Lissa / Xiao,
I may have possibly discovered a bug(?) in ddns.pm, unless it is a print
formatting issue. I traced the autovivification of the $ctx hash in ddns.pm
throughout the code, and then wrote a few lines of test code to descend
into all the hash values of $ctx and print them out (prefixed with the
string "CTX Key/Value").
For $ctx->{resolver} the value looks like it may not have executed the
Net::DNS::Resolver Perl call correctly, and instead treated the
Net::DNS::Resolver function as a literal string (and what caught my eye is
that the string has a space between the two colons after Net (e.g. "Net:
:"). Here is what my code printed for the key/value of $ctx->{resolver}:
CTX Key/Value ||resolver|| => Net: :DNS::Resolver=HASH(0x2ca6b08)
Maybe the actual Perl module call "Net: :DNS::Resolver" is meant to be
literally placed in the value of the $ctx_{resolver} though, so I may be
mistaken. By contrast, however, some of the other key/value pairs under
$ctx looked like this:
CTX Key/Value ||domain|| => morgan.haib.org
CTX Key/Value ||forwarders|| => ARRAY(0x2b9b2d8)
||forwarders|| (ARRAY VALUE) 172.24.12.1
||forwarders|| (ARRAY VALUE) 172.24.12.2
The relevant code on line 723 of ddns.pm is:
if ($external)
{
# based on /etc/resolv.conf
$ctx->{resolver} = Net::DNS::Resolver->new();
}
else
{
# default to localhost
$ctx->{resolver} =
Net::DNS::Resolver->new(nameservers=>['127.0.0.1']);
}
my $ret = add_or_delete_records($ctx);
unless($ret) {
xCAT::SvrUtils::sendmsg("DNS setup is completed", $callback);
}
Is the value of $ctx->{resolver} normally supposed to be
"Net::DNS::Resolver=HASH(0x2ca6b08)" (once I remove the whitespace between
the two colons)? Or is it not supposed to include the Perl module call?
Regards,
Josh
On Thu, Oct 2, 2014 at 1:47 PM, Josh Nielsen <jniel...@hudsonalpha.org>
wrote:
> Okay, so I moved to an RPM based install of BIND instead of from source
> and the problem did not go away. My setup is that I am using a development
> machine which I exported the current xCAT settings that are on my iDataPlex
> headnode to that dev VM which I installed xCAT on (definitely a newer
> version on the VM than the headnode) and when I first ran restorexCATdb I
> got errors when running 'makedns' which said: "*Ignoring host node0014,
> it does not belong to any nets defined in networks table or the net it
> belongs to is configured to use an external nameserver*."
>
> I thought: That's odd, because the network definition looks fine to me and
> I don't see why xCAT would change it between versions. On the headnode the
> networks database looks like this for the relevant network (compute) & a
> secondary network (I snipped out the other entries):
>
>
> #netname,net,mask,mgtifname,gateway,dhcpserver,tftpserver,nameservers,ntpservers,logservers,dynamicrange,staticrange,staticrangeincrement,nodehostname,ddnsdomain,vlanid,domain,comments,disable
>
> "compute","10.20.0.0","255.255.0.0","eth0",,,"10.20.0.1","10.20.0.1",,,"10.20.200.254-10.20.254.254",,,,,,,,
> "10gig","10.60.0.0","255.255.0.0",,,,,,"10.20.0.1",,,,,,,,,,
>
> When I restored the tables on the dev VM it would fail to parse "compute"
> but not for "10gig" (the only obvious difference being that "10gig" had
> less fields filled in). I modified the ddns.pm code to echo messages when
> parsing the networks to determine what was going on, and once I discovered
> that it liked "10gig" but not "compute" I deleted all the extra fields in
> "compute" to make it match "10gig" and suddenly it would parse. Maybe it
> has to do with the "dynamicrange" field in the networks definition?
>
> Below are my code modifications (just adding "sendmsg" commands) and the
> corresponding output from a test execution:
>
>
> # exclude the nodes not belong to any nets defined in networks table
> # because only the nets defined in networks table will be
> add
> # zones later.
