How to configure dnsresources in MaaS for virtual IPs?

we have an OpenStack installation (not with juju) on MaaS managed baremetals. For some services we have virtual IPs managed by keepalived between multiple servers. MaaS manages the DNS entries for these IPs.

Our problem is, the dnsresources in MaaS get deleted when we reboot a server.

These are the logs for MaaS after a reboot:

2018-10-11 06:25:22 maasserver.region_controller: [info] Reloaded DNS configuration: 
     * ip 10.1.1.5 connected to server2 on bond2.100
     * ip 10.1.1.5 disconnected from server1 on bond2.100
     * ip 10.1.1.4 connected to server2 on bond2.100
     * ip 10.1.1.4 disconnected from server1 on bond2.100
     * ip 10.0.0.1 connected to server2 on bond0
     * ip 10.0.0.1 disconnected from server1 on bond0
...
2018-10-11 06:25:33 maasserver.region_controller: [info] Reloaded DNS configuration: 
     * zone dc.example.org removed resource @
     * ip 10.1.1.5 disconnected from server2 on bond2.100
     * ip 10.1.1.5 unlinked from resource @ on zone dc.example.org
     * ip 10.1.1.4 disconnected from server2 on bond2.100
     * zone dc.example.org removed resource 00-maas
     * zone dc.example.org removed resource rabbitmq
     * zone dc.example.org removed resource maas
     * zone dc.example.org removed resource alertmanager
     * zone dc.example.org removed resource grafana
     * zone dc.example.org removed resource kibana
     * zone dc.example.org removed resource prometheus
     * ip 10.0.0.1 disconnected from server2 on bond0
     * ip 10.0.0.1 unlinked from resource 00-maas on zone dc.example.org
     * ip 10.0.0.1 unlinked from resource rabbitmq on zone dc.example.org
     * ip 10.0.0.1 unlinked from resource maas on zone dc.example.org
     * ip 10.0.0.1 unlinked from resource grafana on zone dc.example.org
     * ip 10.0.0.1 unlinked from resource kibana on zone dc.example.org
     * ip 10.0.0.1 unlinked from resource alertmanager on zone dc.example.org
     * ip 10.0.0.1 unlinked from resource prometheus on zone dc.example.org

The IP 10.0.0.1 is from a reserved subnet, so not managed by MaaS. The IPs .4 and .5 are static.

From my understanding of the logs, MaaS notices that an IP has moved to another server. But why does it than delete dnsresources which are assigned to these IPs?

The dnsresources are A records.

Hi Christian,

How did you create this IP address? How does MAAS “manage” it? Does it do it over DHCP ?

That said, given that this is a virtual IP and doesn’t really belong to a machine/MAC address in MAAS, I would “reserve” this IP address instead, for example:

maas admin ipaddresses reserve subnet=192.168.100.0/24 ip=192.168.100.254 hostname=virtual-ip.maasdomain

The above results in:

  • MAAS will reserve the IP without being bound to a specific MAC. Makes it perfect for VIPs.
  • Since hostname is specified, a DNS record will be created.
  • A reservation of this sort is only possible for IPs outside of the dynamic range to ensure DHCP.

There are a couple of different ways in which MAAS notices IP address changes:

  • MAAS controllers take note of any connectivity changes (to themselves) every ~30 seconds, such as IP addresses assigned directly to MAAS controllers. (MAAS also attempts to determine network and VLAN topology, but that’s separate from DNS.)
  • MAAS network discovery takes note of IP addresses observed to be in-use on the network (or moved to another MAC) for presentation in the discovery panel, and to de-prioritize the automatic assignment of IP addresses known to recently be in use. This is separate from DNS; we don’t want random network traffic to influence how DNS operates.

If MAAS is idle, the portion of the network model that influences DNS should be relatively static. For example, when you deploy a machine and an IP address is assigned, a DNS record is created which should persist for the life of the deployment. Likewise, you can use the MAAS API to assign static IP addresses, create devices in MAAS, or manually create DNS records. All of these things should result in relatively long-lived addresses (depending on what you’re doing with MAAS).

Can we assume that the logs you posted are relevant to MAAS controllers, or is this something else?

Additionally, if you want to create static DNS records that are not affected by the overall MAAS network model, you could use the DNS APIs (and/or web UI) for that.

Hi,

we created the DNS entries with this MaaS command:
maas admin dnsresources create fqdn=host.dc.example.org ip_addresses=VIP

The VIP is part of a reserved net range which is not managed by MaaS DHCP. But the IP is bound to one of three MaaS servers.

The WebUI does not offer the possibility to create DNS entries, only domains. We are using MaaS 2.3.5.

From the logs and the above answers, I assume MaaS recognizes IP changes on its servers and deletes the DNS entries.

Is it possible to deactivate the MaaS network probing?

Hi Christian,

So what seems to be happening here is that, since the IP is bouncing across controllers, the IP gets deleted and disassociated with one controller, and then added to another controller. This, effectively causes MAAS to clean whatever DNS records were manually created against this IP.

That said, the behavior of MAAS automatically discovering/associating/disassociating IPs from controllers is not something that you can disable as this is part of the core functionality.

What I do see, however, is two areas where to improve:

  1. If the user has created a DNS entry for a given IP address, this entry shouldn’t be deleted if the IP gets disassociated/disassociated from one machine to another. I would think that:

    • It would be nice to also highlight that there’s a DNS entry that has no association if no machine exist.
  2. Model Virtual IP address or ensure that user-reserved addresses are allowed to be used for controllers without automatically changing ownership of a user-reserved. Doing so would ensure the IP continues to be user-reserved but a controller can use it and keep the associations to any DNS entry created by the user.

Christian, please file a bug report providing all relevant information and what your expectation would be in: https://bugs.launchpad.net/maas/+filebug