Page MenuHomePhabricator

Add systemd-level service bindings for Wikimedia DNS
Closed, ResolvedPublic

Description

Our Wikimedia DNS does not currently use any systemd-level service bindings but it should so that systemd can handle the various service dependencies automatically without us having to worry/bother about them.

For a more detailed explanation and given Wikimedia DNS' anycast-based setup: bird should not advertise any Wikimedia DNS prefixes if anycast-hc is not running, anycast-hc should not be running if dnsdist isn't running, and given that dnsdist doesn't perform any recursive functions by itself, dnsdist should depend on pdns-recursor running. (dnsdist has its own cache but that's about it.)

The only such bindings we have so far are on the doh* hosts:

bird.service:
  After=anycast-healthchecker.service
  BindsTo=anycast-healthchecker.service

We need to expand this for all the other services too:

anycast-hc.service: dnsdist.service, pdns-recursor.service

Event Timeline

ssingh added a subscriber: BCornwall.

Change 920794 had a related patch set uploaded (by BCornwall; author: BCornwall):

[operations/puppet@production] wikidough: bind hc to pdns-recursor and dnsdist

https://gerrit.wikimedia.org/r/920794

Mentioned in SAL (#wikimedia-operations) [2023-06-26T14:30:09Z] <sukhe> rolling out CR 922514 to A:wikidough (-s1 -b30): T336792

Mentioned in SAL (#wikimedia-operations) [2023-06-26T14:37:22Z] <sukhe> rolling out CR 922514 to A:dns-auth: T336792

Mentioned in SAL (#wikimedia-operations) [2023-06-26T14:40:56Z] <sukhe> rolling out CR 922514 to A:durum: T336792

ssingh claimed this task.
sukhe@doh1001:~$ systemctl show anycast-healthchecker.service | grep -i pdns
BindsTo=dnsdist.service pdns-recursor.service
After=sysinit.target basic.target dnsdist.service network.target systemd-journald.socket pdns-recursor.service system.slice

Change 920794 abandoned by Ssingh:

[operations/puppet@production] wikidough: bind hc to pdns-recursor and dnsdist

Reason:

https://gerrit.wikimedia.org/r/920794