VMware Integrate OpenStack returns errors looking up a domain while configuring AD
Article ID: 339888
Updated On:
Products
VMware
VMware Integrated OpenStack
Issue/Introduction
Symptoms:
- In VMware Integrated Openstack 6.x or 7.x
- Private AD and DNS in use
- Configuring AD as a day-1 operation and fails with:
BddException, errorId BDD.INVALID_PARAMETER args
Environment
VMware Integrated OpenStack 6.x
VMware Integrated Openstack 7.x
VMware Integrated Openstack 7.x
Cause
- Inside the pod, valid-keystone-keystone1-validators-xxxxx, the fully qualified domain name of the Active Directory server cannot be resolved.
For example:
kubectl exec -it valid-keystone-keystone1-validators-xxxxx nc corp.local 389 -n openstack
You will see similar to:
Error: Couldn't resolve host "corp.local"
command terminated with exit code 1
command terminated with exit code 1
Resolution
The DNS server should be corrected so that name resolution for the Active Directory server(s) is functioning properly.
Workaround:
After modification, your configmap looks similar to:
corp.local:53 { <<<<<<<<<<<<<<<<<<<<< active directory domain name
errors
cache 30
reload
loop
bind 169.254.169.10
forward . <your private nameserver IP> {
force_tcp
}
prometheus :9256
}
.:53 {
errors
cache 30
reload
loop
bind 169.254.169.10
forward . /etc/resolv.conf {
force_tcp
}
prometheus :9256
}
Note: You should only modify "forward" line for the domain in question.
Workaround:
- Edit configmap of node-local-dns to add the server:
kubectl edit cm node-local-dns --namespace=kube-system
After modification, your configmap looks similar to:
corp.local:53 { <<<<<<<<<<<<<<<<<<<<< active directory domain name
errors
cache 30
reload
loop
bind 169.254.169.10
forward . <your private nameserver IP> {
force_tcp
}
prometheus :9256
}
.:53 {
errors
cache 30
reload
loop
bind 169.254.169.10
forward . /etc/resolv.conf {
force_tcp
}
prometheus :9256
}
Note: You should only modify "forward" line for the domain in question.
- Stop coredns pod to make sure the changes in configmap take effect.
kubectl get pods --namespace=kube-system -l k8s-app=kube-dns
kubectl delete pods coredns-fb8b8dccf-XXXXX coredns-fb8b8dccf-YYYYY --namespace=kube-system
Note: Then the new DNS server will work for your private domain names.
kubectl delete pods coredns-fb8b8dccf-XXXXX coredns-fb8b8dccf-YYYYY --namespace=kube-system
Note: Then the new DNS server will work for your private domain names.
Feedback
Yes
No
Powered by