> my $found = 0;
> foreach (@networks)
> {
> xCAT::SvrUtils::sendmsg("ADDR is $addr ", $callback);
> xCAT::SvrUtils::sendmsg("MASK is $_->{mask} ", $callback);
> xCAT::SvrUtils::sendmsg("NETWORK is $_->{net} ",
> $callback);
> if(xCAT::NetworkUtils->ishostinsubnet($addr, $_->{mask},
> $_->{net}))
> {
> $found = 1;
> xCAT::SvrUtils::sendmsg("Found! ", $callback);
> }
> else {
> xCAT::SvrUtils::sendmsg("Not Found! ", $callback);
> }
> }
>
> if ($found)
> {
> push @nodes,$node;
> $ctx->{nodeips}->{$node}->{$addr}=1;
> }
> else
> {
> unless ($node =~ /localhost/)
> {
> xCAT::SvrUtils::sendmsg(":Ignoring host $node, it does
> not belong to any nets defined in networks table or the net it belongs to
> is configured to use an external nameserver.", $callback);
> }
> }
>
> -------
>
> My test run:
>
> # makedns -e node0014
> Handling node0014 in /etc/hosts.
> ADDR is 10.20.101.14
> MASK is
> NETWORK is
> Not Found!
> ----
> ADDR is 10.20.101.14
> MASK is
> NETWORK is
> Not Found!
> ----
> ADDR is 10.20.101.14
> MASK is 255.255.0.0
> NETWORK is 10.40.0.0
> Not Found!
> ----
> ADDR is 10.20.101.14
> MASK is 255.255.0.0
> NETWORK is 10.20.0.0
> Found!
> -----
> ADDR is 10.20.101.14
> MASK is 255.255.0.0
> NETWORK is 10.60.0.0
> Not Found!
> -----
>
>
> As you can see, some other networks are being parsed as "blank" (the first
> two encountered in the "foreach" loop) but after I modified the "compute"/
> 10.20.0.0 network then it printed finally my "Found!" message (perviously
> it was also parsing as blank). I suspect that there are other lurking
> problems in the tables between the two xCAT versions due to the
> backup/restore of the databases which might be causing this problem. I'm
> not sure how to address this without a full reinstall from scratch for xCAT
> if a backup/restore between versions is not possible/compatible. I'm
> exploring alternatives though.
>
> Regards,
> Josh
>
>
> On Wed, Oct 1, 2014 at 10:45 AM, Josh Nielsen <jniel...@hudsonalpha.org>
> wrote:
>
>> So I'm thinking that either:
>>
>> A) My DNS server (BIND) is somehow misconfigured (which may include some
>> bug when BIND is compiled from the latest source) - even though the keys
>> obviously work in some instances and I am indeed getting partial remote
>> updates successfully.
>> - OR -
>> B) There is a bug in makedns or the underlying config/tools it uses on
>> the OS. Possibly there was some unclean transfer or mismatch of settings
>> when I used dumpxCATdb/restorexCATdb, even though I updated the site table
>> and have my resolv.conf pointing only to the external DNS server. Even so,
>> as I pointed out, some of the entries are being correctly sent with the
>> key, but I am occasionally seeing "request is not signed" for some requests
>> OR I am not seeing the request for a forward lookup entry at all (which is
>> what happened the first few times I tried).
>>
>> I just can't tell whether it is a sending problem (makedns/nsupdate) or a
>> receiving problem (external BIND server).
