Re: [xcat-user] makedns-generated zones and their NS record

Sun, 05 Nov 2017 22:35:37 -0800

Hi Kevin,
 
In your playgroud, " the DNS server should only be listening on eth2".
 
So "dnsinterfaces" attribute in site table can control which the network interfaces DNS should listen on.
 
dnsinterfaces:  The network interfaces DNS should listen on.  If it is the same for all
                 nodes, use a simple comma-separated list of NICs.  To specify different
                 NICs for different nodes, use the format: "xcatmn|eth1,eth2;service|bond0",
                 where xcatmn is the name of the management node, and DNS should listen on
                 the eth1 and eth2 interfaces.  All the nods in group 'service' should
                 listen on the 'bond0' interface.
                 NOTE: If using this attribute to block certain interfaces, make sure
                 the IP maps to your hostname of xCAT MN is not blocked since xCAT needs
                 to use this IP to communicate with the local NDS server on MN.
 
 
Best Regards
--------------------------------------------------
Yuan Bai (白媛)

CSTL HPC System Management Development
Tel:86-10-82451401
E-mail: by...@cn.ibm.com
Address: IBM ZGC Campus. Ring Building 28,
ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, Haidian District,
Beijing P.R.China 100193

IBM环宇大厦
北京市海淀区东北旺西路8号,中关村软件园28号楼
邮编:100193
 
 
----- Original message -----
From: "Yuan Y Bai" <by...@cn.ibm.com>
To: xcat-user@lists.sourceforge.net
Cc: xcat-user@lists.sourceforge.net
Subject: Re: [xcat-user] makedns-generated zones and their NS record
Date: Mon, Nov 6, 2017 10:47 AM
 
Hi Kevin,
 
Thanks for your summary.
 
After "xcatconfig -m", there is xcat MN node hpcmn-test,  you need to "chdef hpcmn-test ip=...; makehosts -n", its name and ip will be added into /etc/hosts.
 
 
Best Regards
--------------------------------------------------
Yuan Bai (白媛)

CSTL HPC System Management Development
Tel:86-10-82451401
E-mail: by...@cn.ibm.com
Address: IBM ZGC Campus. Ring Building 28,
ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, Haidian District,
Beijing P.R.China 100193

IBM环宇大厦
北京市海淀区东北旺西路8号,中关村软件园28号楼
邮编:100193
 
 
----- Original message -----
From: Kevin Keane <kke...@sandiego.edu>
To: xCAT Users Mailing list <xcat-user@lists.sourceforge.net>
Cc:
Subject: Re: [xcat-user] makedns-generated zones and their NS record
Date: Sat, Nov 4, 2017 12:23 AM
 
Thanks for that command. I deleted my management node, and used xcatconfig -m to recreate it. That gave me this:

Object name: hpcmn-test
    groups=__mgmtnode
    postbootscripts=otherpkgs
    postscripts=syslog,remoteshell,syncfiles
    setuptftp=yes
 
makenode -n did not add hpcmn-test to /etc/hosts at all
 
Good question about the background. We have a (working) cluster running RedHat 6.8. I'm not touching that one for now, but sometimes use it for reference, and eventually want to both rebuild it with RH 7.4, and also fully automate the setup to make it reproducible (in part as disaster recovery). For that future setup, I haven't fully made up my mind yet about the architecture. I might separate the management node from the user login node, for instance, or I might switch to statelite or stateful rather than stateless nodes.  Currently, I'm building my own "playground" to be sure I fully understand what I'm doing, and to try out these various options.

My goal is to have a 100% automated setup (using Ansible). That's why I want to avoid any manual configuration, and also why I try to accomplish as much as I can with chdef and chtab (I wrote an Ansible module for those), and - whenever I can - stay away from commands such as nodedef (which are harder to manage using Ansible), or manually configuring /etc/hosts.

Right now, I'm using virtual machines for the playground - just one management node and one compute node. The MN has a public network to the outside world at eth1 (192.168.20.2), a (simulated) high-speed interconnect network on eth0 (192.168.100.2) and a (simulated) lower-speed management network on eth2 (192.168.101.2). From what I understand, a fairly standard setup, except my virtual machines don't have IPMI/BMC.
 
