Hi there,
TL;DR: I brain-dumped a wiki page here:
https://wikitech.wikimedia.org/wiki/Wikimedia_Cloud_Services_team/Enhancemen...
I hope I managed to write my ideas clear enough.
Points for debate: * ownership of designate domains (cloudinfra vs wmflabsdotorg vs admin vs ..) * service name of designate (ns0.openstack.eqiad1.wikimediacloud.org??) * delegations, per-project subdomains etc * all the details about the wmcloud.org subdomain
Hey Arturo, why this now??
I've been doing several operations to be able to set up a bastion and puppetmaster in codfw1dev like we do in eqiad1. While at it, instead of setting this up with the legacy domains, I step forward and have been playing with the new domains. All this kung-fu allowed me to review the setup and identify several points where we could introduce a bit more consistency and robustness. The changes I've been doing in codfw1dev will eventually land in eqiad1, so double win!
Some new stuff to try related to this follows.
* add this to your .ssh/config file:
=== 8< === Match user root host *.codfw1dev.wikimedia.cloud User root IdentityFile ~/.ssh/root_key IdentitiesOnly yes ForwardAgent no ProxyCommand ssh -i ~/.ssh/root_key -a -W %h:%p root@bastion-codfw1dev-01.codfw1dev.wmcloud.org === 8< ===
* try SSH!
user@laptop:~$ ssh root@puppetmaster-01.cloudinfra-codfw1dev.codfw1dev.wikimedia.cloud
* this means we have the following 2 domains working: - puppetmaster-01.cloudinfra-codfw1dev.codfw1dev.wikimedia.cloud - bastion-codfw1dev-01.codfw1dev.wmcloud.org
Comments welcome.
regards!