>>
>> -Josh
>>
>> On Tue, Sep 30, 2014 at 10:29 AM, Josh Nielsen <jniel...@hudsonalpha.org>
>> wrote:
>>
>>> Xiao,
>>>
>>> For some additional details I am running BIND 9.10.0-P2 which I compiled
>>> from source. I used "--enable-largefile" which specfies "64-bit file
>>> support" but I noticed this in the kernel boot messages in
>>> /var/log/messages:
>>>
>>> Sep 29 11:25:25 dns01 kernel: warning: `named' uses 32-bit capabilities
>>> (legacy support in use)
>>>
>>> When I start named in the foreground here are the first few lines, where
>>> you can see my compile options and a few things about startup:
>>>
>>> 30-Sep-2014 09:59:20.672 built with '--prefix=/opt/bind9'
>>> '--sysconfdir=/etc' '--with-gtest' '--with-log4cplus=/opt/log4cplus'
>>> '--with-pythonpath=/usr/bin/python' '--localstatedir=/var'
>>> '--mandir=/usr/share/man' '--enable-threads' '--enable-largefile'
>>> '--with-libtool' '--disable-static' '--with-openssl'
>>> 30-Sep-2014 09:59:20.672
>>> ----------------------------------------------------
>>> 30-Sep-2014 09:59:20.672 BIND 9 is maintained by Internet Systems
>>> Consortium,
>>> 30-Sep-2014 09:59:20.672 Inc. (ISC), a non-profit 501(c)(3)
>>> public-benefit
>>> 30-Sep-2014 09:59:20.672 corporation. Support and training for BIND 9
>>> are
>>> 30-Sep-2014 09:59:20.672 available at https://www.isc.org/support
>>> 30-Sep-2014 09:59:20.672
>>> ----------------------------------------------------
>>> 30-Sep-2014 09:59:20.672 adjusted limit on open files from 4096 to
>>> 1048576
>>> 30-Sep-2014 09:59:20.672 found 1 CPU, using 1 worker thread
>>> 30-Sep-2014 09:59:20.672 using 1 UDP listener per interface
>>> 30-Sep-2014 09:59:20.672 using up to 4096 sockets
>>> 30-Sep-2014 09:59:20.672 Registering DLZ_dlopen driver
>>> 30-Sep-2014 09:59:20.672 Registering SDLZ driver 'dlopen'
>>> 30-Sep-2014 09:59:20.672 Registering DLZ driver 'dlopen'
>>> 30-Sep-2014 09:59:20.676 decrement_reference: delete from rbt:
>>> 0x7ff551ecd148 .
>>> 30-Sep-2014 09:59:20.678 socket 0x7ff551ede010: created
>>> 30-Sep-2014 09:59:20.678 sockmgr 0x7ff551ec6010: watcher got message -3
>>> for socket 20
>>> 30-Sep-2014 09:59:20.678 sockmgr 0x7ff551ec6010: watcher got message -2
>>> for socket -1
>>> 30-Sep-2014 09:59:20.678 socket 0x7ff551ede010: socket_recv: event
>>> 0x7ff551ee0010 -> task 0x7ff551ed9250
>>> 30-Sep-2014 09:59:20.678 loading configuration from '/etc/named.conf'
>>> 30-Sep-2014 09:59:20.679 reading built-in trusted keys from file
>>> '/etc/bind.keys'
>>>
>>> I've been planning to move to an RPM based installation rolled out with
>>> CentOS but was testing with a source install first. Does any of this look
>>> like a likely culprit for the problems I'm seeing?
>>>
>>> Thanks,
>>> Josh
>>>
>>> On Mon, Sep 29, 2014 at 9:40 PM, Xiao Peng Wang <w...@cn.ibm.com> wrote:
>>>
>>>> Then, in this case, did you check the 'allow of key xcat_key' has been
>>>> set correctly in name.conf for zone morgan.haib.org? And did you see
>>>> any useful message for this error in the syslog of external server?
>>>>
>>>> Thanks
>>>> Best Regards
>>>> ----------------------------------------------------------------------
>>>> Wang Xiaopeng (王晓朋)
>>>> IBM China System Technology Laboratory
>>>> Tel: 86-10-82453455
>>>> Email: w...@cn.ibm.com
>>>> Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road,
>>>> Haidian District Beijing P.R.China 100193
>>>>
>>>> [image: Inactive hide details for Josh Nielsen ---2014/09/30
>>>> 06:49:50---Okay, I have the external DNS server working: partly. For
>>>> some]Josh
>>>> Nielsen ---2014/09/30 06:49:50---Okay, I have the external DNS server
>>>> working: partly. For some very odd reason the external DNS serv
>>>>
>>>> From: Josh Nielsen <jniel...@hudsonalpha.org>
>>>> To: xCAT Users Mailing list <xcat-user@lists.sourceforge.net>
>>>> Date: 2014/09/30 06:49
>>>> Subject: Re: [xcat-user] Questions on prerequisites for external DNS
>>>> and makedns -e
>>>> ------------------------------
>>>>
>>>>
>>>>
>>>> Okay, I have the external DNS server working: partly. For some very odd
>>>> reason the external DNS server is only receiving the request to enter the
>>>> reverse lookup for a new node (ex: makedns -e node0014), but does not even
>>>> attempt to add the forward lookup zone. I see the key authorization passed
>>>> successfully for the reverse entry, so there are no authentication issues,
>>>> and when I try a manual 'nsupdate' it adds the forward lookup definition
>>>> just fine:
>>>>
>>>> # nsupdate -k /etc/rndc.key
>>>> > server [external_dns_ip]
>>>> > prereq nxdomain *node0014.morgan.haib.org*
>>>> <http://node0014.morgan.haib.org/>.
>>>> > update add *node0014.morgan.haib.org*
>>>> <http://node0014.morgan.haib.org/>. 300 A 10.20.101.14
>>>> > send
>>>>
>>>> It looks like 'makedns -e node0014' is somehow sending ONLY the reverse
>>>> lookup definition (though this is only a guess). This is what the client
>>>> sees:
>>>>
>>>> [root@JNDev ~]# makedns -e node0014
>>>> Handling node0014 in /etc/hosts.
>>>> Getting reverse zones, this may take several minutes for a large
>>>> cluster.
>>>> Completed getting reverse zones.
>>>> Updating DNS records, this may take several minutes for a large cluster.
>>>> Error: No reply received when sending DNS update to zone
>>>> *morgan.haib.org* <http://morgan.haib.org/>.
>>>> Completed updating DNS records.
>>>>
>>>> It updates my reverse zone '20.10.IN-ADDR.ARPA' in the file 'db.10.20'
>>>> but for the DNS zone '*morgan.haib.org* <http://morgan.haib.org/>' I
>>>> see the message: "Error: No reply received when sending DNS update to zone
>>>> *morgan.haib.org* <http://morgan.haib.org/>".
>>>>
>>>> Here is what I see from running named in the foreground when running
>>>> "makedns -e node0014":
>>>>
>>>> 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681: UDP request
>>>> 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681: using view
>>>> '_default'
>>>> 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681: request has valid
>>>> signature: xcat_key
>>>> 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key:
>>>> recursion available
>>>> 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: update
>>>> 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key:
>>>> ns_client_attach: ref = 1
>>>> 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key:
>>>> updating zone '20.10.IN-ADDR.ARPA/IN': prerequisites are OK
>>>> 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: signer
>>>> "xcat_key" approved
>>>> 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key: update
>>>> '20.10.IN-ADDR.ARPA/IN' approved
>>>> 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key:
>>>> updating zone '20.10.IN-ADDR.ARPA/IN': update section prescan OK
>>>> 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key:
>>>> updating zone '20.10.IN-ADDR.ARPA/IN': adding an RR at
>>>> '14.101.20.10.IN-ADDR.ARPA' PTR *node0014.morgan.haib.org*
>>>> <http://node0014.morgan.haib.org/>.
>>>> 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key:
>>>> updating zone '20.10.IN-ADDR.ARPA/IN': checking for NSEC3PARAM changes
>>>> 29-Sep-2014 15:13:07.022 client 172.26.42.60#60681/key xcat_key:
>>>> updating zone '20.10.IN-ADDR.ARPA/IN': writing journal morgan/db.10.20.jnl
>>>> 29-Sep-2014 15:13:07.022 writing to journal
>>>> 29-Sep-2014 15:13:07.022 del 20.10.IN-ADDR.ARPA. 86400 IN SOA
>>>> *dns01.morgan.haib.org* <http://dns01.morgan.haib.org/>.
>>>> *root.dns01.morgan.haib.org* <http://root.dns01.morgan.haib.org/>.
>>>> 2012072410 10800 3600 604800 86400
>>>> 29-Sep-2014 15:13:07.022 add 20.10.IN-ADDR.ARPA. 86400 IN SOA
>>>> *dns01.morgan.haib.org* <http://dns01.morgan.haib.org/>.
>>>> *root.dns01.morgan.haib.org* <http://root.dns01.morgan.haib.org/>.
>>>> 2012072411 10800 3600 604800 86400
>>>> 29-Sep-2014 15:13:07.022 add 14.101.20.10.IN-ADDR.ARPA. 86400 IN PTR
>>>> *node0014.morgan.haib.org* <http://node0014.morgan.haib.org/>.
