Page MenuHomePhabricator
Create Task
Maniphest T155761

DNS repo: add Jenkins job to ensure there are no duplicates
Closed, ResolvedPublic
Actions

Description

Repurposing this task to cover the use case to catch duplicates between manual records in the operation/dns repository and the automatically-generated DNS data coming from Netbox. More details in T155761#7893098.

Original request

It happened more than once in the last few months that the same IP was assigned to multiple hosts in the DNS repo.
We should add a check before merging to ensure that this cannot happen again.

Details

Related Changes in Gerrit:
Show related patches Customize query in gerrit

Related Objects

Event Timeline

Volans created this task.Jan 19 2017, 6:24 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 19 2017, 6:24 PM
RobH subscribed.Jan 19 2017, 7:04 PM

As discussed in IRC, there doesn't seem to be any reason to have duplicate A entries in the forward files.

RobH awarded a token.Jan 19 2017, 7:04 PM
Phabricator_maintenance moved this task from Backlog to Acknowledged on the SRE board.Jan 26 2019, 9:01 PM
RobH unsubscribed.Mar 3 2020, 6:03 PM
fgiunchedi added a comment.Apr 29 2022, 2:38 PM

AFAICT nowadays zone_validator.py will fail on duplicate records. Ok to resolve this @Volans ?

Volans added a comment.Apr 30 2022, 9:43 AM

@fgiunchedi yes and no, duplicates within the operations/dns repository are currently catched, but duplication within the automatically-generated data or between the manual and the generated data are not.
What we could do is to refactor a bit zone validator to inject into the zonefiles the netbox generated data for each INCLUDE before parsing the file. That should allow to catch all issues, but would also mean that some wrong data in Netbox might make CI fail on a totally valid dns patch.
What are your thoughts?

fgiunchedi added a comment.May 2 2022, 7:32 AM

Thank you for the clarification @Volans, we're definitely in a better place nowadays so IMHO this task is done according to the original description.

What you mentioned sounds definitely worth doing, either as part of repurposing this task or a new one (both with more up to date tags I suspect, such as SRE-tools perhaps?). I'm fine either way!

Volans edited projects, added SRE-tools, DNS; removed SRE.May 2 2022, 9:58 AM

Ack, let me repurpose this one.

Restricted Application added a project: Infrastructure-Foundations. · View Herald TranscriptMay 2 2022, 9:58 AM
Volans updated the task description. (Show Details)May 2 2022, 10:00 AM
Maintenance_bot added a project: Traffic.May 2 2022, 10:30 AM
Volans added a comment.May 17 2022, 9:54 PM

I've a local patch that I'm testing to perform the validation of the whole dataset (manual + netbox). The preliminary results are below. I will have a look at the reported errors (that seems legit at first sight) and also at the warnings that might not be reported correctly anymore (some seems a bit too many).

Run of the zone validator on current master
 -- Running zone_validator to check WMF rules
Summary of violations:
    W001|MISSING_IP_FOR_NAME_AND_PTR: 43
    W002|MISSING_PTR_FOR_NAME_AND_IP: 29
    W103|MISSING_MGMT_FOR_NAME: 66
    W105|TOO_MANY_PUBLIC_NAMES: 3
RESULT: 0 Errors, 141 Warnings, 0 Ignored violations, 0 Ignored lines
Run of the zone validator on my local patch
 -- Running zone_validator to check WMF rules
E001|GLOBAL_DUPLICATE: Global duplicate records found:
    netbox/wikimedia.org-codfw:175 pfw3-codfw.wikimedia.org. A 208.80.153.197
    wikimedia.org:296 pfw3-codfw.wikimedia.org. A 208.80.153.197
E001|GLOBAL_DUPLICATE: Global duplicate records found:
    netbox/wikimedia.org-codfw:175 pfw3-codfw.wikimedia.org. A 208.80.153.197
    wikimedia.org:296 pfw3-codfw.wikimedia.org. A 208.80.153.197
E001|GLOBAL_DUPLICATE: Global duplicate records found:
    netbox/wikimedia.org-codfw:196 wiki-mail-codfw.wikimedia.org. A 208.80.153.46
    netbox/wikimedia.org-codfw:197 wiki-mail-codfw.wikimedia.org. AAAA 2620:0:860:2:208:80:153:46
    wikimedia.org:463 wiki-mail-codfw.wikimedia.org. A 208.80.153.46
    wikimedia.org:464 wiki-mail-codfw.wikimedia.org. AAAA 2620:0:860:2:208:80:153:46
E001|GLOBAL_DUPLICATE: Global duplicate records found:
    netbox/wikimedia.org-codfw:196 wiki-mail-codfw.wikimedia.org. A 208.80.153.46
    netbox/wikimedia.org-codfw:197 wiki-mail-codfw.wikimedia.org. AAAA 2620:0:860:2:208:80:153:46
    wikimedia.org:463 wiki-mail-codfw.wikimedia.org. A 208.80.153.46
    wikimedia.org:464 wiki-mail-codfw.wikimedia.org. AAAA 2620:0:860:2:208:80:153:46
E001|GLOBAL_DUPLICATE: Global duplicate records found:
    netbox/wikimedia.org-codfw:196 wiki-mail-codfw.wikimedia.org. A 208.80.153.46
    netbox/wikimedia.org-codfw:197 wiki-mail-codfw.wikimedia.org. AAAA 2620:0:860:2:208:80:153:46
    wikimedia.org:463 wiki-mail-codfw.wikimedia.org. A 208.80.153.46
    wikimedia.org:464 wiki-mail-codfw.wikimedia.org. AAAA 2620:0:860:2:208:80:153:46
E001|GLOBAL_DUPLICATE: Global duplicate records found:
    netbox/wikimedia.org-codfw:196 wiki-mail-codfw.wikimedia.org. A 208.80.153.46
    netbox/wikimedia.org-codfw:197 wiki-mail-codfw.wikimedia.org. AAAA 2620:0:860:2:208:80:153:46
    wikimedia.org:463 wiki-mail-codfw.wikimedia.org. A 208.80.153.46
    wikimedia.org:464 wiki-mail-codfw.wikimedia.org. AAAA 2620:0:860:2:208:80:153:46
E001|GLOBAL_DUPLICATE: Global duplicate records found:
    netbox/32-27.153.80.208.in-addr.arpa:13 47.153.80.208.in-addr.arpa. PTR ns-recursor0.openstack.codfw1dev.wikimediacloud.org.
    153.80.208.in-addr.arpa:23 47.153.80.208.in-addr.arpa. PTR ns-recursor0.openstack.codfw1dev.wikimediacloud.org. ; additional IP for cloudservices2004-dev
E001|GLOBAL_DUPLICATE: Global duplicate records found:
    netbox/32-27.153.80.208.in-addr.arpa:13 47.153.80.208.in-addr.arpa. PTR ns-recursor0.openstack.codfw1dev.wikimediacloud.org.
    153.80.208.in-addr.arpa:23 47.153.80.208.in-addr.arpa. PTR ns-recursor0.openstack.codfw1dev.wikimediacloud.org. ; additional IP for cloudservices2004-dev
E001|GLOBAL_DUPLICATE: Global duplicate records found:
    netbox/184-29.153.80.208.in-addr.arpa:6 190.153.80.208.in-addr.arpa. PTR wan.cloudgw.codfw1dev.wikimediacloud.org.
    153.80.208.in-addr.arpa:46 190.153.80.208.in-addr.arpa. PTR wan.cloudgw.codfw1dev.wikimediacloud.org.
E001|GLOBAL_DUPLICATE: Global duplicate records found:
    netbox/184-29.153.80.208.in-addr.arpa:6 190.153.80.208.in-addr.arpa. PTR wan.cloudgw.codfw1dev.wikimediacloud.org.
    153.80.208.in-addr.arpa:46 190.153.80.208.in-addr.arpa. PTR wan.cloudgw.codfw1dev.wikimediacloud.org.
E103|TOO_MANY_NAMES: Found 2 name(s) for PTR '190.153.80.208.in-addr.arpa.', expected 1:
    netbox/184-29.153.80.208.in-addr.arpa:6 190.153.80.208.in-addr.arpa. PTR wan.cloudgw.codfw1dev.wikimediacloud.org.
    153.80.208.in-addr.arpa:46 190.153.80.208.in-addr.arpa. PTR wan.cloudgw.codfw1dev.wikimediacloud.org.
E103|TOO_MANY_NAMES: Found 2 name(s) for PTR '47.153.80.208.in-addr.arpa.', expected 1:
    netbox/32-27.153.80.208.in-addr.arpa:13 47.153.80.208.in-addr.arpa. PTR ns-recursor0.openstack.codfw1dev.wikimediacloud.org.
    153.80.208.in-addr.arpa:23 47.153.80.208.in-addr.arpa. PTR ns-recursor0.openstack.codfw1dev.wikimediacloud.org. ; additional IP for cloudservices2004-dev
E103|TOO_MANY_NAMES: Found 2 name(s) for PTR '50.153.80.208.in-addr.arpa.', expected 1:
    netbox/32-27.153.80.208.in-addr.arpa:16 50.153.80.208.in-addr.arpa. PTR ns-recursor0.openstack.codfw1dev.wikimediacloud.org.
    153.80.208.in-addr.arpa:24 50.153.80.208.in-addr.arpa. PTR ns-recursor1.openstack.codfw1dev.wikimediacloud.org. ; additional IP for cloudservices2005-dev
E101|MULTIPLE_IPS_FOR_NAME: Found 3 IPs for name 'ge-0-0-4-401.mr1-eqsin.wikimedia.org.', expected 1:
    netbox/wikimedia.org-eqsin:61 ge-0-0-4-401.mr1-eqsin.wikimedia.org. A 103.102.166.133
    netbox/wikimedia.org-eqsin:62 ge-0-0-4-401.mr1-eqsin.wikimedia.org. AAAA 2001:df2:e500:fe03::2
    netbox/wikimedia.org-eqsin:63 ge-0-0-4-401.mr1-eqsin.wikimedia.org. AAAA 2001:df2:e500:fe04::2
E101|MULTIPLE_IPS_FOR_NAME: Found 4 IPs for name 'wiki-mail-codfw.wikimedia.org.', expected 1:
    netbox/wikimedia.org-codfw:196 wiki-mail-codfw.wikimedia.org. A 208.80.153.46
    netbox/wikimedia.org-codfw:197 wiki-mail-codfw.wikimedia.org. AAAA 2620:0:860:2:208:80:153:46
    wikimedia.org:463 wiki-mail-codfw.wikimedia.org. A 208.80.153.46
    wikimedia.org:464 wiki-mail-codfw.wikimedia.org. AAAA 2620:0:860:2:208:80:153:46
E003|MISSING_OR_WRONG_PTR_FOR_NAME_AND_IP: Missing PTR '1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.0.e.f.0.0.6.0.0.8.c.e.2.0.a.2.ip6.arpa.' for name 'xe-0-1-1-16.cr2-drmrs.wikimedia.org.' and IP '2a02:ec80:600:fe04::1', PTRs are:
    146.58.15.185.in-addr.arpa.
E003|MISSING_OR_WRONG_PTR_FOR_NAME_AND_IP: Missing PTR '2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.0.e.f.0.0.6.0.0.8.c.e.2.0.a.2.ip6.arpa.' for name 'xe-4-2-2-16.cr1-eqiad.wikimedia.org.' and IP '2a02:ec80:600:fe04::2', PTRs are:
    147.58.15.185.in-addr.arpa.
Summary of violations:
    E001|GLOBAL_DUPLICATE: 10
    E003|MISSING_OR_WRONG_PTR_FOR_NAME_AND_IP: 2
    E101|MULTIPLE_IPS_FOR_NAME: 2
    E103|TOO_MANY_NAMES: 3
    W001|MISSING_IP_FOR_NAME_AND_PTR: 37
    W002|MISSING_PTR_FOR_NAME_AND_IP: 63
    W101|MISSING_ASSET_TAG: 514
    W102|MISSING_DUAL_STACK_FOR_NAME: 1
    W103|MISSING_MGMT_FOR_NAME: 971
    W104|TOO_FEW_MGMT_NAMES: 362
    W105|TOO_MANY_PUBLIC_NAMES: 18
RESULT: 17 Errors, 1966 Warnings, 0 Ignored violations, 0 Ignored lines
gerritbot added a comment.May 18 2022, 9:39 AM

Change 793001 had a related patch set uploaded (by Volans; author: Volans):

[operations/dns@master] drmrs: add missing Netbox include for PTRs

https://gerrit.wikimedia.org/r/793001

gerritbot added a project: Patch-For-Review.May 18 2022, 9:39 AM

Change 793002 had a related patch set uploaded (by Volans; author: Volans):

[operations/dns@master] pfw3-codfw: remove manual record managed by Netbox

https://gerrit.wikimedia.org/r/793002

gerritbot added a comment.May 18 2022, 9:39 AM

Change 793003 had a related patch set uploaded (by Volans; author: Volans):

[operations/dns@master] cloud codfw1dev: remove records managed by Netbox

https://gerrit.wikimedia.org/r/793003

gerritbot added a comment.May 18 2022, 9:39 AM

Change 793004 had a related patch set uploaded (by Volans; author: Volans):

[operations/dns@master] iwiki-mail-codfw: remove records managed by Netbox

https://gerrit.wikimedia.org/r/793004

gerritbot added a comment.May 18 2022, 10:42 AM

Change 793001 merged by Volans:

[operations/dns@master] drmrs: add missing Netbox include for PTRs

https://gerrit.wikimedia.org/r/793001

gerritbot added a comment.May 18 2022, 10:43 AM

Change 793002 merged by Volans:

[operations/dns@master] pfw3-codfw: remove manual record managed by Netbox

https://gerrit.wikimedia.org/r/793002

gerritbot added a comment.May 18 2022, 10:43 AM

Change 793003 merged by Volans:

[operations/dns@master] cloud codfw1dev: remove records managed by Netbox

https://gerrit.wikimedia.org/r/793003

gerritbot added a comment.May 18 2022, 10:43 AM

Change 793004 merged by Volans:

[operations/dns@master] wiki-mail-codfw: remove records managed by Netbox

https://gerrit.wikimedia.org/r/793004

Maintenance_bot removed a project: Patch-For-Review.May 18 2022, 11:30 AM
gerritbot added a comment.May 18 2022, 1:07 PM

Change 793047 had a related patch set uploaded (by Volans; author: Volans):

[operations/dns@master] Remove unused PTRs from old experiment

https://gerrit.wikimedia.org/r/793047

gerritbot added a project: Patch-For-Review.May 18 2022, 1:07 PM
gerritbot added a comment.May 18 2022, 1:14 PM

Change 793047 merged by Volans:

[operations/dns@master] Remove unused PTRs from old experiment

https://gerrit.wikimedia.org/r/793047

Maintenance_bot removed a project: Patch-For-Review.May 18 2022, 1:30 PM
gerritbot added a comment.May 18 2022, 1:30 PM

Change 793050 had a related patch set uploaded (by Volans; author: Volans):

[operations/dns@master] cloud codfw1dev: remove records managed by Netbox

https://gerrit.wikimedia.org/r/793050

gerritbot added a project: Patch-For-Review.May 18 2022, 1:30 PM
Volans mentioned this in T308672: fr-tech DNS records incongruences.May 18 2022, 1:35 PM
gerritbot added a comment.May 18 2022, 1:54 PM

Change 793056 had a related patch set uploaded (by Volans; author: Volans):

[operations/dns@master] tox.ini: remove older Python versions, add 3.9

https://gerrit.wikimedia.org/r/793056

gerritbot added a comment.May 18 2022, 1:54 PM

Change 793057 had a related patch set uploaded (by Volans; author: Volans):

[operations/dns@master] zone_validator: include Netbox data in the check

https://gerrit.wikimedia.org/r/793057

gerritbot added a comment.May 18 2022, 1:58 PM

Change 793050 merged by Volans:

[operations/dns@master] cloud codfw1dev: fix recursor records

https://gerrit.wikimedia.org/r/793050

gerritbot added a comment.May 19 2022, 1:42 PM

Change 793467 had a related patch set uploaded (by Volans; author: Volans):

[operations/dns@master] zone_validator: fix asset tag matching

https://gerrit.wikimedia.org/r/793467

gerritbot added a comment.May 19 2022, 1:42 PM

Change 793468 had a related patch set uploaded (by Volans; author: Volans):

[operations/dns@master] zone_validator: add new zonefiles

https://gerrit.wikimedia.org/r/793468

gerritbot added a comment.May 19 2022, 1:42 PM

Change 793469 had a related patch set uploaded (by Volans; author: Volans):

[operations/dns@master] zone_validator: improve output of reported issues

https://gerrit.wikimedia.org/r/793469

gerritbot added a comment.May 19 2022, 1:42 PM

Change 793470 had a related patch set uploaded (by Volans; author: Volans):

[operations/dns@master] zone_validator: add support for @ records

https://gerrit.wikimedia.org/r/793470

gerritbot added a comment.May 19 2022, 1:42 PM

Change 793471 had a related patch set uploaded (by Volans; author: Volans):

[operations/dns@master] zone_validator: fix inline ignore errors logic

https://gerrit.wikimedia.org/r/793471

gerritbot added a comment.May 19 2022, 1:42 PM

Change 793472 had a related patch set uploaded (by Volans; author: Volans):

[operations/dns@master] zone_validator: convert format() and + to f-string

https://gerrit.wikimedia.org/r/793472

gerritbot added a comment.May 19 2022, 1:42 PM

Change 793473 had a related patch set uploaded (by Volans; author: Volans):

[operations/dns@master] zone_validator: simplify ignore of multiple issues

https://gerrit.wikimedia.org/r/793473

gerritbot added a comment.May 19 2022, 2:16 PM

Change 793484 had a related patch set uploaded (by Volans; author: Volans):

[operations/software/netbox-extras@master] dns: add a comment for skipped PTR

https://gerrit.wikimedia.org/r/793484

lmata subscribed.May 19 2022, 3:31 PM
gerritbot added a comment.May 20 2022, 9:13 AM

Change 793724 had a related patch set uploaded (by Volans; author: Volans):

[operations/dns@master] wikimedia-dns: add zone validator ignore comments

https://gerrit.wikimedia.org/r/793724

gerritbot added a comment.May 20 2022, 9:13 AM

Change 793727 had a related patch set uploaded (by Volans; author: Volans):

[operations/dns@master] Non-WMF IPs: add zone validator ignore comments

https://gerrit.wikimedia.org/r/793727

gerritbot added a comment.May 20 2022, 9:13 AM

Change 793728 had a related patch set uploaded (by Volans; author: Volans):

[operations/dns@master] Duplicate IPs by design: add zone validator ignore

https://gerrit.wikimedia.org/r/793728

gerritbot added a comment.May 20 2022, 9:13 AM

Change 793729 had a related patch set uploaded (by Volans; author: Volans):

[operations/dns@master] wikitech-static-iad: remove obsolete records

https://gerrit.wikimedia.org/r/793729

gerritbot added a comment.May 23 2022, 8:58 AM

Change 793724 merged by Volans:

[operations/dns@master] wikimedia-dns: add zone validator ignore comments

https://gerrit.wikimedia.org/r/793724

gerritbot added a comment.May 23 2022, 9:04 AM

Change 793056 merged by Volans:

[operations/dns@master] tox.ini: remove older Python versions, add 3.9

https://gerrit.wikimedia.org/r/793056

gerritbot added a comment.May 23 2022, 9:06 AM

Change 793467 merged by Volans:

[operations/dns@master] zone_validator: fix asset tag matching

https://gerrit.wikimedia.org/r/793467

gerritbot added a comment.May 23 2022, 9:06 AM

Change 793468 merged by Volans:

[operations/dns@master] zone_validator: add new zonefiles

https://gerrit.wikimedia.org/r/793468

gerritbot added a comment.May 23 2022, 9:06 AM

Change 793469 merged by Volans:

[operations/dns@master] zone_validator: improve output of reported issues

https://gerrit.wikimedia.org/r/793469

gerritbot added a comment.May 23 2022, 9:06 AM

Change 793470 merged by Volans:

[operations/dns@master] zone_validator: add support for @ records

https://gerrit.wikimedia.org/r/793470

gerritbot added a comment.May 23 2022, 9:06 AM

Change 793471 merged by Volans:

[operations/dns@master] zone_validator: fix inline ignore errors logic

https://gerrit.wikimedia.org/r/793471

gerritbot added a comment.May 23 2022, 9:36 AM

Change 793057 merged by Volans:

[operations/dns@master] zone_validator: include Netbox data in the check

https://gerrit.wikimedia.org/r/793057

gerritbot added a comment.May 23 2022, 9:36 AM

Change 793472 merged by Volans:

[operations/dns@master] zone_validator: convert format() and + to f-string

https://gerrit.wikimedia.org/r/793472

gerritbot added a comment.May 23 2022, 9:36 AM

Change 793473 merged by Volans:

[operations/dns@master] zone_validator: simplify ignore of multiple issues

https://gerrit.wikimedia.org/r/793473

gerritbot added a comment.May 23 2022, 9:39 AM

Change 793727 merged by Volans:

[operations/dns@master] Non-WMF IPs: add zone validator ignore comments

https://gerrit.wikimedia.org/r/793727

gerritbot added a comment.May 23 2022, 9:43 AM

Change 793484 merged by jenkins-bot:

[operations/software/netbox-extras@master] dns: add a comment for skipped PTR

https://gerrit.wikimedia.org/r/793484

gerritbot added a comment.May 23 2022, 9:53 AM

Change 793729 merged by Volans:

[operations/dns@master] wikitech-static-iad: remove obsolete records

https://gerrit.wikimedia.org/r/793729

jenkins-bot mentioned this in rOSNE3a03526b868a: dns: add a comment for skipped PTR.May 23 2022, 10:04 AM
Volans added a comment.Sep 28 2022, 9:53 AM

I think that the only patch left to be merged is https://gerrit.wikimedia.org/r/c/operations/dns/+/793728, pending on Traffic for a review/approval.

BCornwall moved this task from Backlog to Scheduled incidental work on the Traffic board.Mar 8 2023, 9:10 PM
BCornwall subscribed.Mar 8 2023, 10:55 PM
BCornwall added subscribers: Vgutierrez, BBlack.Mar 8 2023, 10:58 PM

@BBlack / @Vgutierrez is https://gerrit.wikimedia.org/r/c/operations/dns/+/793728 something that you're amenable to including?

BCornwall changed the task status from Open to Stalled.Mar 8 2023, 10:58 PM
BCornwall moved this task from Scheduled incidental work to Backlog on the Traffic board.Mar 30 2023, 8:41 PM
Pppery edited projects, added Patch-Needs-Improvement; removed Patch-For-Review.Apr 2 2023, 1:24 AM
BCornwall added a comment.Sep 12 2023, 6:37 PM

@Vgutierrez and @BBlack friendly poke :)

gerritbot added a comment.Oct 24 2024, 3:39 PM

Change #793728 merged by Ssingh:

[operations/dns@master] Duplicate names by design: add zone validator ignore

https://gerrit.wikimedia.org/r/793728

BCornwall closed this task as Resolved.Jan 21 2026, 3:18 PM
BCornwall claimed this task.

I believe this has been solved with the latest patch merge. If this is in error, please re-open!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits