Page MenuHomePhabricator
Create Task
Maniphest T104521

Support reverse dns for public labs IPs
Closed, ResolvedPublic
Actions

Description

As per https://tools.ietf.org/html/rfc2317

Details

SubjectRepoBranchLines +/-
Delegate 208.80.155.128/25 (labs instances) PTR records to labs-ns* so they can be managed automaticallyoperations/dnsmaster+131 -8
Puppetise script to manage labs floating IP PTR recordsoperations/puppetproduction+278 -2
dnsrecursor labsaliaser: Set up instance-$instance.$project.wmflabs.org domains for every instance with a public IPoperations/puppetproduction+41 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

Andrew created this task.Jul 2 2015, 12:20 AM
Andrew raised the priority of this task from to Needs Triage.
Andrew updated the task description. (Show Details)
Andrew added projects: Cloud-VPS, Cloud-Services.
Andrew added subscribers: Aklapper, Andrew.
Krenair added a subscriber: Krenair.Jul 2 2015, 12:21 AM
scfc merged a task: T64887: No reverse DNS entries for public IPs.Jul 2 2015, 1:38 PM
scfc added subscribers: scfc, Petrb, coren and 2 others.
chasemp triaged this task as Medium priority.Nov 30 2015, 4:31 PM
chasemp added a subscriber: chasemp.
Krenair removed a parent task: T104520: Switch to horizon/designate/pdns/mysql for labs public dns.Apr 22 2016, 3:02 PM
Krenair added a subtask: T124184: Switch to using Horizon/Designate for labs public dns.
AlexMonk-WMF edited subscribers, added: AlexMonk-WMF; removed: wikibugs-l-list, Krenair.EditedJul 17 2016, 9:34 PM

Here's what I propose, to be added to labs dnsrecursor in a manner similar to labsaliaser (actually, maybe part of labsaliaser?). All projects should have existing $project.wmflabs.org DNS zones.
For every $instance in every $project with a floating IP $IP:

  • $IP IN PTR instance-$instance.$project.wmflabs.org
  • instance-$instance.$project.wmflabs.org IN A $IP

We'll also need to insert entries at the bottom of templates/155.80.208.in-addr.arpa to delegate these records to labs DNS servers so they can be updated automatically.

gerritbot added a subscriber: gerritbot.Jul 18 2016, 2:08 AM

Change 299503 had a related patch set uploaded (by Alex Monk):
dnsrecursor labsaliaser: Set up instance-$instance.$project.wmflabs.org domains for every instance with a public IP

https://gerrit.wikimedia.org/r/299503

gerritbot added a project: Patch-For-Review.Jul 18 2016, 2:08 AM
Krenair mentioned this in rOPUPdcc1deaee7e5: dnsrecursor labsaliaser: Set up instance-$instance.$project.wmflabs.org….Jul 18 2016, 2:11 AM
gerritbot added a comment.Jul 18 2016, 9:05 AM

Change 299513 had a related patch set uploaded (by Alex Monk):
Delegate 208.80.155.128/25 (labs instances) PTR records to labs-ns* so they can be managed automatically

https://gerrit.wikimedia.org/r/299513

gerritbot added a comment.Jul 19 2016, 5:07 PM

Change 299503 abandoned by Alex Monk:
dnsrecursor labsaliaser: Set up instance-$instance.$project.wmflabs.org domains for every instance with a public IP

Reason:
Unfortunately won't actually work because this needs to be on the authoritative server, not the recursor... Which doesn't seem to support lua hooks. So I'll have to write a script to manage the data in Designate I guess.

https://gerrit.wikimedia.org/r/299503

AlexMonk-WMF added a comment.Jul 19 2016, 11:36 PM

So I have a WIP script coming along to do this, but there's a blocker: Designate stores the in-addr.arpa zone under the 'noauth-project' account... Which isn't accessible through Keystone-authenticated requests that the python API uses (designate-sink usually deals with this zone). @Andrew, I think you hit the REST API directly instead when you "curl things directly into designate"?

AlexMonk-WMF added a comment.Jul 20 2016, 3:40 AM

The above is no longer the problem, now there's some designate internal errors happening when I try to create domains under a new 128-25.155.80.208.in-addr.arpa. domain... see labtestservices2001:/var/log/designate/designate-pool-manager.log

gerritbot added a comment.Jul 21 2016, 7:10 PM

Change 300331 had a related patch set uploaded (by Alex Monk):
[WIP/POC/POS] Puppetise script to manage labs floating IP PTR records

https://gerrit.wikimedia.org/r/300331

Krenair mentioned this in rOPUP45f592f9caef: [WIP/POC/POS] Puppetise script to manage labs floating IP PTR records.Jul 21 2016, 7:13 PM
Krenair mentioned this in rOPUPe2282c276132: [WIP/POC/POS] Puppetise script to manage labs floating IP PTR records.Jul 21 2016, 8:13 PM
Krenair mentioned this in rOPUP887b64748fc4: [WIP/POC/POS] Puppetise script to manage labs floating IP PTR records.Jul 21 2016, 8:39 PM
Krenair mentioned this in rOPUP6b180922f398: [WIP/POC/POS] Puppetise script to manage labs floating IP PTR records.Jul 21 2016, 8:57 PM
Krenair mentioned this in rOPUP378608e018c6: [WIP/POC/POS] Puppetise script to manage labs floating IP PTR records.Jul 21 2016, 9:07 PM
Krenair mentioned this in rOPUP2d98f11d7e4b: [WIP] Puppetise script to manage labs floating IP PTR records.Jul 22 2016, 4:31 AM
Krenair mentioned this in rOPUP5873a519e2e6: [WIP] Puppetise script to manage labs floating IP PTR records.Jul 22 2016, 2:42 PM
AlexMonk-WMF mentioned this in rOPUP7d1695559ef2: Puppetise script to manage labs floating IP PTR records.Jul 22 2016, 3:25 PM
Krenair mentioned this in rOPUPbba7712664c4: Puppetise script to manage labs floating IP PTR records.Jul 22 2016, 5:03 PM
Krenair mentioned this in rOPUP23e5890a8ea7: Puppetise script to manage labs floating IP PTR records.Jul 22 2016, 5:22 PM
Krenair mentioned this in rOPUPbf244b650624: Puppetise script to manage labs floating IP PTR records.Jul 22 2016, 8:20 PM
Krenair moved this task from Triage to In Progress on the Cloud-Services board.Jul 23 2016, 2:21 PM
AlexMonk-WMF claimed this task.Jul 23 2016, 2:37 PM
Krenair mentioned this in rOPUP2cbb108df063: Puppetise script to manage labs floating IP PTR records.Aug 2 2016, 10:36 PM
Andrew mentioned this in rOPUP06907f1cfb71: Puppetise script to manage labs floating IP PTR records.Aug 3 2016, 4:32 PM
Krenair mentioned this in rOPUPdd88e0cbfbee: Puppetise script to manage labs floating IP PTR records.Aug 3 2016, 4:47 PM
Krenair mentioned this in rOPUP2aa418c28bf8: Puppetise script to manage labs floating IP PTR records.Aug 3 2016, 4:53 PM
gerritbot added a comment.Aug 3 2016, 4:58 PM

Change 300331 merged by Andrew Bogott:
Puppetise script to manage labs floating IP PTR records

https://gerrit.wikimedia.org/r/300331

gerritbot added a comment.Aug 3 2016, 5:25 PM

Change 299513 merged by Andrew Bogott:
Delegate 208.80.155.128/25 (labs instances) PTR records to labs-ns* so they can be managed automatically

https://gerrit.wikimedia.org/r/299513

AlexMonk-WMF closed this task as Resolved.Aug 3 2016, 5:39 PM
  • labs-morebots (tools.more@instance-tools-exec-1216.tools.wmflabs.org) has joined

^ that used to show an IP :)

AlexMonk-WMF removed a project: Patch-For-Review.Aug 3 2016, 5:39 PM
AlexMonk-WMF added a comment.EditedAug 3 2016, 9:22 PM

This script sets up instance-$instance.$project.wmflabs.org records where possible, primarily for the benefit of cases where you have an instance with a public IP, but no domain pointing at it. It also helps to identify what instance is running what domain though.

I say "where possible" because it relies upon the project having control of the $project.wmflabs.org domain. In some projects (53 of 220 total labs projects = approximately 24% of labs projects actually), this is not the case - these projects will see 'instance-' records in PTRs but they will not resolve.

The following would currently exist but are in projects without full control of $project.wmflabs.org and therefore are missing:
instance-cvn-app4.cvn.wmflabs.org.
instance-cvn-app5.cvn.wmflabs.org.
instance-wm-bot.bots.wmflabs.org.
instance-google-api-proxy-02.google-api-proxy.wmflabs.org.
instance-huggle.huggle.wmflabs.org.
instance-wikisource-dev.wikisource-dev.wmflabs.org.
instance-utrs-primary.utrs.wmflabs.org.
instance-wikistream-web.wikistream.wmflabs.org.
instance-yandex-proxy01.yandex-proxy.wmflabs.org.

And the following other projects are without full control of $project.wmflabs.org and therefore won't be able to get such records either, though do not currently have any AFAIK:
redirects
mediawiki-verp
phlogiston
structured-wikiquote
cyberbot
discourse
analytics
pagemigration
petscan
wikispy
piwik
ores-staging
servermon
planet
git
authmanager
commtech
integration
fastcci
wikistats
reading-web-staging
graphite
commonsarchive
mwv-apt
cvresearch
wpx
shinken
quarry
striker
nginx
phragile
xtools
social-tools
wikidata-topicmaps
pubsubhubbub
embed-sandbox
reportcard
safesandbox
dumps
wikidata-metrics
extdist
openocr
orgcharts
paws
ores

These are blocked on T131367: Proxy corner case: proxy name foo.wmflabs.org == domain name foo.wmflabs.org

AlexMonk-WMF mentioned this in T93088: Use Designate for public/floating labs IPs.Aug 31 2016, 9:53 PM
Krenair mentioned this in T152941: Make changing puppetmasters for Labs instances more easy.Jul 13 2018, 9:43 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL