This page is the implementation proposal related to Wikimedia_Cloud_Services_team/EnhancementProposals/DNS_domain_usage#Resolution.

It presents a per-domain implementation details, and also deals with related servers.

For simplicity we assume only 2 openstack deployments: eqiad1 and codfw1dev. But this proposal is expected to be able to accomodate more deployments if required. Remember, not that long ago we had 4 different openstack deployments.

domains

Per-domain details.

Zone data (records) are stored and served by prod DNS servers, managed using operations/dns.git.

Zone data (records) are stored and served by Designate @ eqiad1. This domains belongs to the tools project and is completely managed in Designate (either horizon or the CLI).

The main domain (wikimedia.cloud) data is stored and served by prod DNS servers, managed using operations/dns.git. Then, a delegation exists per deployment:

• eqiad1.wikimedia.cloud: delegated to Designate @ eqiad1
• codfw1dev.wikimedia.cloud: delegated to Designate @ codfw1dev

Inside openstack, this deployment-specific domain belongs to the cloudinfra project. TODO: this is open for debate.

Then, project-specific subdomains exist and belong to each project. These subdomains are automatically created via keystone hooks:

• tools.eqiad1.wikimedia.cloud: belongs to the tools project, data served by Designate @ eqiad1
• mytest.codfw1dev.wikimedia.cloud: belongs to the mytest project, data served by Designate @ codfw1dev

Records in this project-specific subdomain are managed automatically at VM instance creation/deletion time, and otherwise with Horizon/CLI.

A special service subdomain svc might exists to hold service addresses specific to each project:

• k8s.svc.tools.eqiad1.wikimedia.cloud: FQDN endpoint for the k8s api-server.

Since these aren't floating IPs, but an alias to VM instance addr, these records are created by hand using Horizon or the CLI.

Since the bare wmcloud.org domain is assumend to reference stuff running in eqiad1, this domain is hosted by Designate @ eqiad1, and it belongs to the cloudinfra project. TODO: this is open for debate. Data in this domain is managed using Horizon and/or the CLI.

There is a also a per-deployment subdomain.

• codfw1dev.wmcloud.org: for stuff running in that deployment, domain hosted by Designate @ codfw1dev, belongs to the cloudinfra-codfw1dev project. TODO: this is open for debate.
• eqiad1.wmcloud.org. Not in use, because wmcloud.org is just a shortcut.

If project-specific subdomains are introduced, they should belong to their own projects. Example:

• database01.clouddb-services.wmcloud.org. A public proxy / floating IP for a database in the clouddb-services project in eqiad1.
• bastion-01.bastion.codfw1dev.wmcloud.org. A floatin IP for a bastion server in the bastion project in codfw1dev.

In the example above, both records would have been created by hand by the projectadmins in their corresponding projects, using Horizon or the CLI.

servers

Servers involved in this setup.

• prod servers:
  • service names: ns{0,1,2}.wikimedia.org
  • data managed using operations/dns.git in coordination with the main SRE team.

• Designate @ eqiad1: running in cloudservices100X.wikimedia.org servers.
  • current service names: cloud-ns{0,1}.wikimedia.org and cloud-recursor{0,1}.wikimedia.org
  • proposed service names: T243766 - Cloud DNS: proposal for new DNS service names: ns{0,1}.openstack.eqiad1.wikimediacloud.org and ns-recursor{0,1}.openstack.eqiad1.wikimediacloud.org.
  • data managed using the openstack CLI or Horizon.

• Designate @ codfw1dev: running in cloudservices200X.dev.wikimedia.org servers.
  • current service names: codfw1dev-ns{0,1}.wikimedia.org and codfw1dev-recursor{0,1}.wikimedia.org
  • proposed service names: T243766 - Cloud DNS: proposal for new DNS service names: ns{0,1}.openstack.codfw1dev.wikimediacloud.org and ns-recursor{0,1}.openstack.codfw1dev.wikimediacloud.org.
  • data managed using the openstack CLI or Horizon.