Problem:
I posted this a couple of weeks ago but got no response so I’m posting it again. My current workflow for certain types of host is to auto-provision them using Discovery, setting up a temporary name and IP address on a provisioning network. Once the host is provisioned we then do final configuration by setting up a TUN0 interface and assigning an address on the VPN network where the host will live. We also setup a permanent hostname on the TUN0 interface and move the “primary” interface to this new interface. We remove the temporary name and IP address for the previous interface that the host was provisioned on. The IP address is reclaimed, but the DNS entries are not removed.
Expected outcome:
DNS entries are removed once no longer valid.
Foreman and Proxy versions:
Foreman: 1.21.2
Foreman-Proxy: 1.21.2
Looks like a bug, can you turn on debugging and show entries from production.log? See the app/models/concerns/orchestration/dns.rb file for details how/when things are scheduled.
Wait! Do I understand it correctly you just remove the primary flag and save the original nic? That will not schedule DNS update, you need to remove the name from the NIC and leave it blank, then it should schedule removal. Input the same name to the new primary NIC to schedule readdition under the correct one.
Thanks for the reply!
Here’s what I’m doing:
- Move primary NIC to a new NIC with a new name
- Remove the old from the old NIC
I’ll attach logs sometime today.
Can you provide more accurate steps (CLI or UI does not matter). Primary is a flag, so you unselect it for the old one and set it for the new one? Then move the name? Or all in one transaction? Basically steps how to reproduce the misbehavior.
Our hosts are provisioned using the Auto-provision from the Discovery Plugin, and get a temporary name set based on the MAC address
From the UI:
- Add a tun0 interface, (this really doesn’t matter because it’s the same behavior regardless of the interface)
- Set the permanent hostname
- Select the same domain (we have a flat DNS)
- Select a subnet ( where the interface and permanent IP are located)
- Select managed, and primary (authorize the move)
- Edit the interface that the host was provisioned on removing the temporary name
- Submit
I believe the behavior is the same leaving the temporary name, and then removing after the submit, but I’ll have to test to confirm.
Also moving the primary without a name change fails because the name is duplicated, it might be related to this issue.
Ok thanks, try with debug level to see if we spot something. If this fails I will try to reproduce here in the labs, this should work.
Do you want the logs for the foreman host and the proxy?
here’s the production.log snippet for the relevant part
so I’m not seeing anything in the logs, I’m not sure that the operation is triggering the delete/remove for the old records.
Can you try this workflow:
- set hostname on the old NIC to blank and save
- create new NIC and mark it as primary and then save
- remove the old NIC
I am not sure if Foreman lets you do the first step tho.
It won’t because the primary NIC requires a name.
We’re also not removing the old NIC as it’s a physical NIC.
I thought I’d see if there’s been any luck replicating the problem? if there’s more information I can provide or any other workarounds I can try?
So finally found some time to reproduce these steps. My Foreman /develop/ schedules DNS record creation when I add the new tun0:
[app|D|da2|3fb] Scheduling new DHCP reservations for new-host.home.lan
[app|D|da2|3fb] Enqueued task 'dhcp_create_aa:bb:cc:dd:ee:f9' to 'Host::Managed Main' queue
[app|D|da2|3fb] Scheduling new DNS entries
[app|D|da2|3fb] Enqueued task 'Create IPv4 DNS record for new-host.home.lan' to 'Host::Managed Main' queue
[app|D|da2|3fb] Enqueued task 'Create Reverse IPv4 DNS record for new-host.home.lan' to 'Host::Managed Main' queue
So far this is correct, the host has two IP addresses and two DNS entries. The name remains the same. Now after step (6) when I delete the (temporary) name it is a bit fuzzy.
[app|D|da2|4b8] Detected a changed required for DHCP record
[app|D|da2|4b8] Enqueued task 'dhcp_remove_aa:bb:cc:dd:ee:f2' to 'Host::Managed Main' queue
[app|D|da2|4b8] Processing task 'Remove DHCP Settings for kent-garica.home.lan' from 'Host::Managed Main'
[app|I|da2|4b8] Delete DHCP reservation kent-garica.home.lan for kent-garica.home.lan-aa:bb:cc:dd:ee:f2/192.168.99.172
[app|I|da2|4b8] Processed 1 tasks from queue 'Host::Managed Main', completed 1/1
[app|D|da2|4b8] Task 'Remove DHCP Settings for kent-garica.home.lan' *completed*
At this point, Foreman orchestrate DHCP record creation removal which is kind of weird, but in the current design interface must have a (host) name in order to keep a DHCP reservation. If name is deleted (set to blank) DHCP reservation is actually removed.
For the DNS deletion, we have a bug in our codebase which I identified and fixed locally. I am gonna create a patch for you which will make the DNS removal work when hostname is set to blank. However keep the DHCP issue in mind, it is a known limitation.
Thanks for the follow through on this!
Here is your patch, report back on github please (positive or negative). https://github.com/theforeman/foreman/pull/6707
The fix works thanks!