The hostname of the management node is hpcmn-test.kkeane.sandiego.edu. This will also be associated with the public IP on eth1, and would also be how the system is being reached from the outside world.
 
The DNS server should only be listening on eth2.
 
This setup basically works to my satisfaction. Except for one thing: makedns fails. I assume makedns uses nsupdate under the hood. nsupdate uses the NS record in the zone to find the authoritative name server. The NS record would point to eth1, but my DNS server only listens on eth2.
 
 
On Thu, Nov 2, 2017 at 11:05 PM, Yuan Y Bai <by...@cn.ibm.com> wrote:
Hi Kevin,
 
To add the Management Node to the DB, use command:  xcatconfig -m ;
 
And I saw questions from your mail and tried to give a way to let it work, I realize I do not know your overall requirements about hosts/DNS clearly , could you summarize your original requirements? 
 
Let us see if we can do some enhancements here.
 
 
Best Regards
--------------------------------------------------
Yuan Bai (白媛)

CSTL HPC System Management Development
Tel:86-10-82451401
E-mail: by...@cn.ibm.com
Address: IBM ZGC Campus. Ring Building 28,
ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, Haidian District,
Beijing P.R.China 100193

IBM环宇大厦
北京市海淀区东北旺西路8号,中关村软件园28号楼
邮编:100193
 
 
----- Original message -----
From: Kevin Keane <kke...@sandiego.edu>
To: xCAT Users Mailing list <xcat-user@lists.sourceforge.net>
Cc:
Subject: Re: [xcat-user] makedns-generated zones and their NS record
Date: Fri, Nov 3, 2017 12:00 AM
 
Thank you, Yuan and Christian!
 
Yuan, I haven't tried it, but it seems that your suggestion would not actually solve my problem. Makehosts would generate, as you were saying, this line:

192.168.20.2 hpcmn-test-eth1 hpcmn-test.kkeane.sandiego.edu
 
But the DNS server should only listen on 192.168.101.2. That is why I my preferred solution would be to change the zones to have an NS record that actually points to the correct NIC: hpcmn-test.imm.sabre.kkeane.sandiego.edu
 
Christian - you are right. Putting the names into the "hostnames" field was a bit of a hack. It actually works if there is only one name in that field, but if there are multiple names in that field, makehosts seems to only use the last one. And it also seems to *replace* rather than add to the names that xCAT would ordinarily use.
 
 
On Wed, Nov 1, 2017 at 7:04 PM, Yuan Y Bai <by...@cn.ibm.com> wrote:
Hi Kevin,
 
I am glad that it does work.
 
For your question about makehosts:
In your example, the short names are all 'hpcmn-test',  since 'makehsots' generate both short name and long name for one nic ip, here you need to configure nics table for eth1 and eth0,  so that, makehosts can generate different short names for all nics. and you can add specific long name in nics.nicaliases. Take eth1 and eth2 as example:
 
1, configure hosts table for mangement ip:
"hpcmn-test","192.168.101.2",,,,
 
2, configure nics table for secondary nics:
"hpcmn-test","eth1!192.168.20.2",,,,,,"eth1!hpcmn-test.kkeane.sandiego.edu",,,,,
 
3, use the same networks table with yours.
 
4, use lsdef to see hpcmn-test node definition:
]# lsdef hpcmn-test
Object name: hpcmn-test
    groups=all
    ip=192.168.101.2
    nicaliases.eth1=hpcmn-test.kkeane.sandiego.edu
    nicips.eth1=192.168.20.2
    postbootscripts=otherpkgs
    postscripts=syslog,remoteshell,syncfiles
 
5. execute 'makehosts hpcmn-test', check /etc/hosts file:
192.168.101.2 hpcmn-test hpcmn-test.imm.sabre.kkeane.sandiego.edu
192.168.20.2 hpcmn-test-eth1 hpcmn-test.kkeane.sandiego.edu
 
Here makehosts create short name hpcmn-test-eth1 which is different short name from hpcmn-test. And the long name hpcmn-test.kkeane.sandiego.edu is what your wanted. If you define hosts table otherinterfaces, it should have different short name with the node name, so you have errors.
 
I also think Christian gave your another tips to work this, Thanks Christian.
 
