[Labs-l] Volunteers wanted to opt in to a new DNS system

Andrew Bogott abogott at wikimedia.org
Fri Apr 3 17:38:21 UTC 2015

* Users of ToolLabs can ignore this email.  Labs project admins, please 
read on *

One of the weak points of the current Labs setup is our reliance on a 
single dnsmasq server for all internal labs DNS requests.  Over the last 
few weeks I've been setting up a (hopefully) more-reliable 
alternative[1] which is now ready for testing.

The easiest way to help test is to switch your bastion usage (generally 
defined in .ssh/config) to bastion3.wmflabs.org.  That bastion should 
behave identically to the others but will resolve internal labs 
addresses using the new dns server.

Additionally, I would appreciate it if a few projects would volunteer to 
be early adopters.  If you're interested in trying it out, please 
respond to this email so that I know who's trying, and then go to your 
'configure instance' pages and clear the 'use_dnsmasq' setting.  If your 
instance is using role::puppet::self, you'll also need to sign a new 
puppet cert, like this:

$ sudo puppet cert sign <hostname>.<projectname>.eqiad.wmflabs

In addition to being more reliable, the new DNS system will also support 
names that include the project name, like 
'util-abogott.testlabs.eqiad.wmflabs'.  The old naming scheme is still 
supported, but many services will be gradually moving over to the new 
scheme to avoid ambiguity between projects.

After a few weeks of testing I'll start to migrate everything to the new 
server if things look good.  Let me know how things go.



[1] The new system uses openstack-designate to create dns entries which 
are subsequently served by a powerdns server running on 

More information about the Labs-l mailing list