6565b3c140
We are seeing a problem on Fedora where it appears on hosts without configured ipv6 unbound chooses to send queries via the ipv6 forwarders and then returns DNS failures. An upstream issue has been filed [1], but it remains unclear exactly why this happens on Fedora but not other platforms. However, having ipv6 forwarders is not always correct. Not all our platforms have glean support for ipv6 configuration, nor do all our providers provide ipv6 transit. Therefore, ipv4 is the lowest common denominator across all platforms. Even those who are "ipv6 only" still provide ipv4 via NAT -- originally it was the unreliability of this NAT transit that lead to unbound being used in the first place. It should be noted that in most all jobs, the configure-unbound role [2] called from the base-job will re-write the forwarding information and configure ipv4/6 correctly during the base job depending on the node & provider support. Thus this only really affects some of the openstack-zuul-jobs/system-config integration jobs, where we start out without unbound configured because we're actually *testing* the unbound configuration role. An additional complication is that we want to keep backwards compatability and populate the settings if NODEPOOL_STATIC_NAMESERVER_V6 is explicitly set -- this is sometimes required if you building infra-style images and are within a corporate network that disallows outbound DNS queries for example. Thus by default only populate ipv4 forwarders, unless explicitly asked to add ipv6 with the new variable or the static v6 nameservers are explicitly specified. [1] https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4188 [2] http://git.openstack.org/cgit/openstack-infra/openstack-zuul-jobs/tree/roles/configure-unbound Change-Id: If060455e163266b2c3e72b4a2ac2838a61859496 |
||
|---|---|---|
| .. | ||
| cache-devstack | ||
| infra-package-needs | ||
| initialize-urandom | ||
| nodepool-base | ||
| openstack-repos | ||
| zuul-worker | ||
| README.rst | ||
| bindep-fallback.txt | ||
README.rst
Using diskimage-builder to build devstack-gate nodes
In addition to being able to just download and consume images that are the same as what run devstack-gate, it's easy to make your own for local dev or testing - or just for fun.
Install diskimage-builder
Install the dependencies:
sudo apt-get install kpartx qemu-utils curl python-yaml debootstrapInstall diskimage-builder:
sudo -H pip install diskimage-builderBuild an image
Building an image is simple, we have a script!
bash tools/build-image.shSee the script for environment variables to set distribution, etc. By default it builds an ubuntu-minimal based image. You should be left with a .qcow2 image file of your selected distribution.
Infra uses the -minimal build type for building Ubuntu/CentOS/Fedora. For example: ubuntu-minimal.
It is a good idea to set TMP_DIR to somewhere with
plenty of space to avoid the disappointment of a full-disk mid-way
through the script run.
While testing, consider exporting DIB_OFFLINE=true, to skip updating the cache.
Mounting the image
If you would like to examine the contents of the image, you can mount it on a loopback device using qemu-nbd.
sudo apt-get install qemu-utils
sudo modprobe nbd max_part=16
sudo mkdir -p /tmp/newimage
sudo qemu-nbd -c /dev/nbd1 /path/to/devstack-gate-precise.qcow2
sudo mount /dev/nbd1p1 /tmp/newimageor use the scripts
sudo apt-get install qemu-utils
sudo modprobe nbd max_part=16
sudo tools/mount-image.sh devstack-gate-precise.qcow2
sudo tools/umount-image.shOther things
It's a qcow2 image, so you can do tons of things with it. You can upload it to glance, you can boot it using kvm, and you can even copy it to a cloud server, replace the contents of the server with it and kexec the new kernel.