[Labs-announce] Public DNS and Proxy changes coming up this weekend

Andrew Bogott abogott at wikimedia.org
Mon Mar 28 18:29:32 UTC 2016


This is going fine.  There will be an unanticipated delay while we wait 
for our domain registrar to catch up with changes for the new DNS 
server; until that happens the horizon DNS gui will be disabled.  
Currently some users are using the new DNS server and some the old one; 
the data is in sync so you shouldn't notice any problems, but if you 
find something unexpectedly broken please notify me.

I predict that the upstream changes will be fully settled down in around 
48 hours, at which point I'll re-enable the proxy and DNS interfaces.


On 3/23/16 5:44 PM, Andrew Bogott wrote:
> == Executive Summary ==
> Creation of new web proxies and DNS records will be disabled over the 
> weekend; Labs and Tools will switch to a new public DNS system on 
> Monday, with possible accompanying hiccups and interruptions.
> Nothing will change for ToolLabs users, and no immediate action is 
> required on the part of tool or project maintainers.  Starting Monday, 
> however, Labs project maintainers will need to use the Horizon[1] web 
> UI to manage proxies, manage public DNS records, and assign floating 
> IPs to instances.
> Labs Project Admins:  Two-factor authentication will be required to 
> access the new Horizon interface.  Please set up 2fa now (via 
> Preferences-> User Profile on Wikitech) so that you aren't rudely 
> surprised when trying to manage Horizon during future emergencies.
> == The whole story ==
> Currently the public DNS server that resolves things under wmflabs.org 
> is running an old and creaky setup using ldap and powerdns.  These 
> domains are configured using WMF-developed features on wikitech.  Labs 
> internal dns (e.g. foo.bar.eqiad.wmflabs) is now managed by the 
> OpenStack Designate project with a more modern mysql-based powerdns 
> backend.
> There's a ready-made upstream web UI for designate[2] that is part of 
> the Horizon project.  So, we're going to standardize on Designate, 
> Horizon, and mysql/powerdns, and rip out the old ldap/pdns/wikitech 
> code[3].  Web proxy management is intimately linked with dns 
> management, so the proxy UI will also move to Horizon, thanks to a 
> custom Horizon panel written by Alex Monk.
> Timeline:
> This week:  Various web Domain and Proxy UIs will appear and disappear 
> from horizon.wikimedia.org as we put the finishing touches on the new 
> interface.  Changes made via these interfaces will have no effect on 
> public DNS before Monday; on Monday some such changes may persist and 
> some may be overwritten.
> Friday, 2015-03-25:  A few sidebar links on wikitech will vanish: " 
> Manage Addresses," and " Manage Web Proxies."  During the following 
> days, public DNS will be effectively frozen so that we have time to 
> safely migrate to the new setup.
> Friday (and, possibly, weekend):  DNS migration to designate, testing
> Monday, 2015-03-28, 18:00 UTC:  The public dns servers labs-ns0 and 
> labs-ns1 will be moved to point to the new DNS service.  There may be 
> brief interruptions to public DNS during the switch-over. The Horizon 
> web UI for domains and proxies will be live and available to all 
> project admins.
> [1] https://wikitech.wikimedia.org/wiki/Help:Horizon_FAQ
> [2] https://github.com/openstack/designate-dashboard
> [3] https://phabricator.wikimedia.org/T124184

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.wikimedia.org/pipermail/labs-announce/attachments/20160328/27261abe/attachment.html>

More information about the Labs-announce mailing list