, Josh Nielsen 
*jniel...@hudsonalpha.org* jniel...@hudsonalpha.org wrote:
 Hello all,

 I am in the process of trying to move to an external DNS
implementation for
 name resolution with our compute cluster. The only requirement I see
in the
 man page for makedns is to have one (and only one?) IP of the
external DNS
 server that you want to update in /etc/resolv.conf and also a valid
 xcat_key.

 Firstly,

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

2014-09-25 Thread Lissa Valletta


You do not  and should not  have a separate installation of xCAT on an
external server.
Take a look at this document
https://sourceforge.net/p/xcat/wiki/Cluster_Name_Resolution/
I am assuming you are using xCAT 2.8.X.


Lissa K. Valletta
8-3/B10
Poughkeepsie, NY 12601
(tie 293) 433-3102





From:   Josh Nielsen jniel...@hudsonalpha.org
To: xCAT Users Mailing list xcat-user@lists.sourceforge.net
Date:   09/24/2014 05:51 PM
Subject:Re: [xcat-user] Questions on prerequisites for external DNS and
makedns -e



I'm starting to see an older conversation that I had back in January
of this year in a different light now:
http://permalink.gmane.org/gmane.comp.clustering.xcat.user/182

There it was suggested that I be aware that you may need to run a
separate makedns to populate the local zone files as well as makedns
-e to do the external name servers. Does this mean that an xCAT
installation is required on the external DNS server just to populate
the zones initially? Wouldn't having two xCAT installations, whose
records you have to keep in sync, get tedious after a while? Maybe I'm
misunderstanding how the external DNS solution is supposed to work in
connection with xCAT. Any clarifications are welcome.

-Josh

On Wed, Sep 24, 2014 at 4:03 PM, Josh Nielsen jniel...@hudsonalpha.org
wrote:
 Hello all,

 I am in the process of trying to move to an external DNS implementation
for
 name resolution with our compute cluster. The only requirement I see in
the
 man page for makedns is to have one (and only one?) IP of the external
DNS
 server that you want to update in /etc/resolv.conf and also a valid
 xcat_key.

 Firstly, how do you specify the xcat_key to be used on the client server
 that is pushing out the dns changes with makedns -e? For a local setup
the
 key definition in /etc/named.conf is sufficient, but since makedns -e
isn't
 dependent on the local config (or is it?), how is the xcat_key specified?
 The local /etc/named.conf file doesn't even need to exist on the client
does
 it?

 Secondly, the server I am pushing to only has a 127.0.0 zone since it is
a
 fresh BIND install and I'm wanting 'makedns -e' to create the new zones
(and
 zone files under /var/named/) for me on the remote server. With a local
DNS
 setup, makedns would parse your settings and handle all the file updates
and
 creation for you. But when I try makedns -e I see the following  but no
 files or zone updates (is this an xcat_key problem?):

 (I ran the remote DNS BIND daemon in the foreground with -d 60 verbosity)

 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: UDP request
 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: using view '_default'
 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: request is not signed
 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: recursion available
 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: query
 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844
 (9.101.20.10.IN-ADDR.ARPA): ns_client_attach: ref = 1
 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
 (9.101.20.10.IN-ADDR.ARPA): query '9.101.20.10.IN-ADDR.ARPA/NS/IN'
approved
 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
 (9.101.20.10.IN-ADDR.ARPA): send
 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
 (9.101.20.10.IN-ADDR.ARPA): sendto
 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
 (9.101.20.10.IN-ADDR.ARPA): senddone
 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
 (9.101.20.10.IN-ADDR.ARPA): next
 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
 (9.101.20.10.IN-ADDR.ARPA): ns_client_detach: ref = 0
 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
 (9.101.20.10.IN-ADDR.ARPA): endrequest
 24-Sep-2014 15:30:14.687 client @0x7f000c0d7710: udprecv
 24-Sep-2014 15:30:14.687 sockmgr 0x7f0017e06010: watcher got message -3
for
 socket 514
 24-Sep-2014 15:30:14.687 sockmgr 0x7f0017e06010: watcher got message -2
for
 socket -1
 24-Sep-2014 15:30:14.687 socket 0x7f0017e1ebc8: socket_recv: event
 0x7f0017c8c160 - task 0x7f0017e369d0
 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8: dispatch_recv:  event
 0x7f0017c8c160 - task 0x7f0017e369d0
 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8: internal_recv: task
 0x7f0017e369d0 got event 0x7f0017e1ec88
 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8 172.26.42.60#46141: packet
 received correctly

 9.101.20.10.IN-ADDR.ARPA/NS/IN must be my test node definition in the
 client's /etc/hosts file 10.20.101.9 node0009 node0009.mydomain.org,
but I
 have no zone definition for 10.20 in /etc/named.conf on the external DNS
 server yet.

 On the Cluster Name Resolution wiki page
 (
http://sourceforge.net/apps/mediawiki/xcat/index.php?title=Cluster_Name_Resolution
)
 under 'Option #2: Use a DNS That is Outside of the Cluster' it says: If
you
 already have a DNS on your site network and you want to use that for your
 cluster node names too, you can point all of the nodes to it. You must
 ensure that your nodes have IP connectivity to the DNS, and you must

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

2014-09-25 Thread Josh Nielsen

Hi Xiao,

Thanks for the response. So if I have this straight, I need to manually
create and maintain the zone files on the external DNS server, and already
have initially empty (but present) zone files in place. Is that right? And
I imagine that I will need to allow-update from the IP of the xCAT server
too.

Secondly, I still don't quite understand about the xcat_key. On the server
hosting xCAT the xcat_key is typically defined in /etc/rndc.key and in
/etc/named.conf. I should not even need /etc/named.conf since I am not
hosting DNS on the same server as xCAT correct? Or does makedns have some
sort of dependency on a local /etc/named.conf even when pushing externally?
If /etc/named.conf is not needed, however, then where does makedns (which
I think ends up running 'nsupdate') read the key from?

Note that I have already configured the xcat_key on the external DNS server
in its own /etc/named.conf, but I am not asking about that host but rather
the xCAT server (which for purposes of DNS I am calling the client).

Thanks,
Josh

On Wed, Sep 24, 2014 at 8:59 PM, Xiao Peng Wang w...@cn.ibm.com wrote:

 You can NOT depend on xCAT to setup dns server on remote server. You need
 get the xcat_key from local dns configuration.

 You need prepare the remote dns ready so that xCAT could push the new dns
 entry to the remote dns server, this is what xCAT 'makedns -e' does.

 Thanks
 Best Regards
 --
 Wang Xiaopeng (王晓朋)
 IBM China System Technology Laboratory
 Tel: 86-10-82453455
 Email: w...@cn.ibm.com
 Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road,
 Haidian District Beijing P.R.China 100193

 [image: Inactive hide details for Josh Nielsen ---2014/09/25
 05:46:04---I'm starting to see an older conversation that I had back in 
 Ja]Josh
 Nielsen ---2014/09/25 05:46:04---I'm starting to see an older conversation
 that I had back in January of this year in a different lig

 From: Josh Nielsen jniel...@hudsonalpha.org
 To: xCAT Users Mailing list xcat-user@lists.sourceforge.net
 Date: 2014/09/25 05:46
 Subject: Re: [xcat-user] Questions on prerequisites for external DNS and
 makedns -e
 --



 I'm starting to see an older conversation that I had back in January
 of this year in a different light now:
 http://permalink.gmane.org/gmane.comp.clustering.xcat.user/182

 There it was suggested that I be aware that you may need to run a
 separate makedns to populate the local zone files as well as makedns
 -e to do the external name servers. Does this mean that an xCAT
 installation is required on the external DNS server just to populate
 the zones initially? Wouldn't having two xCAT installations, whose
 records you have to keep in sync, get tedious after a while? Maybe I'm
 misunderstanding how the external DNS solution is supposed to work in
 connection with xCAT. Any clarifications are welcome.

