<div dir="ltr">Hello,<br><div class="gmail_extra"><br><div class="gmail_quote">On 23 March 2016 at 23:44, Andrew Bogott <span dir="ltr"><<a href="mailto:abogott@wikimedia.org" target="_blank">abogott@wikimedia.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
== Executive Summary ==<br>
<br>
Creation of new web proxies and DNS records will be disabled over
the weekend; Labs and Tools will switch to a new public DNS system
on Monday, with possible accompanying hiccups and interruptions.<br>
<br>
Nothing will change for ToolLabs users, and no immediate action is
required on the part of tool or project maintainers. Starting
Monday, however, Labs project maintainers will need to use the
Horizon[1] web UI to manage proxies, manage public DNS records, and
assign floating IPs to instances.<br>
<br>
Labs Project Admins: Two-factor authentication will be required to
access the new Horizon interface. Please set up 2fa now (via
Preferences->
User Profile on Wikitech) so that you aren't rudely surprised when
trying to manage Horizon during future emergencies. <br></div></blockquote><div><br></div><div>I've set up 2FA successfully and I can now log in to <a href="http://horizon.wikimedia.org">horizon.wikimedia.org</a>, but I can't log in any more on wikitech :/ Neither my password nor the provided 6-code digit work. Whatever I type in there I'm getting "The two-factor authentication token provided was invalid.". Is this a known issue? Or am I doing something wrong?</div><div><br></div><div>Cheers,</div><div>Marko</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000">
<br>
== The whole story ==<br>
<br>
Currently the public DNS server that resolves things under
<a href="http://wmflabs.org" target="_blank">wmflabs.org</a> is running an old and creaky setup using ldap and
powerdns. These domains are configured using WMF-developed features
on wikitech. Labs internal dns (e.g. foo.bar.eqiad.wmflabs) is now
managed by the OpenStack Designate project with a more modern
mysql-based powerdns backend.<br>
<br>
There's a ready-made upstream web UI for designate[2] that is part
of the Horizon project. So, we're going to standardize on
Designate, Horizon, and mysql/powerdns, and rip out the old
ldap/pdns/wikitech code[3]. Web proxy management is intimately
linked with dns management, so the proxy UI will also move to
Horizon, thanks to a custom Horizon panel written by Alex Monk.<br>
<br>
Timeline:<br>
<br>
This week: Various web Domain and Proxy UIs will appear and
disappear from <a href="http://horizon.wikimedia.org" target="_blank">horizon.wikimedia.org</a> as we put the finishing touches
on the new interface. Changes made via these interfaces will have
no effect on public DNS before Monday; on Monday some such changes
may persist and some may be overwritten.<br>
<br>
Friday, 2015-03-27: A few sidebar links on wikitech will vanish: "
Manage Addresses," and "
Manage Web Proxies." During the following days, public DNS will be
effectively frozen so that we have time to safely migrate to the new
setup.<br>
<br>
Friday (and, possibly, weekend): DNS migration to designate,
testing<br>
<br>
Monday, 2015-03-30, 18:00 UTC: The public dns servers labs-ns0 and
labs-ns1 will be moved to point to the new DNS service. There may
be brief interruptions to public DNS during the switch-over. The
Horizon web UI for domains and proxies will be live and available to
all project admins.<br>
<br>
<br>
<br>
[1] <a href="https://wikitech.wikimedia.org/wiki/Help:Horizon_FAQ" target="_blank">https://wikitech.wikimedia.org/wiki/Help:Horizon_FAQ</a><br>
[2] <a href="https://github.com/openstack/designate-dashboard" target="_blank">https://github.com/openstack/designate-dashboard</a><br>
[3] <a href="https://phabricator.wikimedia.org/T124184" target="_blank">https://phabricator.wikimedia.org/T124184</a><br>
</div>
<br>_______________________________________________<br>
Labs-announce mailing list<br>
<a href="mailto:Labs-announce@lists.wikimedia.org">Labs-announce@lists.wikimedia.org</a><br>
<a href="https://lists.wikimedia.org/mailman/listinfo/labs-announce" rel="noreferrer" target="_blank">https://lists.wikimedia.org/mailman/listinfo/labs-announce</a><br>
<br>_______________________________________________<br>
Labs-l mailing list<br>
<a href="mailto:Labs-l@lists.wikimedia.org">Labs-l@lists.wikimedia.org</a><br>
<a href="https://lists.wikimedia.org/mailman/listinfo/labs-l" rel="noreferrer" target="_blank">https://lists.wikimedia.org/mailman/listinfo/labs-l</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">Marko Obrovac, PhD<div>Senior Services Engineer</div><div>Wikimedia Foundation</div></div></div></div></div></div></div>
</div></div>