Page MenuHomePhabricator
Create Task
Maniphest T253173

Some clusters do not have DNS for IPv6 addresses (TRACKING TASK)
Open, MediumPublic
Actions

Description

As part of our ongoing effort to import DNS data into Netbox for automation, we have done a procedure to identify hosts with missing IPv6 DNS entries, with the suspicion that these are potentially sources of problems.

The procedure to produce this data was to look at the PuppetDB networking key for the host and select the "primary" IP address for the host, and do a DNS lookup for the FQDN for the host to check for a AAAA record, and report on any missing ones.

Below is a list of the machines (not VMs) without IPv6 DNS grouped by responsible team:

Foundations:

  • kafka-main[2001-2005].codfw.wmnet

Observability:

  • centrallog2001.codfw.wmnet
  • centrallog1001.eqiad.wmnet
  • graphite2003.codfw.wmnet
  • graphite1004.eqiad.wmnet
  • logstash[2001-2003,2026-2029].codfw.wmnet
  • logstash[1010-1012,1026-1029].eqiad.wmnet
  • mwlog2001.codfw.wmnet
  • mwlog1001.eqiad.wmnet

WMCS:

  • cloudbackup[2001-2002].codfw.wmnet
  • cloudnet2003-dev.codfw.wmnet
  • cloudvirt[2001-2003]-dev.codfw.wmnet
  • cloudvirt[1001-1009,1012-1018,1023-1030].eqiad.wmnet
  • cloudvirt-wdqs[1001-1003].eqiad.wmnet
  • labsdb[1009-1012].eqiad.wmnet
  • labtestvirt2003.codfw.wmnet
  • dbproxy[2001-2004].codfw.wmnet
  • dbproxy[1003,1008,1012-1021].eqiad.wmnet
  • dbstore[1003-1005].eqiad.wmnet

Data Persistence:

  • ms-be[2016-2056].codfw.wmnet - can support
  • ms-be[1016-1026,1028-1059].eqiad.wmnet
  • ms-fe[2005-2008].codfw.wmnet
  • ms-fe[1005-1008].eqiad.wmnet

Serviceops:

Search:

  • elastic[2025-2060].codfw.wmnet
  • elastic[1032-1067].eqiad.wmnet
  • relforge[1001-1002].eqiad.wmnet
  • wdqs[2001-2008].codfw.wmnet
  • wdqs[1004-1013].eqiad.wmnet

???:

  • es[2011-2025].codfw.wmnet
  • es[1015-1025].eqiad.wmnet
  • maps[2001-2004].codfw.wmnet
  • maps[1001-1004].eqiad.wmnet

Fixed, will not proceed, or removed:

  • flerovium.eqiad.wmnet
  • francium.eqiad.wmnet
  • furud.codfw.wmnet
  • heze.codfw.wmnet - being deprecated
  • kafka-jumbo[1007-1009].eqiad.wmnet - ipv6 names these are done https://phabricator.wikimedia.org/T185262 verified in netbox
  • labstore[1004-1005].eqiad.wmnet - ipv6 names verified in netbox
  • mw[2135-2147,2150-2212,2214,2256] - machines offline
  • puppetmaster2003.codfw.wmnet
  • sretest[1001-1002].eqiad.wmnet
  • stat1008.eqiad.wmnet
  • thanos-be[2001-2004].codfw.wmnet - ipv6 names verified in netbox
  • theemin.codfw.wmnet
  • tungsten.eqiad.wmnet

Traffic:

  • lvs[2007-2010].codfw.wmnet
  • lvs[1013-1016].eqiad.wmnet
  • lvs[4005-4007].ulsfo.wmnet

Foundations:

  • auth2001.codfw.wmnet
  • auth1002.eqiad.wmnet
  • ganeti[2001-2024].codfw.wmnet - waiting for upgrade to buster
  • ganeti[1001-1022].eqiad.wmnet
  • ganeti[4001-4003].ulsfo.wmnet
  • ping1001
  • ping2001
  • ping3001

Analytics:

  • an-druid[1001-1002].eqiad.wmnet
  • druid[1007-1008].eqiad.wmnet
  • notebook[1003-1004].eqiad.wmnet (removed)

Machine learning:

  • ores[2001-2009].codfw.wmnet - will be replaced soon
  • ores[1001-1009].eqiad.wmnet
  • oresrdb2002.codfw.wmnet - removed
  • oresrdb[1001-1002].eqiad.wmnet

Serviceops:

  • kubernetes[1007-1014].eqiad.wmnet
  • mc[2019-2036].codfw.wmnet
  • mc[1019-1036].eqiad.wmnet
  • mc-gp[2001-2003].codfw.wmnet
  • mc-gp[1001-1003].eqiad.wmnet
  • mw[2215-2334,2350-2254,2257-2376].codfw.wmnet
  • mw[1261-1279,1281-1290,1293-1413].eqiad.wmnet
  • parse[2001-2020].codfw.wmnet
  • restbase[2009-2023].codfw.wmnet
  • restbase[1016-1030].eqiad.wmnet
  • restbase-dev[1004-1006].eqiad.wmnet
  • scb[2001-2006].codfw.wmnet
  • scb[1001-1004].eqiad.wmnet
  • sessionstore[2001-2003].codfw.wmnet
  • sessionstore[1001-1003].eqiad.wmnet
  • thumbor[2001-2004].codfw.wmnet
  • thumbor[1001-1004].eqiad.wmnet
  • wtp[2001-2020].codfw.wmnet
  • wtp[1025-1048].eqiad.wmnet
  • rdb[2003-2006].codfw.wmnet
  • rdb[1005-1006,1009-1010].eqiad.wmnet
  • scandium.eqiad.wmnet

Data Persistence:

  • db[2071-2140].codfw.wmnet - these are blocked by T270101 and won't be pursued now.
  • db[1074-1139,1141-1149].eqiad.wmnet - as above
  • dbprov[2001-2002].codfw.wmnet - as above
  • dbprov[1001-1002].eqiad.wmnet
  • pc[2007-2010].codfw.wmnet
  • pc[1007-1010].eqiad.wmnet

Details

SubjectRepoBranchLines +/-
profile/manifests/dumps: enable ipv6 drop ferm rule for 443operations/puppetproduction+2 -6
AAAA: for flerovium and furudoperations/dnsmaster+4 -1
sretest: add AAAA recordsoperations/dnsmaster+5 -1
mongodb: enable ipv6operations/puppetproduction+5 -4
theemin.codfw.wmnet: add AAAAoperations/dnsmaster+3 -0
puppetmaster2003: add AAAAoperations/dnsmaster+3 -0
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT253173 Some clusters do not have DNS for IPv6 addresses (TRACKING TASK)
 OpenNoneT253986 update bacula-sd config so that it listens on IPv6
 Resolved crusnovT271133 Some Analytics clusters apparently do not support IPv6
 DeclinedNoneT271134 Some Machine Learning clusters do not support IPv6
 OpenMoritzMuehlenhoffT271136 Some Foundation clusters do not appear to support IPv6
 OpenMoritzMuehlenhoffT379890 Enable ipv6 on ganeti2019-ganeti2024
 ResolvedfgiunchediT271138 Some Observability clusters do not support IPv6.
 OpenNoneT271139 Some WMCS clusters apparently do not support IPv6
 OpenNoneT271140 Some Data Persistence clusters apparently do not support IPv6
 OpenNoneT270101 Grants not working with DB hosts with to ipv6
 ResolvedakosiarisT271142 Some Service Operations clusters apparently do not support IPv6
 ResolvedbkingT271143 Some elastic hosts do not have IPv6 DNS records
 ResolvedBCornwallT271144 Some Traffic clusters apparently do not support IPv6
 Resolved crusnovT271148 Some Data Persistence Backup clusters apparently do not support IPv6
 ResolvedbrouberolT312555 Some Search clusters have inconsistent AAAA DNS records for the primary IPv6 of the hosts
 OpenNoneT312556 Some Core Platform clusters have inconsistent AAAA DNS records for the primary IPv6 of the hosts
 ResolvedVolansT312557 Some WMCS clusters have inconsistent AAAA DNS records for the primary IPv6 of the hosts
 OpenNoneT369308 Decommission clouddb2002-dev.codfw.wmnet
 OpenNoneT378260 Retire labtestwiki
 DeclinedNoneT380254 The mwdebug cluster has inconsistent AAAA DNS records for the primary IPv6 of the hosts
 OpenMoritzMuehlenhoffT380256 The maps cluster is missing AAAA DNS records for the primary IPv6 of the hosts

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
MoritzMuehlenhoff subscribed.May 29 2020, 9:34 PM
gerritbot added a comment.Jun 1 2020, 9:48 AM

Change 599779 merged by Jbond:
[operations/dns@master] AAAA: for flerovium and furud

https://gerrit.wikimedia.org/r/599779

jbond updated the task description. (Show Details)Jun 1 2020, 9:49 AM
gerritbot added a comment.Jun 1 2020, 9:51 AM

Change 599783 merged by Jbond:
[operations/puppet@production] profile/manifests/dumps: enable ipv6 drop ferm rule for 443

https://gerrit.wikimedia.org/r/599783

Maintenance_bot removed a project: Patch-For-Review.Jun 1 2020, 10:10 AM
jbond updated the task description. (Show Details)Jun 1 2020, 11:46 AM
jbond moved this task from Unsorted 💣 to Friday tasks on the User-jbond board.Jun 2 2020, 2:24 PM
Dzahn updated the task description. (Show Details)Aug 20 2020, 11:25 PM
Dzahn subscribed.

tungsten has been decom'ed today. checked the box because it's gone

Volans updated the task description. (Show Details)Oct 1 2020, 7:07 AM
ayounsi subscribed.EditedOct 19 2020, 1:50 PM

@jbond now that everything is in Netbox, would it make sens to have a Netbox report that shows the hosts that have a primary v4 IP and primary v6 without DNS name? Eventually grouping them by prefix (types).
Non-alerting of course.

Volans mentioned this in T270101: Grants not working with DB hosts with to ipv6.Dec 14 2020, 2:36 PM
crusnov updated the task description. (Show Details)Dec 18 2020, 5:32 PM

I have rejiggered the list in the task description to cross-reference with responsible teams. @Dzahn @Volans could you fill in some gaps as to who is responsible for the ??? hosts? Thanks.

crusnov updated the task description. (Show Details)Dec 18 2020, 5:41 PM
crusnov updated the task description. (Show Details)Dec 18 2020, 5:51 PM
crusnov updated the task description. (Show Details)Dec 18 2020, 6:14 PM

I have gone through and checked each of the clusters and updated their status. Most have IPv6 but no DNS. Some have been fixed in the intervening time.

Dzahn added a comment.Dec 18 2020, 7:14 PM

scandium is a testing rig for parsoid, so it can move to serviceops (where parse*/wtp* servers are it belongs as well)

Dzahn updated the task description. (Show Details)Dec 18 2020, 7:14 PM

heze is a backup server (offsite), so I think that would be data persistence.

maps .. <unknown value>

crusnov updated the task description. (Show Details)Jan 4 2021, 6:21 PM
crusnov mentioned this in T271133: Some Analytics clusters apparently do not support IPv6.Jan 4 2021, 6:33 PM
crusnov mentioned this in T271134: Some Machine Learning clusters do not support IPv6.Jan 4 2021, 6:38 PM
crusnov mentioned this in T271138: Some Observability clusters do not support IPv6..Jan 4 2021, 6:45 PM
crusnov mentioned this in T271139: Some WMCS clusters apparently do not support IPv6.Jan 4 2021, 6:48 PM
crusnov mentioned this in T271140: Some Data Persistence clusters apparently do not support IPv6.Jan 4 2021, 6:51 PM
crusnov mentioned this in T271142: Some Service Operations clusters apparently do not support IPv6.Jan 4 2021, 6:55 PM
crusnov mentioned this in T271143: Some elastic hosts do not have IPv6 DNS records.Jan 4 2021, 6:59 PM
crusnov mentioned this in T271144: Some Traffic clusters apparently do not support IPv6.
Aklapper added a project: IPv6.Jan 4 2021, 7:37 PM
LSobanski mentioned this in T271148: Some Data Persistence Backup clusters apparently do not support IPv6.Jan 4 2021, 7:42 PM
LSobanski added a subtask: T271148: Some Data Persistence Backup clusters apparently do not support IPv6.
crusnov updated the task description. (Show Details)Jan 4 2021, 9:56 PM
MoritzMuehlenhoff added a comment.Jan 5 2021, 7:43 AM

Can you please add the steps needed in Netbox to make it generate a DNS record for a server which handles IPv6 fine to the task description? We use enable_ip6_mapped by default for practically all servers these days. Is this just a matter of adding of setting "DNS Name" in the interface to the FQDN and running the sre.dns.netbox cookbook or is there more to it?

Volans added a comment.Jan 5 2021, 8:46 AM
In T253173#6721846, @MoritzMuehlenhoff wrote:

Is this just a matter of adding of setting "DNS Name" in the interface to the FQDN and running the sre.dns.netbox cookbook or is there more to it?

It's exactly just that. When all the data was imported from the existing DNS into netbox, the DNS Name for IPv6 that didn't have an AAAA/PTR record were skipped to make sure to generate from Netbox the same data the manual DNS repo had.

If you do that make sure that the service is correctly configured to handle traffic on v6 (listen, ferm, grants, etc...).

ayounsi updated the task description. (Show Details)Jan 5 2021, 9:46 AM
ayounsi unsubscribed.Jan 5 2021, 9:49 AM
jbond added a subscriber: ayounsi.Jan 5 2021, 11:53 AM
In T253173#6560445, @ayounsi wrote:

@jbond now that everything is in Netbox, would it make sens to have a Netbox report that shows the hosts that have a primary v4 IP and primary v6 without DNS name? Eventually grouping them by prefix (types).
Non-alerting of course.

Sorry missed this but yes i think it would

Is this just a matter of adding of setting "DNS Name" in the interface to the FQDN and running the sre.dns.netbox cookbook or is there more to it?

Just to clarify that yes this is correct however the risk is that not all services are listening on the ipv6 addresses

ayounsi mentioned this in T222931: Netbox Reports Ideas and Requests.Jan 5 2021, 12:30 PM

Ack, added to T222931#6722271

crusnov moved this task from Discussion / Design / Consensus Making to Work in Progress / Tasks to Do on the netbox board.Jan 8 2021, 7:32 PM
akosiaris closed subtask T271134: Some Machine Learning clusters do not support IPv6 as Declined.Jan 20 2021, 11:06 AM
crusnov closed subtask T271133: Some Analytics clusters apparently do not support IPv6 as Resolved.Mar 26 2021, 11:45 PM
crusnov updated the task description. (Show Details)
crusnov updated the task description. (Show Details)
crusnov updated the task description. (Show Details)Mar 26 2021, 11:50 PM
crusnov updated the task description. (Show Details)Mar 26 2021, 11:52 PM
crusnov updated the task description. (Show Details)Mar 27 2021, 12:00 AM
crusnov closed subtask T271148: Some Data Persistence Backup clusters apparently do not support IPv6 as Resolved.Mar 27 2021, 12:02 AM
crusnov updated the task description. (Show Details)Mar 27 2021, 12:10 AM
crusnov updated the task description. (Show Details)Mar 31 2021, 3:22 PM
crusnov added a comment.Mar 31 2021, 3:28 PM

Since the maps servers are being replaced? I think? Perhaps we can cross them off for this project. Am I right in that this is happening?

elukey closed subtask T271136: Some Foundation clusters do not appear to support IPv6 as Resolved.Apr 28 2021, 7:20 AM
Aklapper added a project: Infrastructure-Foundations.Jun 21 2021, 8:59 PM
joanna_borun moved this task from Backlog to In Progress on the Infrastructure-Foundations board.Aug 9 2021, 3:44 PM
joanna_borun changed the task status from Open to In Progress.Sep 21 2021, 4:03 PM
Volans changed the task status from In Progress to Open.Dec 6 2021, 5:37 PM
Volans moved this task from In Progress to Blocked on the Infrastructure-Foundations board.
Gehel updated the task description. (Show Details)Dec 21 2021, 10:18 AM
fgiunchedi closed subtask T271138: Some Observability clusters do not support IPv6. as Declined.Mar 23 2022, 1:35 PM
ayounsi added a comment.Mar 23 2022, 1:40 PM

FYI, the full list up to date is on https://netbox.wikimedia.org/extras/reports/network.Network/

bking closed subtask T271143: Some elastic hosts do not have IPv6 DNS records as Resolved.May 17 2022, 10:24 PM
Volans reopened subtask T271143: Some elastic hosts do not have IPv6 DNS records as Open.May 18 2022, 8:28 AM
bking closed subtask T271143: Some elastic hosts do not have IPv6 DNS records as Resolved.Jun 23 2022, 1:35 PM
Volans reopened subtask T271136: Some Foundation clusters do not appear to support IPv6 as Open.Jul 5 2022, 7:56 AM
Volans reopened subtask T271138: Some Observability clusters do not support IPv6. as Open.Jul 7 2022, 2:41 PM
BCornwall closed subtask T271144: Some Traffic clusters apparently do not support IPv6 as Resolved.Jul 7 2022, 6:31 PM
BCornwall updated the task description. (Show Details)
BCornwall updated the task description. (Show Details)
Dzahn added a comment.Jul 7 2022, 9:04 PM

speaking for scandium.eqiad.wmnet. that is a parsoid test server and while used by the parsoid team, is not critical for production. imho it can just be added. the other servers listed for serviceops I'm not sure if they are actually owned by serviceops.

lmata subscribed.Aug 1 2022, 8:21 PM
colewhite closed subtask T271138: Some Observability clusters do not support IPv6. as Resolved.Sep 15 2022, 3:39 PM
fgiunchedi reopened subtask T271138: Some Observability clusters do not support IPv6. as Open.Sep 26 2022, 7:47 AM
Andrew closed subtask T312557: Some WMCS clusters have inconsistent AAAA DNS records for the primary IPv6 of the hosts as Resolved.Nov 17 2022, 9:43 PM
dcaro reopened subtask T312557: Some WMCS clusters have inconsistent AAAA DNS records for the primary IPv6 of the hosts as Stalled.Nov 24 2022, 10:31 AM
dcaro closed subtask T312557: Some WMCS clusters have inconsistent AAAA DNS records for the primary IPv6 of the hosts as Resolved.Nov 29 2022, 9:22 AM
dcaro reopened subtask T312557: Some WMCS clusters have inconsistent AAAA DNS records for the primary IPv6 of the hosts as Stalled.
joanna_borun moved this task from Blocked to Backlog on the Infrastructure-Foundations board.May 26 2023, 2:13 PM
fgiunchedi closed subtask T271138: Some Observability clusters do not support IPv6. as Resolved.Oct 18 2023, 1:38 PM
fgiunchedi updated the task description. (Show Details)
Dzahn unsubscribed.Nov 3 2023, 5:37 PM
Volans added a comment.Dec 1 2023, 5:15 PM

@MoritzMuehlenhoff I see that ganeti[2009-2024] and ganeti[1009-1022] are lacking AAAA records while the rest have it. Can we add them to the rest of the cluster?

MoritzMuehlenhoff added a comment.Dec 18 2023, 11:20 AM
In T253173#9375719, @Volans wrote:

@MoritzMuehlenhoff I see that ganeti[2009-2024] and ganeti[1009-1022] are lacking AAAA records while the rest have it. Can we add them to the rest of the cluster?

I don't see why not. Best to first start with codfw only, maybe.

ayounsi added a comment.Dec 18 2023, 11:47 AM

From sudo cumin ganeti[1009-1022].eqiad.wmnet 'ip -6 addr | grep "scope global" | grep -v dynamic (and the same in codfw).

Those hosts only have a SLAAC v6 IP: ganeti[2010,2016,2020].codfw.wmnet so the same procedure as on T353254 needs to be done first.

MoritzMuehlenhoff added a comment.Dec 19 2023, 2:57 PM
In T253173#9412420, @ayounsi wrote:

Those hosts only have a SLAAC v6 IP: ganeti[2010,2016,2020].codfw.wmnet so the same procedure as on T353254 needs to be done first.

I'll convert these in January. When that is done, we can proceed with the AAAA records.

akosiaris closed subtask T271142: Some Service Operations clusters apparently do not support IPv6 as Resolved.Jun 17 2024, 1:52 PM
akosiaris updated the task description. (Show Details)
ayounsi removed a project: netbox.Aug 6 2024, 12:53 PM
brouberol closed subtask T312555: Some Search clusters have inconsistent AAAA DNS records for the primary IPv6 of the hosts as Resolved.Aug 27 2024, 2:30 PM
Volans added a subtask: T380254: The mwdebug cluster has inconsistent AAAA DNS records for the primary IPv6 of the hosts.Tue, Nov 19, 9:28 AM
Volans closed subtask T312557: Some WMCS clusters have inconsistent AAAA DNS records for the primary IPv6 of the hosts as Resolved.Tue, Nov 19, 9:31 AM
akosiaris closed subtask T380254: The mwdebug cluster has inconsistent AAAA DNS records for the primary IPv6 of the hosts as Declined.Fri, Nov 22, 9:57 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits