Page MenuHomePhabricator
Create Task
Maniphest T266331

Cloud: define relationship between wikimediacloud.org domain, CIDR prefixes and netbox automation
Open, MediumPublic
Actions

Description

This task is to define some potentially weird data status on the wikimediacloud.org domain.

It might contains mixed data from inside the cloud realm and prod realm, not making it very clear where is the boundary regarding DNS data hosting and administration.

Example:

arturo@endurance:~ $ host 185.15.56.1
1.56.15.185.in-addr.arpa domain name pointer nat.openstack.eqiad1.wikimediacloud.org.
arturo@endurance:~ $ host 185.15.56.2
2.56.15.185.in-addr.arpa domain name pointer pooltest.testlabs.wmflabs.org.
2.56.15.185.in-addr.arpa domain name pointer aliastest.testlabs.wmflabs.org.
2.56.15.185.in-addr.arpa domain name pointer abogott-test.testlabs.wmflabs.org.
2.56.15.185.in-addr.arpa domain name pointer gtirloni-stretch-01.testlabs.wmflabs.org.
2.56.15.185.in-addr.arpa domain name pointer dnstest.testlabs.wmflabs.org.

In the example above, the CIDR 185.15.56.0/25 (https://netbox.wikimedia.org/ipam/prefixes/2/) contains data from both operations/dns.git and designate @ eqiad1.

Additional context:

Related Objects

Event Timeline

aborrero created this task.Oct 23 2020, 11:56 AM
Restricted Application added projects: SRE, Traffic. · View Herald TranscriptOct 23 2020, 11:56 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
aborrero triaged this task as Medium priority.Oct 23 2020, 11:57 AM
aborrero moved this task from Inbox to Needs discussion on the cloud-services-team (Kanban) board.
Marostegui moved this task from Backlog to Acknowledged on the SRE board.Oct 23 2020, 11:57 AM
aborrero moved this task from Needs discussion to Soon! on the cloud-services-team (Kanban) board.Nov 4 2020, 4:15 PM
nskaggs added a subscriber: faidon.Nov 5 2020, 9:38 PM

I was able to discuss this with @faidon briefly. I'll summarize the discussion below.

Note, while this summary may feel authoritative or provide answers, that's not my intent. I would appreciate clarity that we've thought about the right questions this ticket is highlighting.

What's in scope for netbox automation?

  • cloudservices *hosts*, cloudcontrol, cloudvirt, etc. are servers in the production realm and use domains under .eqiad.wmnet, .wikimedia.org etc. and are in scope of the netbox automation project
  • cloudservices *VPS*, are in the "labs" realm, in separate domains, and out of scope for netbox automation. This includes wikimediacloud.org

Where should DNS allocation of 185.15.56.0/25 be?

  • Keep the entire address space in the "labs" realm, and DNS allocation should stay in realm as well accordingly

How should we handle wikimediacloud.org?

  • Have a separate service IP (not tied to a specific box), in the 208.80.152.0/22 space, with matching A+PTRs under wikimedia.org

And an open question; Are there potential mismatched records today? How is this intended to work?

$ host cloudservices1003.wikimedia.org
cloudservices1003.wikimedia.org has address 208.80.154.135

$ host ns0.openstack.eqiad1.wikimediacloud.org
ns0.openstack.eqiad1.wikimediacloud.org has address 208.80.154.135

$ dig -x 208.80.154.135
135.154.80.208.in-addr.arpa. 3599 IN	PTR	cloudservices1003.wikimedia.org.
aborrero mentioned this in T267376: Set up IP addresses for the new wiki replicas setup.Nov 6 2020, 10:54 AM
Aklapper added a project: Infrastructure-Foundations.Jun 21 2021, 8:59 PM
BBlack removed a project: Traffic.Oct 8 2021, 6:35 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL