<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Slight corrections to the dates,
below... all this is still happening this weekend, but this
weekend is Friday 3/25-Monday 3/28. My calendar was turned to the
wrong page :)<br>
<br>
-A<br>
<br>
<br>
On 3/23/16 5:44 PM, Andrew Bogott wrote:<br>
</div>
<blockquote cite="mid:56F31C34.4030001@wikimedia.org" type="cite">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
== Executive Summary ==<br>
<br>
Creation of new web proxies and DNS records will be disabled over
the weekend; Labs and Tools will switch to a new public DNS system
on Monday, with possible accompanying hiccups and interruptions.<br>
<br>
Nothing will change for ToolLabs users, and no immediate action is
required on the part of tool or project maintainers. Starting
Monday, however, Labs project maintainers will need to use the
Horizon[1] web UI to manage proxies, manage public DNS records,
and assign floating IPs to instances.<br>
<br>
Labs Project Admins: Two-factor authentication will be required
to access the new Horizon interface. Please set up 2fa now (via
Preferences->
<meta http-equiv="content-type" content="text/html; charset=utf-8">
User Profile on Wikitech) so that you aren't rudely surprised when
trying to manage Horizon during future emergencies. <br>
<br>
== The whole story ==<br>
<br>
Currently the public DNS server that resolves things under
wmflabs.org is running an old and creaky setup using ldap and
powerdns. These domains are configured using WMF-developed
features on wikitech. Labs internal dns (e.g.
foo.bar.eqiad.wmflabs) is now managed by the OpenStack Designate
project with a more modern mysql-based powerdns backend.<br>
<br>
There's a ready-made upstream web UI for designate[2] that is part
of the Horizon project. So, we're going to standardize on
Designate, Horizon, and mysql/powerdns, and rip out the old
ldap/pdns/wikitech code[3]. Web proxy management is intimately
linked with dns management, so the proxy UI will also move to
Horizon, thanks to a custom Horizon panel written by Alex Monk.<br>
<br>
Timeline:<br>
<br>
This week: Various web Domain and Proxy UIs will appear and
disappear from horizon.wikimedia.org as we put the finishing
touches on the new interface. Changes made via these interfaces
will have no effect on public DNS before Monday; on Monday some
such changes may persist and some may be overwritten.<br>
<br>
Friday, 2015-03-27: A few sidebar links on wikitech will vanish:
"
<meta http-equiv="content-type" content="text/html; charset=utf-8">
Manage Addresses," and "
<meta http-equiv="content-type" content="text/html; charset=utf-8">
Manage Web Proxies." During the following days, public DNS will
be effectively frozen so that we have time to safely migrate to
the new setup.<br>
<br>
Friday (and, possibly, weekend): DNS migration to designate,
testing<br>
<br>
Monday, 2015-03-30, 18:00 UTC: The public dns servers labs-ns0
and labs-ns1 will be moved to point to the new DNS service. There
may be brief interruptions to public DNS during the switch-over.
The Horizon web UI for domains and proxies will be live and
available to all project admins.<br>
<br>
<br>
<br>
[1] <a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://wikitech.wikimedia.org/wiki/Help:Horizon_FAQ">https://wikitech.wikimedia.org/wiki/Help:Horizon_FAQ</a><br>
[2] <a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://github.com/openstack/designate-dashboard">https://github.com/openstack/designate-dashboard</a><br>
[3] <a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://phabricator.wikimedia.org/T124184">https://phabricator.wikimedia.org/T124184</a><br>
</blockquote>
<br>
</body>
</html>