Given the conversation on this patch, it would be helpful to harmonize the way we manage Gerrit DNS records across instances. All instances could be moved behind CDN as well (?)
Description
Description
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Open | None | T407557 OpenSSH 10.1+ warns that Wikimedia SSH does not use post-quantum key exchange algorithm | |||
| Open | None | T407844 Gerrit ssh daemon does not offer post-quantum kex leading to a warning with OpenSSH 10 | |||
| Restricted Task | |||||
| Open | None | T392448 Upgrade to Gerrit 3.12 | |||
| Open | None | T379714 Upgrade to Gerrit 3.11 | |||
| Open | None | T392465 Switch Gerrit from Java 17 to Java 21 | |||
| Open | None | T384595 Upgrade Collab hosts to Bookworm | |||
| Resolved | ABran-WMF | T392464 Upgrade Gerrit hosts from Bullseye to Bookworm | |||
| Open | None | T387831 Standardize failover procedures for Collab services | |||
| Resolved | None | T393239 ProbeDown | |||
| Resolved | ABran-WMF | T387833 Gerrit switchover process | |||
| Resolved | ABran-WMF | T417279 Harmonize DNS on all gerrit instances |
Event Timeline
Comment Actions
I was about to open a task to move the gerrit replica and spare instance also behind the CDN. This reduces the infrastructure complexity (like the problem state in https://gerrit.wikimedia.org/r/c/operations/dns/+/1238708/comments/611196ca_6c6dc3ce ) and make all instances as equal as possible.
So +1 for the harmonization.
Comment Actions
I was going to say something similar on Gerrit.. I was starting to wonder if all service names (gerrit-spare, gerrit-replica) should also be load-balanced before answering the review request for the DNS change. +1