Page MenuHomePhabricator
Create Task
Maniphest T243766

Cloud DNS: proposal for new DNS service names
Closed, ResolvedPublic
Actions

Description

I think we should rename / establish our DNS service names as follow:

DNS auth for eqiad1:

  • ns0.openstack.eqiad1.wikimediacloud.org (currently cloud-ns0.wikimedia.org which is an additional IPv4 address usually assigned to cloudservices1003.wikimedia.org)
  • ns1.openstack.eqiad1.wikimediacloud.org (currently cloud-ns1.wikimedia.org which is an additional IPv4 address usually assigned to cloudservices1004.wikimedia.org)

DNS rec for eqiad1:

  • ns-recursor0.openstack.eqiad1.wikimediacloud.org (currently cloud-recursor0.wikimedia.org which resolves to the same IPv4 assigned to cloudservices1003.wikimedia.org)
  • ns-recursor1.openstack.eqiad1.wikimediacloud.org (currently cloud-recursor1.wikimedia.org which resolves to the same IPv4 assigned to cloudservices1004.wikimedia.org)

DNS auth for codfw1dev:

  • ns0.openstack.codfw1dev.wikimediacloud.org (currently codfw1dev-ns0.wikimedia.org which resolves to the same addresses assigned to cloudservices2002-dev.wikimedia.org)
  • ns1.openstack.codfw1dev.wikimediacloud.org (new service)

DNS rec for codf1dev:

  • ns-recursor0.openstack.codfw1dev.wikimediacloud.org (currently codfw1dev-recursor0.wikimedia.org)
  • ns-recursor1.openstack.codfw1dev.wikimediacloud.org (currently codfw1dev-recursor0.wikimedia.org)

Rationale:
We have the domain wikimediacloud.org, to hold internal APIs and other openstack-core services , a name that better reflect the nature of the services being provided. Designate (the actual service doing the DNS work) is a part of openstack, so a service FQDN living in the same DNS namespace as other core openstack components has the benefit of bringing some additional amount of coherence. As can be seen in the current situation, we don't have a common way of naming things between deployments (cloud-recursor0.wikimedia.org vs codfw1dev-recursor0.wikimedia.org) so moving the service FQDNs to the new domain seems like a great opportunity to introduce such homogenization.
More info: https://wikitech.wikimedia.org/wiki/Wikimedia_Cloud_Services_team/EnhancementProposals/DNS_domain_usage#Resolution

Proposed plan:

  1. Do all the required tests with the ns0.openstack.codfw1dev.wikimediacloud.org FQDN, which is new and doesn't exists currently (i.e, introducing it won't break anything).
  2. introduce the FQDNs into WMF DNS servers and have them properly resolve. Play with them and make sure everything makes sense.
  3. Make sure designate can work with the new names.
  4. Update delegations (NS records) to include both (old and new) service FQDNs.
  5. At this point, Designate should handle requests in both FQDNs (shouldn't matter, it is really IPv4-based anyway)
  6. introduce the FQDNs to virtual machines in eqiad1. Lets have both FQDNs (old and new) co-exists for a while to make sure we don't break anything. Be ready to roll-back in case of failures.
  7. if we are happy, cleanup etc. We probably need to rebuild base images for VMs?

Note1: Introducing an auth FQDN in codfw1dev (i.e, ns0.openstack.codfw1dev.wikimediacloud.org) should help unblock T243556: Fix internal TLD in use in codfw1dev
Note2: Since designate is serving both auth/rec queries, I don't think we really need to split between auth/rec service names, but that's probably a debate for another iteration.

Details

SubjectRepoBranchLines +/-
hieradata: fix typo in cloud recursor FQDNsoperations/puppetproduction+4 -4
cloud: refresh names for DNS servers in eqiad1/codfw1devoperations/puppetproduction+31 -31
eqiad1.wikimedia.cloud: introduce delegation to the new Designate FQDNsoperations/dnsmaster+2 -0
wikimediacloud.org: introduce new service names for DNSoperations/dnsmaster+15 -1
wikimediacloud.org: fix address of ns0.openstack.codfw1dev.wikimediacloud.orgoperations/dnsmaster+5 -3
cloud: introduce delegation for codfw1dev.wikimedia.cloudoperations/dnsmaster+6 -3
Customize query in gerrit

Related Objects
Search...