 -Josh

 On Wed, Sep 24, 2014 at 4:03 PM, Josh Nielsen jniel...@hudsonalpha.org
 wrote:
  Hello all,
 
  I am in the process of trying to move to an external DNS implementation
 for
  name resolution with our compute cluster. The only requirement I see in
 the
  man page for makedns is to have one (and only one?) IP of the external
 DNS
  server that you want to update in /etc/resolv.conf and also a valid
  xcat_key.
 
  Firstly, how do you specify the xcat_key to be used on the client server
  that is pushing out the dns changes with makedns -e? For a local setup
 the
  key definition in /etc/named.conf is sufficient, but since makedns -e
 isn't
  dependent on the local config (or is it?), how is the xcat_key specified?
  The local /etc/named.conf file doesn't even need to exist on the client
 does
  it?
 
  Secondly, the server I am pushing to only has a 127.0.0 zone since it is
 a
  fresh BIND install and I'm wanting 'makedns -e' to create the new zones
 (and
  zone files under /var/named/) for me on the remote server. With a local
 DNS
  setup, makedns would parse your settings and handle all the file updates
 and
  creation for you. But when I try makedns -e I see the following  but no
  files or zone updates (is this an xcat_key problem?):
 
  (I ran the remote DNS BIND daemon in the foreground with -d 60 verbosity)
 
  24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: UDP request
  24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: using view '_default'
  24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: request is not signed
  24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: recursion available
  24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: query
  24-Sep-2014 15:30:14.686 client 172.26.42.60#56844
  (9.101.20.10.IN-ADDR.ARPA): ns_client_attach: ref = 1
  24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
  (9.101.20.10.IN-ADDR.ARPA): query '9.101.20.10.IN-ADDR.ARPA/NS/IN'
 approved
  24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
  (9.101.20.10.IN-ADDR.ARPA): send
  24-Sep-2014

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

2014-09-25 Thread Xiao Peng Wang

#1, you are right, you need prepare configuration files in external dns
server.

#2, the xcat_key is gotten from passwd table like this
'omapi,xcat_key,TjFYM2kwTUNOcWVVZG5QNWFhb2xPVkg1eTZLMXpuSGs='



Thanks
Best Regards
--
 Wang Xiaopeng (王晓朋)
 IBM China System Technology Laboratory
 Tel: 86-10-82453455
 Email: w...@cn.ibm.com
 Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road,
Haidian District Beijing P.R.China 100193



From:   Josh Nielsen jniel...@hudsonalpha.org
To: xCAT Users Mailing list xcat-user@lists.sourceforge.net
Date:   2014/09/25 21:58
Subject:Re: [xcat-user] Questions on prerequisites for external DNS and
makedns -e



Hi Xiao,

Thanks for the response. So if I have this straight, I need to manually
create and maintain the zone files on the external DNS server, and already
have initially empty (but present) zone files in place. Is that right? And
I imagine that I will need to allow-update from the IP of the xCAT server
too.

Secondly, I still don't quite understand about the xcat_key. On the server
hosting xCAT the xcat_key is typically defined in /etc/rndc.key and
in /etc/named.conf. I should not even need /etc/named.conf since I am not
hosting DNS on the same server as xCAT correct? Or does makedns have some
sort of dependency on a local /etc/named.conf even when pushing externally?
If /etc/named.conf is not needed, however, then where does makedns (which
I think ends up running 'nsupdate') read the key from?

Note that I have already configured the xcat_key on the external DNS server
in its own /etc/named.conf, but I am not asking about that host but rather
the xCAT server (which for purposes of DNS I am calling the client).

Thanks,
Josh

On Wed, Sep 24, 2014 at 8:59 PM, Xiao Peng Wang w...@cn.ibm.com wrote:
  You can NOT depend on xCAT to setup dns server on remote server. You need
  get the xcat_key from local dns configuration.

  You need prepare the remote dns ready so that xCAT could push the new dns
  entry to the remote dns server, this is what xCAT 'makedns -e' does.

  Thanks
  Best Regards
  --
  Wang Xiaopeng (王晓朋)
  IBM China System Technology Laboratory
  Tel: 86-10-82453455
  Email: w...@cn.ibm.com
  Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road,
  Haidian District Beijing P.R.China 100193

  Inactive hide details for Josh Nielsen ---2014/09/25 05:46:04---I'm
  starting to see an older conversation that I had back in JaJosh Nielsen
  ---2014/09/25 05:46:04---I'm starting to see an older conversation that I
  had back in January of this year in a different lig

  From: Josh Nielsen jniel...@hudsonalpha.org
  To: xCAT Users Mailing list xcat-user@lists.sourceforge.net
  Date: 2014/09/25 05:46
  Subject: Re: [xcat-user] Questions on prerequisites for external DNS and
  makedns -e



  I'm starting to see an older conversation that I had back in January
  of this year in a different light now:
  http://permalink.gmane.org/gmane.comp.clustering.xcat.user/182

  There it was suggested that I be aware that you may need to run a
  separate makedns to populate the local zone files as well as makedns
  -e to do the external name servers. Does this mean that an xCAT
  installation is required on the external DNS server just to populate
  the zones initially? Wouldn't having two xCAT installations, whose
  records you have to keep in sync, get tedious after a while? Maybe I'm
  misunderstanding how the external DNS solution is supposed to work in
  connection with xCAT. Any clarifications are welcome.

  -Josh

  On Wed, Sep 24, 2014 at 4:03 PM, Josh Nielsen jniel...@hudsonalpha.org
  wrote:
   Hello all,
  
   I am in the process of trying to move to an external DNS implementation
  for
   name resolution with our compute cluster. The only requirement I see in
  the
   man page for makedns is to have one (and only one?) IP of the external
  DNS
   server that you want to update in /etc/resolv.conf and also a valid
   xcat_key.
  
   Firstly, how do you specify the xcat_key to be used on the client
  server
   that is pushing out the dns changes with makedns -e? For a local setup
  the
   key definition in /etc/named.conf is sufficient, but since makedns -e
  isn't
   dependent on the local config (or is it?), how is the xcat_key
  specified?
   The local /etc/named.conf file doesn't even need to exist on the client
  does
   it?
  
   Secondly, the server I am pushing to only has a 127.0.0 zone since it
  is a
   fresh BIND install and I'm wanting 'makedns -e' to create the new zones
  (and
   zone files under /var/named/) for me on the remote server. With a local
  DNS
   setup, makedns would parse your settings and handle all the file
  updates and
   creation for you. But when I try makedns -e I see the following  but no
   files or zone updates (is this an xcat_key problem?):

[xcat-user] Questions on prerequisites for external DNS and makedns -e

2014-09-24 Thread Josh Nielsen

Hello all,

I am in the process of trying to move to an external DNS implementation for
name resolution with our compute cluster. The only requirement I see in the
man page for makedns is to have one (and only one?) IP of the external DNS
server that you want to update in /etc/resolv.conf and also a valid
xcat_key.

Firstly, how do you specify the xcat_key to be used on the client server
that is pushing out the dns changes with makedns -e? For a local setup the
key definition in /etc/named.conf is sufficient, but since makedns -e isn't
dependent on the local config (or is it?), how is the xcat_key specified?
The local /etc/named.conf file doesn't even need to exist on the client
does it?

Secondly, the server I am pushing to only has a 127.0.0 zone since it is a
fresh BIND install and I'm wanting 'makedns -e' to create the new zones
(and zone files under /var/named/) for me on the remote server. With a
local DNS setup, makedns would parse your settings and handle all the file
updates and creation for you. But when I try makedns -e I see the following
 but no files or zone updates (is this an xcat_key problem?):

(I ran the remote DNS BIND daemon in the foreground with -d 60 verbosity)

24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: UDP request
24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: using view '_default'
24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: request is not signed
24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: recursion available
24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: query
24-Sep-2014 15:30:14.686 client 172.26.42.60#56844
(9.101.20.10.IN-ADDR.ARPA): ns_client_attach: ref = 1
24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
(9.101.20.10.IN-ADDR.ARPA): query '9.101.20.10.IN-ADDR.ARPA/NS/IN' approved
24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
(9.101.20.10.IN-ADDR.ARPA): send
24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
(9.101.20.10.IN-ADDR.ARPA): sendto
24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
(9.101.20.10.IN-ADDR.ARPA): senddone
24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
(9.101.20.10.IN-ADDR.ARPA): next
24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
(9.101.20.10.IN-ADDR.ARPA): ns_client_detach: ref = 0
24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
(9.101.20.10.IN-ADDR.ARPA): endrequest
24-Sep-2014 15:30:14.687 client @0x7f000c0d7710: udprecv
24-Sep-2014 15:30:14.687 sockmgr 0x7f0017e06010: watcher got message -3 for
socket 514
24-Sep-2014 15:30:14.687 sockmgr 0x7f0017e06010: watcher got message -2 for
socket -1
24-Sep-2014 15:30:14.687 socket 0x7f0017e1ebc8: socket_recv: event
0x7f0017c8c160 - task 0x7f0017e369d0
24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8: dispatch_recv:  event
0x7f0017c8c160 - task 0x7f0017e369d0
24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8: internal_recv: task
0x7f0017e369d0 got event 0x7f0017e1ec88
24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8 172.26.42.60#46141: packet
received correctly

9.101.20.10.IN-ADDR.ARPA/NS/IN must be my test node definition in the
client's /etc/hosts file 10.20.101.9 node0009 node0009.mydomain.org, but
I have no zone definition for 10.20 in /etc/named.conf on the external DNS
server yet.

On the Cluster Name Resolution wiki page (
http://sourceforge.net/apps/mediawiki/xcat/index.php?title=Cluster_Name_Resolution)
under 'Option #2: Use a DNS That is Outside of the Cluster' it says: If
you already have a DNS on your site network and you want to use that for
your cluster node names too, you can point all of the nodes to it. You must
ensure that your nodes have IP connectivity to the DNS, and you must
manually configure your DNS with the node hostnames and IP addresses.

Does 'makedns -e' not populate the zone files for you, just like it would
if DNS were running locally on the MN itself by just parsing /etc/hosts on
the client and adding/pushing it to the (remote) DNS zone files for you?

If not does this mean I need to hand configure the remote DNS server's
/etc/named.conf to stub out definitions for (as of yet) empty zones, or
will makedns -e do that for me?

Thanks,
Josh
--
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

2014-09-24 Thread Josh Nielsen

I'm starting to see an older conversation that I had back in January
of this year in a different light now:
http://permalink.gmane.org/gmane.comp.clustering.xcat.user/182

There it was suggested that I be aware that you may need to run a
separate makedns to populate the local zone files as well as makedns
-e to do the external name servers. Does this mean that an xCAT
installation is required on the external DNS server just to populate
the zones initially? Wouldn't having two xCAT installations, whose
records you have to keep in sync, get tedious after a while? Maybe I'm
misunderstanding how the external DNS solution is supposed to work in
connection with xCAT. Any clarifications are welcome.

-Josh

On Wed, Sep 24, 2014 at 4:03 PM, Josh Nielsen jniel...@hudsonalpha.org wrote:
 Hello all,

 I am in the process of trying to move to an external DNS implementation for
 name resolution with our compute cluster. The only requirement I see in the
 man page for makedns is to have one (and only one?) IP of the external DNS
 server that you want to update in /etc/resolv.conf and also a valid
 xcat_key.

 Firstly, how do you specify the xcat_key to be used on the client server
 that is pushing out the dns changes with makedns -e? For a local setup the
 key definition in /etc/named.conf is sufficient, but since makedns -e isn't
 dependent on the local config (or is it?), how is the xcat_key specified?
 The local /etc/named.conf file doesn't even need to exist on the client does
 it?

 Secondly, the server I am pushing to only has a 127.0.0 zone since it is a
 fresh BIND install and I'm wanting 'makedns -e' to create the new zones (and
 zone files under /var/named/) for me on the remote server. With a local DNS
 setup, makedns would parse your settings and handle all the file updates and
 creation for you. But when I try makedns -e I see the following  but no
 files or zone updates (is this an xcat_key problem?):

 (I ran the remote DNS BIND daemon in the foreground with -d 60 verbosity)

 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: UDP request
 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: using view '_default'
 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: request is not signed
 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: recursion available
 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: query
 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844
 (9.101.20.10.IN-ADDR.ARPA): ns_client_attach: ref = 1
 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
 (9.101.20.10.IN-ADDR.ARPA): query '9.101.20.10.IN-ADDR.ARPA/NS/IN' approved
 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
 (9.101.20.10.IN-ADDR.ARPA): send
 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
 (9.101.20.10.IN-ADDR.ARPA): sendto
 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
 (9.101.20.10.IN-ADDR.ARPA): senddone
 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
 (9.101.20.10.IN-ADDR.ARPA): next
 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
 (9.101.20.10.IN-ADDR.ARPA): ns_client_detach: ref = 0
 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
 (9.101.20.10.IN-ADDR.ARPA): endrequest
 24-Sep-2014 15:30:14.687 client @0x7f000c0d7710: udprecv
 24-Sep-2014 15:30:14.687 sockmgr 0x7f0017e06010: watcher got message -3 for
 socket 514
 24-Sep-2014 15:30:14.687 sockmgr 0x7f0017e06010: watcher got message -2 for
 socket -1
 24-Sep-2014 15:30:14.687 socket 0x7f0017e1ebc8: socket_recv: event
 0x7f0017c8c160 - task 0x7f0017e369d0
 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8: dispatch_recv:  event
 0x7f0017c8c160 - task 0x7f0017e369d0
 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8: internal_recv: task
 0x7f0017e369d0 got event 0x7f0017e1ec88
 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8 172.26.42.60#46141: packet
 received correctly

 9.101.20.10.IN-ADDR.ARPA/NS/IN must be my test node definition in the
 client's /etc/hosts file 10.20.101.9 node0009 node0009.mydomain.org, but I
 have no zone definition for 10.20 in /etc/named.conf on the external DNS
 server yet.

 On the Cluster Name Resolution wiki page
 (http://sourceforge.net/apps/mediawiki/xcat/index.php?title=Cluster_Name_Resolution)
 under 'Option #2: Use a DNS That is Outside of the Cluster' it says: If you
 already have a DNS on your site network and you want to use that for your
 cluster node names too, you can point all of the nodes to it. You must
 ensure that your nodes have IP connectivity to the DNS, and you must
 manually configure your DNS with the node hostnames and IP addresses.

 Does 'makedns -e' not populate the zone files for you, just like it would if
 DNS were running locally on the MN itself by just parsing /etc/hosts on the
 client and adding/pushing it to the (remote) DNS zone files for you?

 If not does this mean I need to hand configure the remote DNS server's
 /etc/named.conf to stub out definitions for (as of yet) empty zones, or will
 makedns -e do that for me?

 Thanks,
 Josh

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

2014-09-24 Thread Xiao Peng Wang

You can NOT depend on xCAT to setup dns server on remote server. You need
get the xcat_key from local dns configuration.

You need prepare the remote dns ready so that xCAT could push the new dns
entry to the remote dns server, this is what xCAT 'makedns -e' does.

Thanks
Best Regards
--
 Wang Xiaopeng (王晓朋)
 IBM China System Technology Laboratory
 Tel: 86-10-82453455
 Email: w...@cn.ibm.com
 Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road,
Haidian District Beijing P.R.China 100193



From:   Josh Nielsen jniel...@hudsonalpha.org
To: xCAT Users Mailing list xcat-user@lists.sourceforge.net
Date:   2014/09/25 05:46
Subject:Re: [xcat-user] Questions on prerequisites for external DNS and
makedns -e



I'm starting to see an older conversation that I had back in January
of this year in a different light now:
http://permalink.gmane.org/gmane.comp.clustering.xcat.user/182

There it was suggested that I be aware that you may need to run a
separate makedns to populate the local zone files as well as makedns
-e to do the external name servers. Does this mean that an xCAT
installation is required on the external DNS server just to populate
the zones initially? Wouldn't having two xCAT installations, whose
records you have to keep in sync, get tedious after a while? Maybe I'm
misunderstanding how the external DNS solution is supposed to work in
connection with xCAT. Any clarifications are welcome.

-Josh

On Wed, Sep 24, 2014 at 4:03 PM, Josh Nielsen jniel...@hudsonalpha.org
wrote:
 Hello all,

 I am in the process of trying to move to an external DNS implementation
for
 name resolution with our compute cluster. The only requirement I see in
the
 man page for makedns is to have one (and only one?) IP of the external
DNS
 server that you want to update in /etc/resolv.conf and also a valid
 xcat_key.

 Firstly, how do you specify the xcat_key to be used on the client server
 that is pushing out the dns changes with makedns -e? For a local setup
the
 key definition in /etc/named.conf is sufficient, but since makedns -e
isn't
 dependent on the local config (or is it?), how is the xcat_key specified?
 The local /etc/named.conf file doesn't even need to exist on the client
does
 it?

 Secondly, the server I am pushing to only has a 127.0.0 zone since it is
a
 fresh BIND install and I'm wanting 'makedns -e' to create the new zones
(and
 zone files under /var/named/) for me on the remote server. With a local
DNS
 setup, makedns would parse your settings and handle all the file updates
and
 creation for you. But when I try makedns -e I see the following  but no
 files or zone updates (is this an xcat_key problem?):

 (I ran the remote DNS BIND daemon in the foreground with -d 60 verbosity)

 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: UDP request
 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: using view '_default'
 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: request is not signed
 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: recursion available
 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: query
 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844
 (9.101.20.10.IN-ADDR.ARPA): ns_client_attach: ref = 1
 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
 (9.101.20.10.IN-ADDR.ARPA): query '9.101.20.10.IN-ADDR.ARPA/NS/IN'
approved
 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
 (9.101.20.10.IN-ADDR.ARPA): send
 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
 (9.101.20.10.IN-ADDR.ARPA): sendto
 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
 (9.101.20.10.IN-ADDR.ARPA): senddone
 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
 (9.101.20.10.IN-ADDR.ARPA): next
 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
 (9.101.20.10.IN-ADDR.ARPA): ns_client_detach: ref = 0
 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
 (9.101.20.10.IN-ADDR.ARPA): endrequest
 24-Sep-2014 15:30:14.687 client @0x7f000c0d7710: udprecv
 24-Sep-2014 15:30:14.687 sockmgr 0x7f0017e06010: watcher got message -3
for
 socket 514
 24-Sep-2014 15:30:14.687 sockmgr 0x7f0017e06010: watcher got message -2
for
 socket -1
 24-Sep-2014 15:30:14.687 socket 0x7f0017e1ebc8: socket_recv: event
 0x7f0017c8c160 - task 0x7f0017e369d0
 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8: dispatch_recv:  event
 0x7f0017c8c160 - task 0x7f0017e369d0
 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8: internal_recv: task
 0x7f0017e369d0 got event 0x7f0017e1ec88
 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8 172.26.42.60#46141: packet
 received correctly

 9.101.20.10.IN-ADDR.ARPA/NS/IN must be my test node definition in the
 client's /etc/hosts file 10.20.101.9 node0009 node0009.mydomain.org,
but I
 have no zone definition for 10.20 in /etc/named.conf on the external DNS
 server yet.

 On the Cluster Name Resolution wiki page
 (
http://sourceforge.net/apps/mediawiki/xcat/index.php?title=Cluster_Name_Resolution
)
 under 'Option

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

[xcat-user] Questions on prerequisites for external DNS and makedns -e

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

Re: [xcat-user] Questions on prerequisites for external DNS and makedns -e

15 matches

Site Navigation

Mail list logo

Footer information