Best Regards
--------------------------------------------------
Yuan Bai (白媛)

CSTL HPC System Management Development
Tel:86-10-82451401
E-mail: by...@cn.ibm.com
Address: IBM ZGC Campus. Ring Building 28,
ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, Haidian District,
Beijing P.R.China 100193

IBM环宇大厦
北京市海淀区东北旺西路8号,中关村软件园28号楼
邮编:100193
 
 
----- Original message -----
From: Kevin Keane <kke...@sandiego.edu>
To: xCAT Users Mailing list <xcat-user@lists.sourceforge.net>
Cc:
Subject: Re: [xcat-user] makedns-generated zones and their NS record
Date: Thu, Nov 2, 2017 12:00 AM
 
Thank you, Yuan and Christian!
 
I have actually pretty much done what both of you had suggested, and it does work - somewhat.
 
I have the following networks:

[root@hpcmn-test ~]# tabdump networks
#netname,net,mask,mgtifname,gateway,dhcpserver,tftpserver,nameservers,ntpservers,logservers,dynamicrange,staticrange,staticrangeincrement,nodehostname,ddnsdomain,vlanid,domain,mtu,comments,disable
"hpcpublic","192.168.20.0","255.255.255.0","eth1","192.168.20.1",,,,,,,,,,,,"sabre.kkeane.sandiego.edu","1500","HPC Public Network",
"hpccompute","192.168.100.0","255.255.255.0","eth0",,"192.168.100.2","<xcatmaster>",,,,"192.168.100.200-192.168.100.229",,,"/z/-compute/",,,"compute.sabre.kkeane.sandiego.edu","1500","HPC Compute Network",
"hpcmanagement","192.168.101.0","255.255.255.0","eth2","<xcatmaster>","192.168.101.2","<xcatmaster>",,,,"192.168.101.200-192.168.101.229",,,"/z/-imm/",,,"imm.sabre.kkeane.sandiego.edu","1500","HPC Management Network",
 
I also have defined hpcmn-test as a node (thanks, Christian, for the tip about unmanaged!):

Object name: hpcmn-test
    groups=all
    hostnames=hpcmn-test.kkeane.sandiego.edu hpcmn-test.imm.sabre.kkeane.sandiego.edu
    ip=192.168.101.2
    postbootscripts=otherpkgs
    postscripts=syslog,remoteshell,syncfiles
 
When I manually edit /etc/hosts as Yuan suggested, everything does work:
 
127.0.0.1 localhost
192.168.101.2 hpcmn-test hpcmn-test.imm.sabre.kkeane.sandiego.edu hpcmn-test.kkeane.sandiego.edu.
 
But there are two problems with this:
 
- hpcmn-test.kkeane.sandiego.edu really should be associated with the public IP (192.168.20.2 in my example)
- makehosts does not honor this name, even though it is in the node's hostnames attribute. Here is what makehosts produces:

127.0.0.1 localhost
192.168.101.2 hpcmn-test hpcmn-test.imm.sabre.kkeane.sandiego.edu 
 
 
On Wed, Nov 1, 2017 at 7:00 AM, Christian Caruthers <ccaruth...@lenovo.com> wrote:

I just had to deal with a similar issue. Try the following:

 

-          Fill out each network in the networks table, including domain name. Don’t worry about nameservers or gateway unless there is are external resources that should be used. NOTE defining an external nameserver in networks table will cause makedns to ignore any IPs in that subnet.

-          Define hpcmn-test as an unmanaged node in the cluster (nodeadd hpcmn-test groups=__Unmanaged or something similar)

-          Define its primary interface (the one whose domain matches site.domain value) in hosts.node/hosts.ip (this should also be what was deinfed in nodelist above)

-          Define all other interfaces in hosts.otherinterfaces with fqdn. For example:
“hpcmn-test”,”1.2.3.4”,,”hpctest.compute.sabre.kkeane.sandiego.edu:2.3.4.5,hpcmn-test.imm.sabre.kkeane.sandiego.edu:3.4.5.6”,,,,
The domain names listed for each IP in hosts should match the networks.domain entry for each respective subnet.

 

Regards,
Christian Caruthers
Lenovo Professional Services

Mobile: 757-289-9872

 

From: Kevin Keane [mailto:kke...@sandiego.edu]
Sent: Tuesday, October 31, 2017 4:21 PM
To: xCAT Users Mailing list <xcat-user@lists.sourceforge.net>
Subject: [xcat-user] makedns-generated zones and their NS record

 

I have a management node with three NICs, and want to use makedns to generate the DNS configuration.

My management node has three names, corresponding to the three NICs:

eth0: hpcmn-test.compute.sabre.kkeane.sandiego.edu
eth1: hpcmn-test.kkeane.sandiego.edu
eth2: hpcmn-test.imm.sabre.kkeane.sandiego.edu

 

hostname -f returns hpcmn-test.kkeane.sandiego.edu (which is name by which my management node will be known on our public network).

 

I have the DNS server listening only on eth2. Consequently, the zones in the DNS server should have the corresponding name server hpcmn-test.imm.sabre.kkeane.sandiego.edu. However, the zones generated by makedns -n instead use the hpcmn-test.kkeane.sandiego.edu name.

$TTL 86400
@ IN SOA hpcmn-test.kkeane.sandiego.edu. root.hpcmn-test.kkeane.sandiego.edu. ( 2017103100 10800 3600 604800 86400 )
  IN NS  hpcmn-test.kkeane.sandiego.edu.

This wreaks havoc with future calls to makedns; updates will time out because the DNS server is not listening at the IP address that corresponds to this name (and in fact, makehosts doesn't even put this name into /etc/hosts)

How can I get makedns to generate zones with an NS record that points to hpcmn-test.imm.sabre.kkeane.sandiego.edu ?

 

Thanks!

 

--

_______________________________________________________________________
Kevin Keane | Systems Architect | University of San Diego ITS | kke...@sandiego.edu
Maher Hall, 192 |5998 Alcalá Park | San Diego, CA 92110-2492 | 619.260.6859

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
xCAT-user mailing list
xcat-u...@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user
 



--

_______________________________________________________________________
Kevin Keane | Systems Architect | University of San Diego ITS | kke...@sandiego.edu
Maher Hall, 192 |5998 Alcalá Park | San Diego, CA 92110-2492 | 619.260.6859

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! https://urldefense.proofpoint.com/v2/url?u=http-3A__sdm.link_slashdot&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=uiTcPxjMR44SPRNNb6l_nA&m=qOGCyyozraYLXWyU1XgEcM6-vkB49PjaqtU3rHORky8&s=S6md-fzBhTt_BUdWEMoT-QGShPLpbyukOaEw_JgsRlE&e=
 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
xCAT-user mailing list
xcat-u...@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user
 



--

_______________________________________________________________________
Kevin Keane | Systems Architect | University of San Diego ITS | kke...@sandiego.edu
Maher Hall, 192 |5998 Alcalá Park | San Diego, CA 92110-2492 | 619.260.6859

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! https://urldefense.proofpoint.com/v2/url?u=http-3A__sdm.link_slashdot&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=uiTcPxjMR44SPRNNb6l_nA&m=tYo9sCZW1w9Raa05p0XLN1r2w63IE4XXyXfJw5HM0qs&s=Hdb21YvdwmfDcE1aj-1p2fe9xm6LIKfrqDG3_B5dkug&e=
 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user
 



--

_______________________________________________________________________
Kevin Keane | Systems Architect | University of San Diego ITS | kke...@sandiego.edu
Maher Hall, 192 |5998 Alcalá Park | San Diego, CA 92110-2492 | 619.260.6859

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! https://urldefense.proofpoint.com/v2/url?u=http-3A__sdm.link_slashdot&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=uiTcPxjMR44SPRNNb6l_nA&m=OEqm2b1d8YXVc5Mnjy4nAfE4cO3kKJ9yy5I82cH5K-Q&s=yM_QcaINRW5lqVIXXmu7JSW9gnLXgeblOna-2Tqh9PY&e=
 
 
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! https://urldefense.proofpoint.com/v2/url?u=http-3A__sdm.link_slashdot&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=uiTcPxjMR44SPRNNb6l_nA&m=CsBrrAXKCPv4awE5Kre4u1XyfaLEHoWBnQoE2AdMk6Q&s=X2-bfBt24Btr83qDqoO2Xad_CqqttfbtcmA2jm6apZg&e=
 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

Reply via email to