Event Timeline

aborrero created this task.Jan 27 2020, 1:35 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 27 2020, 1:35 PM
aborrero moved this task from Inbox to Needs discussion on the cloud-services-team (Kanban) board.Jan 27 2020, 1:38 PM
gerritbot added a comment.Jan 27 2020, 1:55 PM

Change 567453 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/dns@master] cloud: introduce delegation for codfw1dev.wikimedia.cloud

https://gerrit.wikimedia.org/r/567453

gerritbot added a project: Patch-For-Review.Jan 27 2020, 1:55 PM
gerritbot added a comment.Jan 27 2020, 3:52 PM

Change 567453 merged by Arturo Borrero Gonzalez:
[operations/dns@master] cloud: introduce delegation for codfw1dev.wikimedia.cloud

https://gerrit.wikimedia.org/r/567453

Maintenance_bot removed a project: Patch-For-Review.Jan 27 2020, 4:10 PM
Stashbot mentioned this in T242976: public dns for codfw1dev vms.Jan 28 2020, 10:03 AM

Mentioned in SAL (#wikimedia-cloud) [2020-01-28T10:03:54Z] <arturo> delegated codfw1dev.wmcloud.org to designate @ codfw1dev ns0.openstack.codfw1dev.wikimediacloud.org (T242976 and T243766)

Stashbot added a comment.Jan 28 2020, 10:11 AM

Mentioned in SAL (#wikimedia-cloud) [2020-01-28T10:11:00Z] <arturo> [codfw1dev] root@cloudcontrol2001-dev:~# openstack zone create --description "main DNS domain for public addresses" --email "root@wmflabs.org" --type PRIMARY --ttl 3600 codfw1dev.wmcloud.org. (T242976 and T243766)

aborrero updated the task description. (Show Details)Jan 28 2020, 10:54 AM

I just discovered that codfw1dev-ns0.wikimedia.org exists indeed.

gerritbot added a comment.Jan 28 2020, 5:11 PM

Change 567986 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/dns@master] wikimediacloud.org: fix address of ns0.openstack.codfw1dev.wikimediacloud.org

https://gerrit.wikimedia.org/r/567986

gerritbot added a project: Patch-For-Review.Jan 28 2020, 5:11 PM
gerritbot added a comment.Jan 28 2020, 5:13 PM

Change 567986 merged by Arturo Borrero Gonzalez:
[operations/dns@master] wikimediacloud.org: fix address of ns0.openstack.codfw1dev.wikimediacloud.org

https://gerrit.wikimedia.org/r/567986

Stashbot added a comment.Jan 28 2020, 5:24 PM

Mentioned in SAL (#wikimedia-cloud) [2020-01-28T17:24:16Z] <arturo> [codfw1dev] root@cloudcontrol2001-dev:~# designate server-create --name ns0.openstack.codfw1dev.wikimediacloud.org. (T243766)

Maintenance_bot removed a project: Patch-For-Review.Jan 28 2020, 6:10 PM
aborrero mentioned this in T243556: Fix internal TLD in use in codfw1dev.Jan 28 2020, 6:11 PM
aborrero claimed this task.Feb 13 2020, 11:52 AM
aborrero moved this task from Needs discussion to Doing on the cloud-services-team (Kanban) board.

This was accepted by the WMCS team.

Will create some patches to implement this soon.

aborrero triaged this task as Medium priority.Feb 13 2020, 11:52 AM
gerritbot added a comment.Feb 13 2020, 4:39 PM

Change 572023 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/dns@master] wikimediacloud.org: introduce new service names for DNS

https://gerrit.wikimedia.org/r/572023

gerritbot added a project: Patch-For-Review.Feb 13 2020, 4:39 PM
aborrero added a parent task: T245173: CloudVPS: DNS improvements.Feb 13 2020, 4:57 PM
aborrero updated the task description. (Show Details)Feb 13 2020, 5:05 PM
gerritbot added a comment.Feb 13 2020, 5:17 PM

