Hi there,
TL;DR: I brain-dumped a wiki page here:
https://wikitech.wikimedia.org/wiki/Wikimedia_Cloud_Services_team/Enhanceme…
I hope I managed to write my ideas clear enough.
Points for debate:
* ownership of designate domains (cloudinfra vs wmflabsdotorg vs admin vs ..)
* service name of designate (ns0.openstack.eqiad1.wikimediacloud.org??)
* delegations, per-project subdomains etc
* all the details about the
wmcloud.org subdomain
Hey Arturo, why this now??
I've been doing several operations to be able to set up a bastion and
puppetmaster in codfw1dev like we do in eqiad1. While at it, instead of setting
this up with the legacy domains, I step forward and have been playing with the
new domains. All this kung-fu allowed me to review the setup and identify
several points where we could introduce a bit more consistency and robustness.
The changes I've been doing in codfw1dev will eventually land in eqiad1, so
double win!
Some new stuff to try related to this follows.
* add this to your .ssh/config file:
=== 8< ===
Match user root host *.codfw1dev.wikimedia.cloud
User root
IdentityFile ~/.ssh/root_key
IdentitiesOnly yes
ForwardAgent no
ProxyCommand ssh -i ~/.ssh/root_key -a -W %h:%p
root(a)bastion-codfw1dev-01.codfw1dev.wmcloud.org
=== 8< ===
* try SSH!
user@laptop:~$ ssh
root(a)puppetmaster-01.cloudinfra-codfw1dev.codfw1dev.wikimedia.cloud
* this means we have the following 2 domains working:
- puppetmaster-01.cloudinfra-codfw1dev.codfw1dev.wikimedia.cloud
-
bastion-codfw1dev-01.codfw1dev.wmcloud.org
Comments welcome.
regards!
--
Arturo Borrero Gonzalez
SRE / Wikimedia Cloud Services
Wikimedia Foundation