The procedure is documented here in detail
https://sourceforge.net/p/xcat/wiki/Cluster_Name_Resolution/
Specifically
https://sourceforge.net/p/xcat/wiki/Cluster_Name_Resolution/#option-2-use-a-dns-that-is-outside-of-the-cluster
Lissa K. Valletta
8-3/B10
Poughkeepsie, NY 12601
(tie 293) 433-3102
From: Josh Nielsen <jniel...@hudsonalpha.org>
To: xCAT Users Mailing list <xcat-user@lists.sourceforge.net>
Date: 09/25/2014 10:03 AM
Subject: Re: [xcat-user] Questions on prerequisites for external DNS and
makedns -e
Hi Xiao,
Thanks for the response. So if I have this straight, I need to manually
create and maintain the zone files on the external DNS server, and already
have initially empty (but present) zone files in place. Is that right? And
I imagine that I will need to "allow-update" from the IP of the xCAT server
too.
Secondly, I still don't quite understand about the xcat_key. On the server
hosting xCAT the xcat_key is typically defined in /etc/rndc.key and
in /etc/named.conf. I should not even need /etc/named.conf since I am not
hosting DNS on the same server as xCAT correct? Or does makedns have some
sort of dependency on a local /etc/named.conf even when pushing externally?
If /etc/named.conf is not needed, however, then where does "makedns" (which
I think ends up running 'nsupdate') read the key from?
Note that I have already configured the xcat_key on the external DNS server
in its own /etc/named.conf, but I am not asking about that host but rather
the xCAT server (which for purposes of DNS I am calling the "client").
Thanks,
Josh
On Wed, Sep 24, 2014 at 8:59 PM, Xiao Peng Wang <w...@cn.ibm.com> wrote:
You can NOT depend on xCAT to setup dns server on remote server. You need
get the xcat_key from local dns configuration.
You need prepare the remote dns ready so that xCAT could push the new dns
entry to the remote dns server, this is what xCAT 'makedns -e' does.
Thanks
Best Regards
----------------------------------------------------------------------
Wang Xiaopeng (王晓朋)
IBM China System Technology Laboratory
Tel: 86-10-82453455
Email: w...@cn.ibm.com
Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road,
Haidian District Beijing P.R.China 100193
Inactive hide details for Josh Nielsen ---2014/09/25 05:46:04---I'm
starting to see an older conversation that I had back in JaJosh Nielsen
---2014/09/25 05:46:04---I'm starting to see an older conversation that I
had back in January of this year in a different lig
From: Josh Nielsen <jniel...@hudsonalpha.org>
To: xCAT Users Mailing list <xcat-user@lists.sourceforge.net>
Date: 2014/09/25 05:46
Subject: Re: [xcat-user] Questions on prerequisites for external DNS and
makedns -e
I'm starting to see an older conversation that I had back in January
of this year in a different light now:
http://permalink.gmane.org/gmane.comp.clustering.xcat.user/182
There it was suggested that I "be aware that you may need to run a
separate makedns to populate the local zone files as well as makedns
-e to do the external name servers." Does this mean that an xCAT
installation is required on the external DNS server just to populate
the zones initially? Wouldn't having two xCAT installations, whose
records you have to keep in sync, get tedious after a while? Maybe I'm
misunderstanding how the external DNS solution is supposed to work in
connection with xCAT. Any clarifications are welcome.
-Josh
On Wed, Sep 24, 2014 at 4:03 PM, Josh Nielsen <jniel...@hudsonalpha.org>
wrote:
> Hello all,
>
> I am in the process of trying to move to an external DNS implementation
for
> name resolution with our compute cluster. The only requirement I see in
the
> man page for makedns is to have one (and only one?) IP of the external
DNS
> server that you want to update in /etc/resolv.conf and also a valid
> xcat_key.
>
> Firstly, how do you specify the xcat_key to be used on the client
server
> that is pushing out the dns changes with makedns -e? For a local setup
the
> key definition in /etc/named.conf is sufficient, but since makedns -e
isn't
> dependent on the local config (or is it?), how is the xcat_key
specified?
> The local /etc/named.conf file doesn't even need to exist on the client
does
> it?
>
> Secondly, the server I am pushing to only has a 127.0.0 zone since it
is a
> fresh BIND install and I'm wanting 'makedns -e' to create the new zones
(and
> zone files under /var/named/) for me on the remote server. With a local
DNS
> setup, makedns would parse your settings and handle all the file
updates and
> creation for you. But when I try makedns -e I see the following but no
> files or zone updates (is this an xcat_key problem?):
>
> (I ran the remote DNS BIND daemon in the foreground with -d 60
verbosity)
>
> 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: UDP request
> 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: using view
'_default'
> 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: request is not
signed
> 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: recursion available
> 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: query
> 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844
> (9.101.20.10.IN-ADDR.ARPA): ns_client_attach: ref = 1
> 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
> (9.101.20.10.IN-ADDR.ARPA): query '9.101.20.10.IN-ADDR.ARPA/NS/IN'
approved
> 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
> (9.101.20.10.IN-ADDR.ARPA): send
> 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
> (9.101.20.10.IN-ADDR.ARPA): sendto
> 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
> (9.101.20.10.IN-ADDR.ARPA): senddone
> 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
> (9.101.20.10.IN-ADDR.ARPA): next
> 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
> (9.101.20.10.IN-ADDR.ARPA): ns_client_detach: ref = 0
> 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
> (9.101.20.10.IN-ADDR.ARPA): endrequest
> 24-Sep-2014 15:30:14.687 client @0x7f000c0d7710: udprecv
> 24-Sep-2014 15:30:14.687 sockmgr 0x7f0017e06010: watcher got message -3
for
> socket 514
> 24-Sep-2014 15:30:14.687 sockmgr 0x7f0017e06010: watcher got message -2
for
> socket -1
> 24-Sep-2014 15:30:14.687 socket 0x7f0017e1ebc8: socket_recv: event
> 0x7f0017c8c160 -> task 0x7f0017e369d0
> 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8: dispatch_recv: event
> 0x7f0017c8c160 -> task 0x7f0017e369d0
> 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8: internal_recv: task
> 0x7f0017e369d0 got event 0x7f0017e1ec88
> 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8 172.26.42.60#46141:
packet
> received correctly
>
> "9.101.20.10.IN-ADDR.ARPA/NS/IN" must be my test node definition in the
> client's /etc/hosts file "10.20.101.9 node0009 node0009.mydomain.org",
but I
> have no zone definition for 10.20 in /etc/named.conf on the external
DNS
> server yet.
>
> On the Cluster Name Resolution wiki page
> (
http://sourceforge.net/apps/mediawiki/xcat/index.php?title=Cluster_Name_Resolution
)
> under 'Option #2: Use a DNS That is Outside of the Cluster' it says:
"If you
> already have a DNS on your site network and you want to use that for
your
> cluster node names too, you can point all of the nodes to it. You must
> ensure that your nodes have IP connectivity to the DNS, and you must
> manually configure your DNS with the node hostnames and IP addresses."
>
> Does 'makedns -e' not populate the zone files for you, just like it
would if
> DNS were running locally on the MN itself by just parsing /etc/hosts on
the
> client and adding/pushing it to the (remote) DNS zone files for you?
>
> If not does this mean I need to hand configure the remote DNS server's
> /etc/named.conf to stub out definitions for (as of yet) empty zones, or
will
> makedns -e do that for me?
>
> Thanks,
> Josh
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user