>>>> 29-Sep-2014 15:13:07.033 client 172.26.42.60#60681/key xcat_key:
>>>> updating zone '20.10.IN-ADDR.ARPA/IN': committing update transaction
>>>> 29-Sep-2014 15:13:07.034 zone_needdump: zone 20.10.IN-ADDR.ARPA/IN:
>>>> enter
>>>> 29-Sep-2014 15:13:07.034 zone_settimer: zone 20.10.IN-ADDR.ARPA/IN:
>>>> enter
>>>> 29-Sep-2014 15:13:07.034 zone_settimer: zone 20.10.IN-ADDR.ARPA/IN:
>>>> enter
>>>> 29-Sep-2014 15:13:07.034 client 172.26.42.60#60681/key xcat_key: send
>>>> 29-Sep-2014 15:13:07.034 client 172.26.42.60#60681/key xcat_key: sendto
>>>> 29-Sep-2014 15:13:07.034 client 172.26.42.60#60681/key xcat_key:
>>>> senddone
>>>> 29-Sep-2014 15:13:07.034 client 172.26.42.60#60681/key xcat_key: next
>>>> 29-Sep-2014 15:13:07.034 client 172.26.42.60#60681/key xcat_key:
>>>> ns_client_detach: ref = 0
>>>> 29-Sep-2014 15:13:07.034 client 172.26.42.60#60681/key xcat_key:
>>>> endrequest
>>>>
>>>> Any ideas what debugging steps I can take to see why the forward lookup
>>>> is not being sent as well? I would love to know the actual command makedns
>>>> ends up executing on the operating system/Linux (unless it uses direct BIND
>>>> library calls from perl instead - but in that case is there any way to
>>>> print out messages from *ddns.pm* <http://ddns.pm/> or whatever calls
>>>> it?).
>>>>
>>>> Thanks,
>>>> Josh Nielsen
>>>>
>>>>
>>>> On Fri, Sep 26, 2014 at 10:03 AM, Josh Nielsen <
>>>> *jniel...@hudsonalpha.org* <jniel...@hudsonalpha.org>> wrote:
>>>> >
>>>> > Thank you for the clarifications. I read the wiki entry on Cluster
>>>> Name Resolution but wanted to be sure of the particulars.
>>>> >
>>>> > Regards,
>>>> > Josh
>>>> >
>>>> > On Thu, Sep 25, 2014 at 10:36 PM, Xiao Peng Wang <*w...@cn.ibm.com*
>>>> <w...@cn.ibm.com>> wrote:
>>>> >>
>>>> >> #1, you are right, you need prepare configuration files in external
>>>> dns server.
>>>> >>
>>>> >> #2, the xcat_key is gotten from passwd table like this
>>>> '"omapi","xcat_key","TjFYM2kwTUNOcWVVZG5QNWFhb2xPVkg1eTZLMXpuSGs=",,,,'
>>>> >>
>>>> >>
>>>> >>
>>>> >> Thanks
>>>> >> Best Regards
>>>> >>
>>>> ----------------------------------------------------------------------
>>>> >> Wang Xiaopeng (王晓朋)
>>>> >> IBM China System Technology Laboratory
>>>> >> Tel: 86-10-82453455
>>>> >> Email: *w...@cn.ibm.com* <w...@cn.ibm.com>
>>>> >> Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road,
>>>> Haidian District Beijing P.R.China 100193
>>>> >>
>>>> >> Josh Nielsen ---2014/09/25 21:58:19---Hi Xiao, Thanks for the
>>>> response. So if I have this straight, I need to manually
>>>> >>
>>>> >> From: Josh Nielsen <*jniel...@hudsonalpha.org*
>>>> <jniel...@hudsonalpha.org>>
>>>> >> To: xCAT Users Mailing list <*xcat-user@lists.sourceforge.net*
>>>> <xcat-user@lists.sourceforge.net>>
>>>> >> Date: 2014/09/25 21:58
>>>> >> Subject: Re: [xcat-user] Questions on prerequisites for external DNS
>>>> and makedns -e
>>>> >>
>>>> >> ________________________________
>>>> >>
>>>> >>
>>>> >>
>>>> >> Hi Xiao,
>>>> >>
>>>> >> Thanks for the response. So if I have this straight, I need to
>>>> manually create and maintain the zone files on the external DNS server, and
>>>> already have initially empty (but present) zone files in place. Is that
>>>> right? And I imagine that I will need to "allow-update" from the IP of the
>>>> xCAT server too.
>>>> >>
>>>> >> Secondly, I still don't quite understand about the xcat_key. On the
>>>> server hosting xCAT the xcat_key is typically defined in /etc/rndc.key and
>>>> in /etc/named.conf. I should not even need /etc/named.conf since I am not
>>>> hosting DNS on the same server as xCAT correct? Or does makedns have some
>>>> sort of dependency on a local /etc/named.conf even when pushing externally?
>>>> If /etc/named.conf is not needed, however, then where does "makedns" (which
>>>> I think ends up running 'nsupdate') read the key from?
>>>> >>
>>>> >> Note that I have already configured the xcat_key on the external DNS
>>>> server in its own /etc/named.conf, but I am not asking about that host but
>>>> rather the xCAT server (which for purposes of DNS I am calling the
>>>> "client").
>>>> >>
>>>> >> Thanks,
>>>> >> Josh
>>>> >>
>>>> >> On Wed, Sep 24, 2014 at 8:59 PM, Xiao Peng Wang <*w...@cn.ibm.com*
>>>> <w...@cn.ibm.com>> wrote:
>>>> >>
>>>> >> You can NOT depend on xCAT to setup dns server on remote server. You
>>>> need get the xcat_key from local dns configuration.
>>>> >>
>>>> >> You need prepare the remote dns ready so that xCAT could push the
>>>> new dns entry to the remote dns server, this is what xCAT 'makedns -e'
>>>> does.
>>>> >>
>>>> >> Thanks
>>>> >> Best Regards
>>>> >>
>>>> ----------------------------------------------------------------------
>>>> >> Wang Xiaopeng (王晓朋)
>>>> >> IBM China System Technology Laboratory
>>>> >> Tel: 86-10-82453455
>>>> >> Email: *w...@cn.ibm.com* <w...@cn.ibm.com>
>>>> >> Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road,
>>>> Haidian District Beijing P.R.China 100193
>>>> >>
>>>> >> Josh Nielsen ---2014/09/25 05:46:04---I'm starting to see an older
>>>> conversation that I had back in January of this year in a different lig
>>>> >>
>>>> >> From: Josh Nielsen <*jniel...@hudsonalpha.org*
>>>> <jniel...@hudsonalpha.org>>
>>>> >> To: xCAT Users Mailing list <*xcat-user@lists.sourceforge.net*
>>>> <xcat-user@lists.sourceforge.net>>
>>>> >> Date: 2014/09/25 05:46
>>>> >> Subject: Re: [xcat-user] Questions on prerequisites for external DNS
>>>> and makedns -e
>>>> >> ________________________________
>>>> >>
>>>> >>
>>>> >>
>>>> >> I'm starting to see an older conversation that I had back in January
>>>> >> of this year in a different light now:
>>>> >> *http://permalink.gmane.org/gmane.comp.clustering.xcat.user/182*
>>>> <http://permalink.gmane.org/gmane.comp.clustering.xcat.user/182>
>>>> >>
>>>> >> There it was suggested that I "be aware that you may need to run a
>>>> >> separate makedns to populate the local zone files as well as makedns
>>>> >> -e to do the external name servers." Does this mean that an xCAT
>>>> >> installation is required on the external DNS server just to populate
>>>> >> the zones initially? Wouldn't having two xCAT installations, whose
>>>> >> records you have to keep in sync, get tedious after a while? Maybe
>>>> I'm
>>>> >> misunderstanding how the external DNS solution is supposed to work in
>>>> >> connection with xCAT. Any clarifications are welcome.
>>>> >>
>>>> >> -Josh
>>>> >>
>>>> >> On Wed, Sep 24, 2014 at 4:03 PM, Josh Nielsen <
>>>> *jniel...@hudsonalpha.org* <jniel...@hudsonalpha.org>> wrote:
>>>> >> > Hello all,
>>>> >> >
>>>> >> > I am in the process of trying to move to an external DNS
>>>> implementation for
>>>> >> > name resolution with our compute cluster. The only requirement I
>>>> see in the
>>>> >> > man page for makedns is to have one (and only one?) IP of the
>>>> external DNS
>>>> >> > server that you want to update in /etc/resolv.conf and also a valid
>>>> >> > xcat_key.
>>>> >> >
>>>> >> > Firstly, how do you specify the xcat_key to be used on the client
>>>> server
>>>> >> > that is pushing out the dns changes with makedns -e? For a local
>>>> setup the
>>>> >> > key definition in /etc/named.conf is sufficient, but since makedns
>>>> -e isn't
>>>> >> > dependent on the local config (or is it?), how is the xcat_key
>>>> specified?
>>>> >> > The local /etc/named.conf file doesn't even need to exist on the
>>>> client does
>>>> >> > it?
>>>> >> >
>>>> >> > Secondly, the server I am pushing to only has a 127.0.0 zone since
>>>> it is a
>>>> >> > fresh BIND install and I'm wanting 'makedns -e' to create the new
>>>> zones (and
>>>> >> > zone files under /var/named/) for me on the remote server. With a
>>>> local DNS
>>>> >> > setup, makedns would parse your settings and handle all the file
>>>> updates and
>>>> >> > creation for you. But when I try makedns -e I see the following
>>>> but no
>>>> >> > files or zone updates (is this an xcat_key problem?):
>>>> >> >
>>>> >> > (I ran the remote DNS BIND daemon in the foreground with -d 60
>>>> verbosity)
>>>> >> >
>>>> >> > 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: UDP request
>>>> >> > 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: using view
>>>> '_default'
>>>> >> > 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: request is not
>>>> signed
>>>> >> > 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: recursion
>>>> available
>>>> >> > 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844: query
>>>> >> > 24-Sep-2014 15:30:14.686 client 172.26.42.60#56844
>>>> >> > (9.101.20.10.IN-ADDR.ARPA): ns_client_attach: ref = 1
>>>> >> > 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
>>>> >> > (9.101.20.10.IN-ADDR.ARPA): query '9.101.20.10.IN-ADDR.ARPA/NS/IN'
>>>> approved
>>>> >> > 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
>>>> >> > (9.101.20.10.IN-ADDR.ARPA): send
>>>> >> > 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
>>>> >> > (9.101.20.10.IN-ADDR.ARPA): sendto
>>>> >> > 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
>>>> >> > (9.101.20.10.IN-ADDR.ARPA): senddone
>>>> >> > 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
>>>> >> > (9.101.20.10.IN-ADDR.ARPA): next
>>>> >> > 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
>>>> >> > (9.101.20.10.IN-ADDR.ARPA): ns_client_detach: ref = 0
>>>> >> > 24-Sep-2014 15:30:14.687 client 172.26.42.60#56844
>>>> >> > (9.101.20.10.IN-ADDR.ARPA): endrequest
>>>> >> > 24-Sep-2014 15:30:14.687 client @0x7f000c0d7710: udprecv
>>>> >> > 24-Sep-2014 15:30:14.687 sockmgr 0x7f0017e06010: watcher got
>>>> message -3 for
>>>> >> > socket 514
>>>> >> > 24-Sep-2014 15:30:14.687 sockmgr 0x7f0017e06010: watcher got
>>>> message -2 for
>>>> >> > socket -1
>>>> >> > 24-Sep-2014 15:30:14.687 socket 0x7f0017e1ebc8: socket_recv: event
>>>> >> > 0x7f0017c8c160 -> task 0x7f0017e369d0
>>>> >> > 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8: dispatch_recv:
>>>> event
>>>> >> > 0x7f0017c8c160 -> task 0x7f0017e369d0
>>>> >> > 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8: internal_recv: task
>>>> >> > 0x7f0017e369d0 got event 0x7f0017e1ec88
>>>> >> > 24-Sep-2014 15:30:14.688 socket 0x7f0017e1ebc8 172.26.42.60#46141:
>>>> packet
>>>> >> > received correctly
>>>> >> >
>>>> >> > "9.101.20.10.IN-ADDR.ARPA/NS/IN" must be my test node definition
>>>> in the
>>>> >> > client's /etc/hosts file "10.20.101.9 node0009
>>>> *node0009.mydomain.org* <http://node0009.mydomain.org/>", but I
>>>> >> > have no zone definition for 10.20 in /etc/named.conf on the
>>>> external DNS
>>>> >> > server yet.
