Best way to update dns config of ovirt node
Hello, supposing to have ovirt-ng node 4.2.6 and that ovirtmgmt config regarding DNS servers has to be updated, what is the correct way to proceed? Thanks, Gianluca
On Mon, Sep 10, 2018 at 5:53 PM, Gianluca Cecchi <gianluca.cecchi@gmail.com> wrote:
Hello, supposing to have ovirt-ng node 4.2.6 and that ovirtmgmt config regarding DNS servers has to be updated, what is the correct way to proceed?
DNS should be editable from the network attachment window. They are applied only for the network which "owns" the default-route for that host. The values are added through ifcfg, therefore its logic of adding it to resolv.conf is used.
Thanks, Gianluca
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community- guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/ message/KAYTA6Y34ONCP3YVXL6ST6NZY7WE32CW/
On Thu, Sep 13, 2018 at 7:53 AM Edward Haas <ehaas@redhat.com> wrote:
On Mon, Sep 10, 2018 at 5:53 PM, Gianluca Cecchi < gianluca.cecchi@gmail.com> wrote:
Hello, supposing to have ovirt-ng node 4.2.6 and that ovirtmgmt config regarding DNS servers has to be updated, what is the correct way to proceed?
DNS should be editable from the network attachment window.
Thanks for your answer Edward. What do you mean with "network attachment window"? a) Network > Networks, then select ovirtmgmt line and edit, putting DNS info (that is empty right now) or b) Compute > Hosts, then select host1 line, click on host1 name, then Network Interfaces and Setup Host Networks. then edit ovirtmgmt > DNS Configuration (that is empty right now) or what? In my case they are both empty, but when I installed hosts I configured them
They are applied only for the network which "owns" the default-route for that host.
This is typically ovirtmgmt network, as in my case, I think.
The values are added through ifcfg, therefore its logic of adding it to resolv.conf is used.
I have also opened a case for another environment where I'm using RHV-H hosts, that should be quite similar to ovirt-node-ng In that environment one of the original M$ based dns server was changed (that was the one I had as primary) creating some latency problems. Using setup host networks generated big problems, especially if doing on the host where hosted engine was running. I verified that a safe way to modify DNS config is: - evacuate VMs from host - put host into maintenance - change dns settings in setup host networks - reboot the host - activate the host This way the "persistent" files are initially updated and then at the reboot the ifcfg and resolv.conf files are correctly updated If you are interested my case is 02179117 Also in that environment the config pages (hosts and logical network of cluster) had empty DNS entries.... I have not understood if the hosts in "setup host network" (and also ovirtmgmt logical network) having empty DNS config is a bug or it's me not understanding the workflow when adding a host to the oVirt environment. Gianluca
On Fri, Sep 14, 2018 at 9:43 AM, Gianluca Cecchi <gianluca.cecchi@gmail.com> wrote:
On Thu, Sep 13, 2018 at 7:53 AM Edward Haas <ehaas@redhat.com> wrote:
On Mon, Sep 10, 2018 at 5:53 PM, Gianluca Cecchi < gianluca.cecchi@gmail.com> wrote:
Hello, supposing to have ovirt-ng node 4.2.6 and that ovirtmgmt config regarding DNS servers has to be updated, what is the correct way to proceed?
DNS should be editable from the network attachment window.
Thanks for your answer Edward. What do you mean with "network attachment window"? a) Network > Networks, then select ovirtmgmt line and edit, putting DNS info (that is empty right now) or b) Compute > Hosts, then select host1 line, click on host1 name, then Network Interfaces and Setup Host Networks. then edit ovirtmgmt > DNS Configuration (that is empty right now) or what?
I meant (b). Option (a) is there to apply the same DNS entries over all hosts for that specific network. I do not see a problem of using both. If you add a new host, Engine will read the existing DNS entries from the host and persist them. (you will see them in the setup-networks window (b)). Upgraded systems (hosts have been added before DNS configuration was available) will have it empty and you will need to explicitly set it.
In my case they are both empty, but when I installed hosts I configured them
They are applied only for the network which "owns" the default-route for that host.
This is typically ovirtmgmt network, as in my case, I think.
Yes, but one can change the management network (which owns the default-route).
The values are added through ifcfg, therefore its logic of adding it to resolv.conf is used.
I have also opened a case for another environment where I'm using RHV-H hosts, that should be quite similar to ovirt-node-ng In that environment one of the original M$ based dns server was changed (that was the one I had as primary) creating some latency problems. Using setup host networks generated big problems, especially if doing on the host where hosted engine was running. I verified that a safe way to modify DNS config is: - evacuate VMs from host - put host into maintenance - change dns settings in setup host networks - reboot the host - activate the host
I do not see a reason to pass all these steps unless we have a bug.
The DNS entry are supposed to be applied immediately through ifcfg, rebooting is an precaution to make sure it has been correctly persisted. And if the management network is not serving VM/s, then no VM evacuation is needed. I guess the risk here is the management network editing, which is sensitive (Engine looses connectivity and unexpected behaviour may occur). If there is a problem with this scenario, I would consider it a bug.
This way the "persistent" files are initially updated and then at the reboot the ifcfg and resolv.conf files are correctly updated If you are interested my case is 02179117
I could not find such a BZ.
Also in that environment the config pages (hosts and logical network of cluster) had empty DNS entries....
I have not understood if the hosts in "setup host network" (and also ovirtmgmt logical network) having empty DNS config is a bug or it's me not understanding the workflow when adding a host to the oVirt environment.
As far as I remember, when adding a host (that reports the nameservers), the DNS entries learned are added to the Engine config and used when sending the first setup-networks to VDSM. But there were several iterations of this flow, perhaps it changed (will check).
Gianluca
On Sun, Sep 16, 2018 at 7:56 AM Edward Haas <ehaas@redhat.com> wrote:
On Fri, Sep 14, 2018 at 9:43 AM, Gianluca Cecchi < gianluca.cecchi@gmail.com> wrote:
On Thu, Sep 13, 2018 at 7:53 AM Edward Haas <ehaas@redhat.com> wrote:
On Mon, Sep 10, 2018 at 5:53 PM, Gianluca Cecchi < gianluca.cecchi@gmail.com> wrote:
Hello, supposing to have ovirt-ng node 4.2.6 and that ovirtmgmt config regarding DNS servers has to be updated, what is the correct way to proceed?
DNS should be editable from the network attachment window.
Thanks for your answer Edward. What do you mean with "network attachment window"? a) Network > Networks, then select ovirtmgmt line and edit, putting DNS info (that is empty right now) or b) Compute > Hosts, then select host1 line, click on host1 name, then Network Interfaces and Setup Host Networks. then edit ovirtmgmt > DNS Configuration (that is empty right now) or what?
I meant (b). Option (a) is there to apply the same DNS entries over all hosts for that specific network. I do not see a problem of using both.
OK. What is it expected to happen if for example I have 4 active nodes and use a)? Possibly all of them loosing ovirtmgmt connection with possibly dangerous effects?
If you add a new host, Engine will read the existing DNS entries from the host and persist them. (you will see them in the setup-networks window (b)).
The strange thing is that apparently it made what you say (from a files content point of view) but there is no match if you go into configuration inside web admin gui pages, neither at cluster level, nor at host level. This was what seemed strange to me. Please notice that these hosts were installed in 4.1.x and then update several times up to 4.2.6. So it could be the case of some sort of bug in previous versions and not if I plain install right now in 4.2.6 (not tested)
Upgraded systems (hosts have been added before DNS configuration was available) will have it empty and you will need to explicitly set it.
It is not my case.
The values are added through ifcfg, therefore its logic of adding it to resolv.conf is used.
I have also opened a case for another environment where I'm using RHV-H hosts, that should be quite similar to ovirt-node-ng In that environment one of the original M$ based dns server was changed (that was the one I had as primary) creating some latency problems. Using setup host networks generated big problems, especially if doing on the host where hosted engine was running. I verified that a safe way to modify DNS config is: - evacuate VMs from host - put host into maintenance - change dns settings in setup host networks - reboot the host - activate the host
I do not see a reason to pass all these steps unless we have a bug.
The DNS entry are supposed to be applied immediately through ifcfg, rebooting is an precaution to make sure it has been correctly persisted. And if the management network is not serving VM/s, then no VM evacuation is needed.
If host is not reachable through ovirtmgmt doesn't fencing take place? And so indirect consequence a move of the VMs it had in charge?
I guess the risk here is the management network editing, which is sensitive (Engine looses connectivity and unexpected behaviour may occur). If there is a problem with this scenario, I would consider it a bug.
This way the "persistent" files are initially updated and then at the reboot the ifcfg and resolv.conf files are correctly updated If you are interested my case is 02179117
I could not find such a BZ.
This is a Red Hat case number, not a bugzilla entry. Because I had the same kind of problems on oVirt based environments and RHV based ones that are present. So for RHV I opened a case. As a consequence of the case, it was created this solution that I have not tested yet: https://access.redhat.com/solutions/3613731 Please note that it requires RH account, but in my opinion should be of public domain or similar information put inside oVirt documentation pages. It could happen having to change DNS and it can be useful to know the recommended workflow for that
As far as I remember, when adding a host (that reports the nameservers), the DNS entries learned are added to the Engine config and used when sending the first setup-networks to VDSM. But there were several iterations of this flow, perhaps it changed (will check).
Note also my comments regarding environment installed in 4.1 and then updated to 4.2 Thanks Gianluca
On Mon, Sep 17, 2018 at 11:50 AM, Gianluca Cecchi <gianluca.cecchi@gmail.com
wrote:
On Sun, Sep 16, 2018 at 7:56 AM Edward Haas <ehaas@redhat.com> wrote:
On Fri, Sep 14, 2018 at 9:43 AM, Gianluca Cecchi < gianluca.cecchi@gmail.com> wrote:
On Thu, Sep 13, 2018 at 7:53 AM Edward Haas <ehaas@redhat.com> wrote:
On Mon, Sep 10, 2018 at 5:53 PM, Gianluca Cecchi < gianluca.cecchi@gmail.com> wrote:
Hello, supposing to have ovirt-ng node 4.2.6 and that ovirtmgmt config regarding DNS servers has to be updated, what is the correct way to proceed?
DNS should be editable from the network attachment window.
Thanks for your answer Edward. What do you mean with "network attachment window"? a) Network > Networks, then select ovirtmgmt line and edit, putting DNS info (that is empty right now) or b) Compute > Hosts, then select host1 line, click on host1 name, then Network Interfaces and Setup Host Networks. then edit ovirtmgmt > DNS Configuration (that is empty right now) or what?
I meant (b). Option (a) is there to apply the same DNS entries over all hosts for that specific network. I do not see a problem of using both.
OK. What is it expected to happen if for example I have 4 active nodes and use a)? Possibly all of them loosing ovirtmgmt connection with possibly dangerous effects?
I consider touching the management network always as a risk, but it should work if you do not have VM/s on it. I do not recall if changing the DNS on the Network immediately causes setup-network commands to be sent to all hosts.
If you add a new host, Engine will read the existing DNS entries from the host and persist them. (you will see them in the setup-networks window (b)).
The strange thing is that apparently it made what you say (from a files content point of view) but there is no match if you go into configuration inside web admin gui pages, neither at cluster level, nor at host level. This was what seemed strange to me. Please notice that these hosts were installed in 4.1.x and then update several times up to 4.2.6. So it could be the case of some sort of bug in previous versions and not if I plain install right now in 4.2.6 (not tested)
Upgraded systems (hosts have been added before DNS configuration was available) will have it empty and you will need to explicitly set it.
It is not my case.
We will have to check this then. We may have changed the policy on this issue due to other complaints. (An argument that we should not enforce DNS entries if not explicitly requested sounds valid to me)
The values are added through ifcfg, therefore its logic of adding it to resolv.conf is used.
I have also opened a case for another environment where I'm using RHV-H hosts, that should be quite similar to ovirt-node-ng In that environment one of the original M$ based dns server was changed (that was the one I had as primary) creating some latency problems. Using setup host networks generated big problems, especially if doing on the host where hosted engine was running. I verified that a safe way to modify DNS config is: - evacuate VMs from host - put host into maintenance - change dns settings in setup host networks - reboot the host - activate the host
I do not see a reason to pass all these steps unless we have a bug.
The DNS entry are supposed to be applied immediately through ifcfg, rebooting is an precaution to make sure it has been correctly persisted. And if the management network is not serving VM/s, then no VM evacuation is needed.
If host is not reachable through ovirtmgmt doesn't fencing take place? And so indirect consequence a move of the VMs it had in charge?
Correct, but as far as I know it is not immediate. There is a grace period in which Engine (and VDSM) attempts to confirm connectivity. VDSM will also (try to) revert back to the previous working configuration in a "revert" action. It may also be a matter of the level of "defence" needed. As mentioned, there is a risk in touching the management network and your mentioned steps are a way to reduce the risks. But lets get another opinion on this, I may be wrong here.
I guess the risk here is the management network editing, which is sensitive (Engine looses connectivity and unexpected behaviour may occur). If there is a problem with this scenario, I would consider it a bug.
This way the "persistent" files are initially updated and then at the reboot the ifcfg and resolv.conf files are correctly updated If you are interested my case is 02179117
I could not find such a BZ.
This is a Red Hat case number, not a bugzilla entry. Because I had the same kind of problems on oVirt based environments and RHV based ones that are present. So for RHV I opened a case. As a consequence of the case, it was created this solution that I have not tested yet: https://access.redhat.com/solutions/3613731
Please note that it requires RH account, but in my opinion should be of public domain or similar information put inside oVirt documentation pages. It could happen having to change DNS and it can be useful to know the recommended workflow for that
As far as I remember, when adding a host (that reports the nameservers), the DNS entries learned are added to the Engine config and used when sending the first setup-networks to VDSM. But there were several iterations of this flow, perhaps it changed (will check).
Note also my comments regarding environment installed in 4.1 and then updated to 4.2
Thanks Gianluca
On Tue, 25 Sep 2018 08:19:55 +0300 Edward Haas <ehaas@redhat.com> wrote:
On Mon, Sep 17, 2018 at 11:50 AM, Gianluca Cecchi <gianluca.cecchi@gmail.com
wrote:
On Sun, Sep 16, 2018 at 7:56 AM Edward Haas <ehaas@redhat.com> wrote:
[...] [...] [...] [...] [...] [...] [...] [...] [...]
Thanks for your answer Edward. What do you mean with "network attachment window"? a) Network > Networks, then select ovirtmgmt line and edit, putting DNS info (that is empty right now) or b) Compute > Hosts, then select host1 line, click on host1 name, then Network Interfaces and Setup Host Networks. then edit ovirtmgmt > DNS Configuration (that is empty right now) or what?
I meant (b). Option (a) is there to apply the same DNS entries over all hosts for that specific network. I do not see a problem of using both.
OK. What is it expected to happen if for example I have 4 active nodes and use a)? Possibly all of them loosing ovirtmgmt connection with possibly dangerous effects?
I consider touching the management network always as a risk, but it should work if you do not have VM/s on it. I do not recall if changing the DNS on the Network immediately causes setup-network commands to be sent to all hosts.
Changing the DNS on the Network does immediately causes setup-network commands to be sent to all hosts, after a big warning is shown in web UI.
[...]
The strange thing is that apparently it made what you say (from a files content point of view) but there is no match if you go into configuration inside web admin gui pages, neither at cluster level, nor at host level. This was what seemed strange to me. Please notice that these hosts were installed in 4.1.x and then update several times up to 4.2.6. So it could be the case of some sort of bug in previous versions and not if I plain install right now in 4.2.6 (not tested)
Upgraded systems (hosts have been added before DNS configuration was available) will have it empty and you will need to explicitly set it.
It is not my case.
We will have to check this then. We may have changed the policy on this issue due to other complaints. (An argument that we should not enforce DNS entries if not explicitly requested sounds valid to me)
It is possible to overwrite the DNS per host. This will be reported as 'out-of-sync'. You can explicitly mark the DNS setting of a host as synchronized to the network.
[...] [...] [...]
The DNS entry are supposed to be applied immediately through ifcfg, rebooting is an precaution to make sure it has been correctly persisted. And if the management network is not serving VM/s, then no VM evacuation is needed.
If host is not reachable through ovirtmgmt doesn't fencing take place? And so indirect consequence a move of the VMs it had in charge?
Correct, but as far as I know it is not immediate. There is a grace period in which Engine (and VDSM) attempts to confirm connectivity. VDSM will also (try to) revert back to the previous working configuration in a "revert" action. It may also be a matter of the level of "defence" needed. As mentioned, there is a risk in touching the management network and your mentioned steps are a way to reduce the risks. But lets get another opinion on this, I may be wrong here.
Maybe I did not get the point here. Except a scenario of adding a host with FQDN instead of IP address to host engine, I am not aware of a scenario to make the host unreachable for engine by changing the DNS on the hosts.
[...] [...] [...]
This is a Red Hat case number, not a bugzilla entry. Because I had the same kind of problems on oVirt based environments and RHV based ones that are present. So for RHV I opened a case. As a consequence of the case, it was created this solution that I have not tested yet: https://access.redhat.com/solutions/3613731
Please note that it requires RH account, but in my opinion should be of public domain or similar information put inside oVirt documentation pages. It could happen having to change DNS and it can be useful to know the recommended workflow for that
[...] [...] [...] [...]
Note also my comments regarding environment installed in 4.1 and then updated to 4.2
Thanks Gianluca
participants (3)
-
Dominik Holler -
Edward Haas -
Gianluca Cecchi