Change 572023 merged by Arturo Borrero Gonzalez:
[operations/dns@master] wikimediacloud.org: introduce new service names for DNS

https://gerrit.wikimedia.org/r/572023

Maintenance_bot removed a project: Patch-For-Review.Feb 13 2020, 6:10 PM
Stashbot added a comment.Feb 14 2020, 10:32 AM

Mentioned in SAL (#wikimedia-cloud) [2020-02-14T10:32:22Z] <arturo> running root@cloudcontrol1004:~# designate server-create --name ns0.openstack.eqiad1.wikimediacloud.org. (T243766)

Stashbot added a comment.Feb 14 2020, 10:32 AM

Mentioned in SAL (#wikimedia-cloud) [2020-02-14T10:32:30Z] <arturo> running root@cloudcontrol1004:~# designate server-create --name ns1.openstack.eqiad1.wikimediacloud.org. (T243766)

Stashbot added a comment.Feb 14 2020, 10:35 AM

Mentioned in SAL (#wikimedia-cloud) [2020-02-14T10:35:10Z] <arturo> running root@cloudcontrol2001-dev:~# designate server-create --name ns1.openstack.codfw1dev.wikimediacloud.org. (T243766)

gerritbot added a comment.Feb 14 2020, 11:23 AM

Change 572209 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/dns@master] eqiad1.wikimedia.cloud: introduce delegation to the new Designate FQDNs

https://gerrit.wikimedia.org/r/572209

gerritbot added a project: Patch-For-Review.Feb 14 2020, 11:23 AM

Change 572209 merged by Arturo Borrero Gonzalez:
[operations/dns@master] eqiad1.wikimedia.cloud: introduce delegation to the new Designate FQDNs

https://gerrit.wikimedia.org/r/572209

gerritbot added a comment.Feb 14 2020, 11:40 AM

Change 572213 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] cloud: refresh names for DNS servers in eqiad1/codfw1dev

https://gerrit.wikimedia.org/r/572213

gerritbot added a comment.Feb 20 2020, 7:14 PM

Change 572213 merged by Andrew Bogott:
[operations/puppet@production] cloud: refresh names for DNS servers in eqiad1/codfw1dev

https://gerrit.wikimedia.org/r/572213

Maintenance_bot removed a project: Patch-For-Review.Feb 20 2020, 8:10 PM
gerritbot added a comment.Feb 24 2020, 10:00 AM

Change 574395 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] hieradata: fix typo in cloud recursor FQDNs

https://gerrit.wikimedia.org/r/574395

gerritbot added a project: Patch-For-Review.Feb 24 2020, 10:00 AM
gerritbot added a comment.Feb 24 2020, 10:28 AM

Change 574395 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] hieradata: fix typo in cloud recursor FQDNs

https://gerrit.wikimedia.org/r/574395

Maintenance_bot removed a project: Patch-For-Review.Feb 24 2020, 11:11 AM
aborrero closed this task as Resolved.Mar 24 2020, 12:55 PM

Given this proposal was accepted, I think this task can be closed. We can follow-up in the subtasks.

Andrew closed subtask T247971: Cloud DNS: update markmonitor entries as Resolved.Apr 8 2020, 2:01 PM
aborrero added a subtask: T256144: CloudVPS: cleanup hiera values using old openstack services names.Jun 25 2020, 11:29 AM
aborrero added a subtask: T254496: clean up old cloud-ns0.wikimedia.org and cloud-ns1.wikimedia.org ns records in designate zones.
aborrero reopened subtask T254496: clean up old cloud-ns0.wikimedia.org and cloud-ns1.wikimedia.org ns records in designate zones as Open.Jun 25 2020, 11:33 AM
Andrew closed subtask T254496: clean up old cloud-ns0.wikimedia.org and cloud-ns1.wikimedia.org ns records in designate zones as Resolved.Jun 25 2020, 2:43 PM
Nintendofan885 subscribed.Jul 14 2020, 9:13 PM
Andrew closed subtask T256144: CloudVPS: cleanup hiera values using old openstack services names as Resolved.Mar 29 2022, 5:05 PM
aborrero mentioned this in T346177: Certain systems failing to resolve DNS entries under toolforge.org, wmcloud.org, wmflabs.org, toolserver.org.Sep 13 2023, 12:07 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits