15:45:23 hrm... 15:46:16 after updating to recent (past 2-3 weeks) smartos, I no longer am able to incrementally build 15:46:56 before if I say was working on a driver, I could bldenv illumos.sh; dmake -e install the driver into the proto area, rm proto/buildstamp, and gmake live to get a new dated image 15:47:03 now that always does a full illumos build 15:47:53 (so 5 minutes now turns into 40) 15:48:04 not sure why yet 22:51:03 Hi folks. I'm working on getting the first Triton cloud set up for my company, and hit a small snag toward the end of building the headnode. I'm running the post-setup command to create common-external-nics and am getting this error: 22:51:14 [root@headnode (us-west-1) ~]# sdcadm post-setup common-external-nics 22:51:14 sdcadm post-setup common-external-nics: error: No backends available in pool 251ffee2-5788-431c-89e5-ca6910058bb6 (napi.us-west-1.emeraldbroadband.net) 22:51:44 sdc-healthcheck reports that everything is up. 23:01:29 Hmm, sdcadm self-update also fails: [root@headnode (us-west-1) ~]# sdcadm self-update --latest 23:01:29 sdcadm self-update: error: Binder service seems to be down. Please review it before proceeding: sapi client error: No backends available in pool 6cf5082f-bf3b-40f3-a758-c50d2d2bda9d (sapi.us-west-1.emeraldbroadband.net) 23:08:36 Seems like it's just sdcadm that's acting up so far - sdc-healthcheck works, as does sdc-login (e.g., sdc-login sapi). But every subcommand of sdcadm fails. Any ideas on what I could try? 23:10:23 How big is your public address pool? `external` needs at least enough addresses to support the zones in question. 23:10:45 It's a /22 23:13:44 https://gist.github.com/justindthomas/8a91befb9df944038df919a2458313b3 23:24:23 May be nameserver related. I had added two nameservers during the install process. The commands were succeeding sporadically, and I noticed that /etc/resolv.conf on the HN includes the binder address and the two I added. I removed the two that I had specified and commands seem to be working now. 23:24:59 Odd, though. Why does the installer ask for DNS if it breaks things? 23:29:04 jdt: check your moray service to see if it's running properly 23:29:54 Okay, will do. sdc-healthcheck indicated it was fine, but I didn't dig deeper than that. 23:30:12 Also, if you have an external name server that replies with anything other than NXDOMAIN for your triton dns suffix, that's going to cause a problem. 23:30:40 Oh, got it. Definitely do have that. 23:30:57 I'll rebuild it with a dedicated suffix. 23:31:03 Oh, you do? 23:31:27 Oh, well not the full "us-west-1" 23:31:37 Querying from here, it doesn't look like you do, but sometimes things are different internally. 23:32:02 So, the DC is "us-west-1.emeraldbroadband.net" and that wouldn't resolve to anything. But "emeraldbroadband.net" does. 23:32:12 That's fine 23:32:20 Cool 23:32:39 but if you have a record like *.emeraldbroadband.net that will reply for anything, that will cause a problem 23:32:51 Okay, yeah, I think we're good there. 23:35:19 Actually, I take that back. I do get NS records: https://gist.github.com/justindthomas/1f654d955c61f14bae26add5149d5d94 23:35:23 (internally) 23:36:14 And 10.10.60.103 is the DNS server you configured? 23:36:22 Yeah, one of them. 23:36:50 OK, yeah. On line 7, it says status: NOERROR 23:36:57 That's what's wrong. 23:37:26 Okay, I'll find a way around that. Thanks for the tip. 23:38:00 If you do the same query from your workstation with 8.8.8.8 as the DNS server you'll see the status is NXDOMAIN, that's what we'd expect. 23:38:10 Got it. 23:38:56 NOERROR means the operation was successful with a valid reply. 23:39:26 NXDOMAIN means "Uhhhh, dunno, maybe ask a different dns server" 23:40:06 So what we'd expect is to get NXDOMAIN, then the query is automatically retried against the next server, which will eventually land on binder, which will give us the correct response. 23:40:07 If I follow that through to the specified server (.69), I get a REFUSED because that server isn't configured to respond to requests from my new subnets. 23:40:21 I do get a NXDOMAIN from that server for us-west-1 when I query it from an allowed subnet. 23:40:36 Ok, so maybe that's all you're missing then. 23:40:41 I'll try that. 23:50:06 Is there a way to adjust those nameservers post-install? I'm still getting NOERROR on the first level recursers, but I can get proper NXDOMAIN responses from the referred servers (which also recurse for internal subnets). 23:52:37 I can adjust the config on the usbkey, but do I also need to adjust anything in the database? 23:55:47 It's on the usb and in sapi 23:56:11 And it might be on anything that has an external interface 23:56:35 Okay, thanks.