>>>> >> >
>>>> >> > On the Cluster Name Resolution wiki page
>>>> >> > (
>>>> *http://sourceforge.net/apps/mediawiki/xcat/index.php?title=Cluster_Name_Resolution*
>>>> <http://sourceforge.net/apps/mediawiki/xcat/index.php?title=Cluster_Name_Resolution>
>>>> )
>>>> >> > under 'Option #2: Use a DNS That is Outside of the Cluster' it
>>>> says: "If you
>>>> >> > already have a DNS on your site network and you want to use that
>>>> for your
>>>> >> > cluster node names too, you can point all of the nodes to it. You
>>>> must
>>>> >> > ensure that your nodes have IP connectivity to the DNS, and you
>>>> must
>>>> >> > manually configure your DNS with the node hostnames and IP
>>>> addresses."
>>>> >> >
>>>> >> > Does 'makedns -e' not populate the zone files for you, just like
>>>> it would if
>>>> >> > DNS were running locally on the MN itself by just parsing
>>>> /etc/hosts on the
>>>> >> > client and adding/pushing it to the (remote) DNS zone files for
>>>> you?
>>>> >> >
>>>> >> > If not does this mean I need to hand configure the remote DNS
>>>> server's
>>>> >> > /etc/named.conf to stub out definitions for (as of yet) empty
>>>> zones, or will
>>>> >> > makedns -e do that for me?
>>>> >> >
>>>> >> > Thanks,
>>>> >> > Josh
>>>> >>
>>>> >>
>>>> ------------------------------------------------------------------------------
>>>> >> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
>>>> >> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS
>>>> Reports
>>>> >> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
>>>> >> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>>>> >>
>>>> *http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk*
>>>> <http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk>
>>>> >> _______________________________________________
>>>> >> xCAT-user mailing list
>>>> >> *xCAT-user@lists.sourceforge.net* <xCAT-user@lists.sourceforge.net>
>>>> >> *https://lists.sourceforge.net/lists/listinfo/xcat-user*
>>>> <https://lists.sourceforge.net/lists/listinfo/xcat-user>
>>>> >>
>>>> >>
>>>> >>
>>>> >>
>>>> ------------------------------------------------------------------------------
>>>> >> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
>>>> >> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS
>>>> Reports
>>>> >> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
>>>> >> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>>>> >>
>>>> *http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk*
>>>> <http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk>
>>>> >> _______________________________________________
>>>> >> xCAT-user mailing list
>>>> >> *xCAT-user@lists.sourceforge.net* <xCAT-user@lists.sourceforge.net>
>>>> >> *https://lists.sourceforge.net/lists/listinfo/xcat-user*
>>>> <https://lists.sourceforge.net/lists/listinfo/xcat-user>
>>>> >>
>>>> >>
>>>> ------------------------------------------------------------------------------
>>>> >> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
>>>> >> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS
>>>> Reports
>>>> >> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
>>>> >> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>>>> >>
>>>> *http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk_______________________________________________*
>>>> <http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk_______________________________________________>
>>>> >> xCAT-user mailing list
>>>> >> *xCAT-user@lists.sourceforge.net* <xCAT-user@lists.sourceforge.net>
>>>> >> *https://lists.sourceforge.net/lists/listinfo/xcat-user*
>>>> <https://lists.sourceforge.net/lists/listinfo/xcat-user>
>>>> >>
>>>> >>
>>>> >>
>>>> ------------------------------------------------------------------------------
>>>> >> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
>>>> >> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS
>>>> Reports
>>>> >> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
>>>> >> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>>>> >>
>>>> *http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk*
>>>> <http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk>
>>>> >> _______________________________________________
>>>> >> xCAT-user mailing list
>>>> >> *xCAT-user@lists.sourceforge.net* <xCAT-user@lists.sourceforge.net>
>>>> >> *https://lists.sourceforge.net/lists/listinfo/xcat-user*
>>>> <https://lists.sourceforge.net/lists/listinfo/xcat-user>
>>>> >>
>>>> >
>>>> ------------------------------------------------------------------------------
>>>> Slashdot TV. Videos for Nerds. Stuff that Matters.
>>>>
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk
>>>> _______________________________________________
>>>> xCAT-user mailing list
>>>> xCAT-user@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/xcat-user
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
>>>> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
>>>> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
>>>> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>>>>
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
>>>> _______________________________________________
>>>> xCAT-user mailing list
>>>> xCAT-user@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/xcat-user
>>>>
>>>>
>>>
>>
>
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user
