Page MenuHomePhabricator
Create Task
Maniphest T376110

tofu-infra: add support for DNS zones created by wmfkeystonehook
Open, MediumPublic
Actions

Description

Traditionally, when a project is created, in wmfkeystone hook we create a number of DNS zones for that new project. These zones are considered part of the basic 'Cloud VPS' service offering. This is per our DNS policy at https://wikitech.wikimedia.org/wiki/Portal:Cloud_VPS/Admin/DNS

For example, in eqiad1:

  • <project>.eqiad1.wmcloud.org
  • <project>.wmcloud.org
  • svc.<project>.eqiad1.wikimedia.cloud

We could instead create and track the zones using tofu-infra, along with the core DNS records (NS, MX, etc), leaving the rest of the records outside of tofu-infra for local project admins to manage in whatever way they want.

Related Objects
Search...

Event Timeline

aborrero renamed this task from tofu-infra: add zone templating support to replace wmfkeystonehook to tofu-infra: add support for DNS zones created by wmfkeystonehook.Oct 1 2024, 8:53 AM
aborrero created this task.
aborrero triaged this task as Medium priority.Oct 1 2024, 9:50 AM
CodeReviewBot added a project: Patch-For-Review.Oct 3 2024, 12:25 PM

aborrero opened https://gitlab.wikimedia.org/repos/cloud/cloud-vps/tofu-infra/-/merge_requests/84

dns: track the svc.project.deploy.wikimedia.cloud zone via tofu-infra

aborrero added a comment.Fri, Oct 25, 8:54 AM

Turns out, we cannot avoid with opentofu the DNS zone transfer dancing required when creating a subdomain of a zone declared in another project (which happens with the svc.<project>.<deploy>.wikimedia.cloud subdomain, given <deploy>.wikimedia.cloud belongs to cloudinfra.

see:

taavi moved this task from Unsorted to DNS (Designate + pdns-recursor) on the Cloud-VPS board.Fri, Nov 1, 7:00 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits