Page MenuHomePhabricator
Create Task
Maniphest T247971

Cloud DNS: update markmonitor entries
Closed, ResolvedPublic
Actions

Description

We need to change the markmonitor NS entries for some of our domains to accommodate new service names:

arturo@endurance:~ $ whois toolforge.org | grep "Name Server"
Name Server: CLOUD-NS0.WIKIMEDIA.ORG
Name Server: CLOUD-NS1.WIKIMEDIA.ORG
arturo@endurance:~ $ whois wmcloud.org | grep "Name Server"
Name Server: CLOUD-NS0.WIKIMEDIA.ORG
Name Server: CLOUD-NS1.WIKIMEDIA.ORG
arturo@endurance:~ $ whois wmflabs.org | grep "Name Server"
Name Server: CLOUD-NS0.WIKIMEDIA.ORG
Name Server: CLOUD-NS1.WIKIMEDIA.ORG

Those should all be ns0.openstack.eqiad1.wikimediacloud.org and ns1.openstack.eqiad1.wikimediacloud.org instead. Worth investigating if there are any others domains requiring this change.

This task is a blocker for dropping the obsolete cloud-nsX.wikimedia.org FQDNs.

Related Objects
Search...

Event Timeline

aborrero triaged this task as Medium priority.Mar 18 2020, 1:12 PM
aborrero created this task.
aborrero added a comment.Mar 18 2020, 1:21 PM

Assigning to @Andrew since I think he had the latest interaction with mark monitor.

aborrero mentioned this in T247972: Cloud DNS: fix inconsistent ownership of reverse domains for openstack floating ip networks.Mar 18 2020, 1:33 PM
Andrew added a comment.EditedMar 20 2020, 8:41 PM

Do we want to add any new domains while we're at it? Or just change the auth for those three?

Andrew added a subtask: T247972: Cloud DNS: fix inconsistent ownership of reverse domains for openstack floating ip networks.Mar 25 2020, 6:35 PM
Andrew added a comment.Mar 25 2020, 6:52 PM

Proposed instructions to send to MarkMonitor:

Auth nameserver for wmflabs.org, wmcloud.org, toolforge.org

currently:

cloud-ns0.wikimedia.org  208.80.154.135

cloud-ns1.wikimedia.org  208.80.154.11

CHANGE TO:

ns0.openstack.eqiad1.wikimediacloud.org  208.80.154.135

ns1.openstack.eqiad1.wikimediacloud.org  208.80.154.11


Auth nserver for 56.15.185.in-addr.arpa:

currently:

cloud-ns0.wikimedia.org  208.80.154.135

cloud-ns1.wikimedia.org  208.80.154.11

CHANGE TO:

ns0.openstack.eqiad1.wikimediacloud.org  208.80.154.135

ns1.openstack.eqiad1.wikimediacloud.org  208.80.154.11


ADD auth nserver for 57.15.185.in-addr.arpa:

ns0.openstack.codfw1dev.wikimediacloud.org  208.80.153.76
aborrero added a comment.Mar 26 2020, 9:42 AM

LGTM!

Andrew added a comment.Mar 31 2020, 8:08 PM

@arturo, can you confirm that this bit won't overlap prod things?

ADD auth nserver for 57.15.185.in-addr.arpa:
ns0.openstack.codfw1dev.wikimediacloud.org 208.80.153.76

This is re: Krenair's comments about /24 vs /29 https://phabricator.wikimedia.org/T247972#6000296

aborrero added a comment.Apr 1 2020, 11:29 AM
In T247971#6016341, @Andrew wrote:

@arturo, can you confirm that this bit won't overlap prod things?

ADD auth nserver for 57.15.185.in-addr.arpa:
ns0.openstack.codfw1dev.wikimediacloud.org 208.80.153.76

This is re: Krenair's comments about /24 vs /29 https://phabricator.wikimedia.org/T247972#6000296

You are right:

$ dig SOA 57.15.185.in-addr.arpa +short
ns0.wikimedia.org. hostmaster.wikimedia.org. 2019120223 43200 7200 1209600 3600

This one we can leave it as is until we figure out what happens with the CIDR.

Andrew added a comment.Apr 4 2020, 12:35 AM

I have emailed the above changes to Doneva. We will see if she's currently working.

aborrero closed subtask T247972: Cloud DNS: fix inconsistent ownership of reverse domains for openstack floating ip networks as Resolved.Apr 6 2020, 5:44 PM

Update: after solving T247972: Cloud DNS: fix inconsistent ownership of reverse domains for openstack floating ip networks we need to:

ADD auth nserver for 57.15.185.in-addr.arpa:
ns0.openstack.codfw1dev.wikimediacloud.org 208.80.153.76
Andrew reopened subtask T247972: Cloud DNS: fix inconsistent ownership of reverse domains for openstack floating ip networks as Open.Apr 6 2020, 8:00 PM
Andrew closed this task as Resolved.Apr 8 2020, 2:01 PM

Markmonitor has upgraded wmflabs.org, wmcloud.org, toolforge.org

aborrero added a comment.Apr 8 2020, 2:34 PM

We also need to update all the SOA records to stop showing cloud-ns1.wikimedia.org and show ns0.openstack.eqiad1.wikimediacloud.org instead.

Andrew added a comment.Apr 8 2020, 6:01 PM

I updated the designate pool with designate-manage, and then finally had to just remove some of the ns records in the db because 'pool update' wouldn't do it:

mysql:root@localhost [designate]> select * from pool_ns_records;
+----------------------------------+---------------------+------------+---------+----------------------------------+----------+------------------------------------------+
| id                               | created_at          | updated_at | version | pool_id                          | priority | hostname                                 |
+----------------------------------+---------------------+------------+---------+----------------------------------+----------+------------------------------------------+
| 2ce238a6041f47ea9694fbf865eb3037 | 2020-03-10 18:43:14 | NULL       |       1 | 794ccc2cd75144feb57f8894c9f5c842 |       11 | cloud-ns1.wikimedia.org.                 |
| 967b85ae227344f6ab1c17210be1a0e8 | 2020-03-10 18:43:14 | NULL       |       1 | 794ccc2cd75144feb57f8894c9f5c842 |       10 | ns1.openstack.eqiad1.wikimediacloud.org. |
| ae21b35f1e19432696e05b28e7a65545 | 2020-03-10 18:43:14 | NULL       |       1 | 794ccc2cd75144feb57f8894c9f5c842 |       10 | cloud-ns0.wikimedia.org.                 |
| bdfc678fe0d54560a35c9179b0beaf75 | 2020-03-10 18:43:14 | NULL       |       1 | 794ccc2cd75144feb57f8894c9f5c842 |       10 | ns0.openstack.eqiad1.wikimediacloud.org. |
+----------------------------------+---------------------+------------+---------+----------------------------------+----------+------------------------------------------+
4 rows in set (0.00 sec)

mysql:root@localhost [designate]> delete from pool_ns_records where id="2ce238a6041f47ea9694fbf865eb3037";
Query OK, 1 row affected (0.00 sec)

mysql:root@localhost [designate]> delete from pool_ns_records where id="ae21b35f1e19432696e05b28e7a65545";
Query OK, 1 row affected (0.00 sec)
aborrero closed subtask T247972: Cloud DNS: fix inconsistent ownership of reverse domains for openstack floating ip networks as Resolved.May 25 2020, 5:19 PM
aborrero mentioned this in T346177: Certain systems failing to resolve DNS entries under toolforge.org, wmcloud.org, wmflabs.org, toolserver.org.Sep 13 2023, 12:07 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits