[Labs-announce] Finished: Public DNS and Proxy changes coming up this weekend

Andrew Bogott abogott at wikimedia.org
Wed Mar 30 21:12:17 UTC 2016 

This transition is done, and things should be working properly now.

There were a few minutes of unpleasantness earlier today when some 
upstream DNS servers disagreed about who was in charge of wmflabs.org, 
but everything is settled down now, and all the upstream caches should 
be up-to-date.

We've enabled the Horizon DNS and proxy GUIs and tested them a bit.  A 
more complete 'introduction to Horizon' email will follow shortly.

-Andrew


On 3/28/16 1:29 PM, Andrew Bogott wrote:
> Update:
>
> This is going fine.  There will be an unanticipated delay while we 
> wait for our domain registrar to catch up with changes for the new DNS 
> server; until that happens the horizon DNS gui will be disabled.  
> Currently some users are using the new DNS server and some the old 
> one; the data is in sync so you shouldn't notice any problems, but if 
> you find something unexpectedly broken please notify me.
>
> I predict that the upstream changes will be fully settled down in 
> around 48 hours, at which point I'll re-enable the proxy and DNS 
> interfaces.
>
> -Andrew
>
>
> On 3/23/16 5:44 PM, Andrew Bogott wrote:
>> == Executive Summary ==
>>
>> Creation of new web proxies and DNS records will be disabled over the 
>> weekend; Labs and Tools will switch to a new public DNS system on 
>> Monday, with possible accompanying hiccups and interruptions.
>>
>> Nothing will change for ToolLabs users, and no immediate action is 
>> required on the part of tool or project maintainers. Starting Monday, 
>> however, Labs project maintainers will need to use the Horizon[1] web 
>> UI to manage proxies, manage public DNS records, and assign floating 
>> IPs to instances.
>>
>> Labs Project Admins:  Two-factor authentication will be required to 
>> access the new Horizon interface.  Please set up 2fa now (via 
>> Preferences-> User Profile on Wikitech) so that you aren't rudely 
>> surprised when trying to manage Horizon during future emergencies.
>>
>> == The whole story ==
>>
>> Currently the public DNS server that resolves things under 
>> wmflabs.org is running an old and creaky setup using ldap and 
>> powerdns.  These domains are configured using WMF-developed features 
>> on wikitech.  Labs internal dns (e.g. foo.bar.eqiad.wmflabs) is now 
>> managed by the OpenStack Designate project with a more modern 
>> mysql-based powerdns backend.
>>
>> There's a ready-made upstream web UI for designate[2] that is part of 
>> the Horizon project.  So, we're going to standardize on Designate, 
>> Horizon, and mysql/powerdns, and rip out the old ldap/pdns/wikitech 
>> code[3].  Web proxy management is intimately linked with dns 
>> management, so the proxy UI will also move to Horizon, thanks to a 
>> custom Horizon panel written by Alex Monk.
>>
>> Timeline:
>>
>> This week:  Various web Domain and Proxy UIs will appear and 
>> disappear from horizon.wikimedia.org as we put the finishing touches 
>> on the new interface.  Changes made via these interfaces will have no 
>> effect on public DNS before Monday; on Monday some such changes may 
>> persist and some may be overwritten.
>>
>> Friday, 2015-03-25:  A few sidebar links on wikitech will vanish:  " 
>> Manage Addresses," and " Manage Web Proxies."  During the following 
>> days, public DNS will be effectively frozen so that we have time to 
>> safely migrate to the new setup.
>>
>> Friday (and, possibly, weekend):  DNS migration to designate, testing
>>
>> Monday, 2015-03-28, 18:00 UTC:  The public dns servers labs-ns0 and 
>> labs-ns1 will be moved to point to the new DNS service. There may be 
>> brief interruptions to public DNS during the switch-over.  The 
>> Horizon web UI for domains and proxies will be live and available to 
>> all project admins.
>>
>>
>>
>> [1] https://wikitech.wikimedia.org/wiki/Help:Horizon_FAQ
>> [2] https://github.com/openstack/designate-dashboard
>> [3] https://phabricator.wikimedia.org/T124184
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.wikimedia.org/pipermail/labs-announce/attachments/20160330/38b2ec23/attachment.html>

More information about the Labs-announce mailing list