Page MenuHomePhabricator

Clean up non-proxy entries in wmflabs.org zone
Open, LowPublic

Description

I cleaned up old proxy stuff in T218633, this task covers non-proxy things. Some project-specific stuff is lurking here:

client = designateclient.Client(session=get_keystone_session('wmflabsdotorg'))
zone = client.zones.get('wmflabs.org.')
for recordset in client.recordsets.list(zone['id']):
    if recordset['type'] != 'A' or recordset['records'] != ['185.15.56.49']:
        print('|' + recordset['name'] + '|' + recordset['type'] + '|' + repr(recordset['records']) + '|' + repr(recordset['description']) + '|')

Infra includes very special projects such as bastion, project-proxy, cloudinfra. Projects which are only like normal-level special are not considered infra.

NameTypeRecordsDescriptionNotes
wmflabs.org.SOA[u'labs-ns1.wikimedia.org. root.wmflabs.org. 1553018358 3600 600 86400 3600']None infra
wmflabs.org.NS[u'labs-ns3.wikimedia.org.', u'labs-ns0.wikimedia.org.', u'labs-ns1.wikimedia.org.', u'labs-ns2.wikimedia.org.']None infra
huggle-rc.wmflabs.org.A[u'185.15.56.24']u'This was imported from ldap where it was associated with instance <Server: huggle> in project huggle' huggle
tools-checker.wmflabs.org.A[u'208.80.155.229']u'This was imported from ldap where it was associated with instance <Server: tools-checker-01> in project tools' tools
bastion-restricted.wmflabs.org.A[u'185.15.56.14']u'restricted bastion for Ops use' infra
tools-static.wmflabs.org.A[u'208.80.155.174']u'This was imported from ldap where it was associated with instance <Server: tools-web-static-01> in project tools' tools
wmflabs.org.MX[u'10 mx1001.wikimedia.org.', u'50 mx2001.wikimedia.org.']None it should be here though the value may be questionable
wmflabs.org.TXT[u'"v=spf1 mx ip4:185.15.56.18 ip4:185.15.56.19 ?all"']None infra
internal-server-nat.wmflabs.org.A[u'208.80.155.255']None Should be here but value is questionable, does not include eqiad1-r NAT IP
www.wmflabs.org.CNAME[u'proxy-eqiad1.wmflabs.org.']None infra
_psl.wmflabs.org.TXT[u'https://github.com/publicsuffix/list/pull/284']None Still needed or not?
m.wmflabs.org.CNAME[u'proxy-eqiad1.wmflabs.org.']u'Attempt to protect against mobile variant of https://bugs.chromium.org/p/chromium/issues/detail?id=881410 getting abused. -- Alex 2018-09-07' Still needed or not?
mx-out01.wmflabs.org.A[u'185.15.56.18']u'Mail exchange' infra
mx-out02.wmflabs.org.A[u'185.15.56.19']u'Mail exchange' infra
ntp-01.wmflabs.org.A[u'185.15.56.3']u'time server for cloud instances' infra
ntp-02.wmflabs.org.A[u'185.15.56.27']u'time server for cloud instances' infra
paws2.wmflabs.org.A[u'185.15.56.57', u'185.15.56.43', u'185.15.56.42']u'New PAWS cluster' paws
tools-trusty.wmflabs.org.CNAME[u'login-trusty.tools.wmflabs.org.']None tools, but at least it's a CNAME into tools, likely going away soon
tools-login.wmflabs.org.CNAME[u'login.tools.wmflabs.org.']u'Legacy alias for login.tools.wmflabs.org.' tools, but at least it's a CNAME into tools, likely difficult to get rid of
tools-dev.wmflabs.org.CNAME[u'stretch-dev.tools.wmflabs.org.']u'Legacy alias for Toolforge secondary bastion' tools, but at least it's a CNAME into tools
paws.wmflabs.org.A[u'185.15.56.58']None paws
paws-public.wmflabs.org.A[u'185.15.56.58']None paws
paws-apiserver.wmflabs.org.A[u'172.16.2.151', u'172.16.2.149', u'172.16.2.150']None paws, also internal IPs for HA work

Event Timeline

Krenair created this task.Mar 19 2019, 6:16 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 19 2019, 6:16 PM
Krenair updated the task description. (Show Details)Mar 19 2019, 6:19 PM
Krenair updated the task description. (Show Details)Mar 19 2019, 6:28 PM
Krenair updated the task description. (Show Details)Mar 19 2019, 6:31 PM
Krenair updated the task description. (Show Details)
Krenair updated the task description. (Show Details)Mar 19 2019, 6:36 PM
Krenair updated the task description. (Show Details)Mar 19 2019, 6:44 PM
Andrew added a subscriber: Andrew.Dec 30 2019, 6:50 AM

Deleted:

huggle-rc doesn't seem to point to anything; I've removed that entry.
tools-checker is already be gone.
paws2 doesn't seem to point to anything; I've removed that entry.
tools-trusty is already gone

I'm not sure they should be deleted:

tools-static.wmflabs.org directs to an actual working site; it's /probably/ not referenced anywhere but I'm reluctant to delete it.
tools-login.wmflabs.org and tools-dev.wmflabs.org are somewhat-reasonable ways to access the bastions; I'm sure people are still using these addresses habitually
paws.wmflabs.org seems like a pretty memorable (and probably documented) way to reach paws

I don't know what these are:

paws-public.wmflabs.org serves content, no idea if it's useful to anyone
paws-apiserver.wmflabs.org appears to still be a running server; I'm not 100% sure it's not important for internal paws functioning

Andrew updated the task description. (Show Details)Dec 30 2019, 6:53 AM
Andrew added subscribers: Chicocvenancio, zhuyifei1999.

@Chicocvenancio or @zhuyifei1999 can you comment as to whether the paws-public.wmflabs.org or paws-apiserver.wmflabs.org domains are still useful?

bd808 added a subscriber: bd808.Dec 31 2019, 7:05 PM

I'm not sure they should be deleted:

tools-static.wmflabs.org directs to an actual working site; it's /probably/ not referenced anywhere but I'm reluctant to delete it.

tools-static is very actively used. We should figure out another name to transition it to as we roll out the toolforge and wmcloud domains, but deleting this DNS entry would break a lot of things.

Yeah, so IIRC the other option here is making a zone for the domain
containing an A record at the apex pointing to the appropriate IP. That way
it's owned by the correct tenant too

JHedden triaged this task as Low priority.Apr 21 2020, 4:33 PM
JHedden moved this task from Clinic Duty to Inbox on the cloud-services-team (Kanban) board.