[Labs-l] Volunteers wanted to opt in to a new DNS system
abogott at wikimedia.org
Fri Apr 3 17:38:21 UTC 2015
* Users of ToolLabs can ignore this email. Labs project admins, please
read on *
One of the weak points of the current Labs setup is our reliance on a
single dnsmasq server for all internal labs DNS requests. Over the last
few weeks I've been setting up a (hopefully) more-reliable
alternative which is now ready for testing.
The easiest way to help test is to switch your bastion usage (generally
defined in .ssh/config) to bastion3.wmflabs.org. That bastion should
behave identically to the others but will resolve internal labs
addresses using the new dns server.
Additionally, I would appreciate it if a few projects would volunteer to
be early adopters. If you're interested in trying it out, please
respond to this email so that I know who's trying, and then go to your
'configure instance' pages and clear the 'use_dnsmasq' setting. If your
instance is using role::puppet::self, you'll also need to sign a new
puppet cert, like this:
$ sudo puppet cert sign <hostname>.<projectname>.eqiad.wmflabs
In addition to being more reliable, the new DNS system will also support
names that include the project name, like
'util-abogott.testlabs.eqiad.wmflabs'. The old naming scheme is still
supported, but many services will be gradually moving over to the new
scheme to avoid ambiguity between projects.
After a few weeks of testing I'll start to migrate everything to the new
server if things look good. Let me know how things go.
 The new system uses openstack-designate to create dns entries which
are subsequently served by a powerdns server running on
More information about the Labs-l