You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

DNS/Netbox: Difference between revisions

From Wikitech-static
< DNS
Jump to navigation Jump to search
imported>Volans
m (Add category)
 
imported>Volans
m (→‎Transition: Add reference to the Netbox script)
Line 7: Line 7:
* When compiling the <code>gdnsd</code> final zones, the Netbox data is copied into <code>/etc/gdnsd/zones/netbox</code> for later inclusion.
* When compiling the <code>gdnsd</code> final zones, the Netbox data is copied into <code>/etc/gdnsd/zones/netbox</code> for later inclusion.
* In the actual zonefiles, within an <code>$ORIGIN</code>, the related snippet file is included using the <code>$INCLUDE</code> directive.
* In the actual zonefiles, within an <code>$ORIGIN</code>, the related snippet file is included using the <code>$INCLUDE</code> directive.
== DNS records involved ==
* Management forward (<code>A</code>) and reverse (<code>PTR</code>) records for both the hostname (<code>foo.mgmt.eqiad.wmnet</code>) and the asset tag (<code>wmf1234.mgmt.eqiad.wmnet</code>)
* Primary IPv4 (<code>A</code>) and IPv6 (<code>AAAA</code>) and related reverse (<code>PTR</code>) records for the hostname (<code>foo.eqiad.wmnet</code> or <code>foo.wikimedia.org</code>)
=== Active ===
* NONE
=== To be migrated ===
* Management in <code>ulsfo</code>
* Management in <code>eqsin</code>
* Management in <code>esams</code>
* Management <code>frack</code> in <code>codfw</code>
* Management <code>frack</code> in <code>eqiad</code>
* Management in <code>codfw</code>
* Management in <code>eqiad</code>
* Primary IPv4/6 in <code>ulsfo</code>
* Primary IPv4/6 in <code>eqsin</code>
* Primary IPv4/6 in <code>esams</code>
* Primary <code>frack</code> IPv4/6 in <code>codfw</code>
* Primary <code>frack</code> IPv4/6 in <code>eqiad</code>
* Primary IPv4/6 in <code>codfw</code>
* Primary IPv4/6 in <code>eqiad</code>


== Operations ==
== Operations ==


=== Update generated records ===
=== Update generated records ===
To update the dynamically generated records based on the current Netbox data and '''deploy''' them to all the authoritative DNS servers, the <code>sre.dns.netbox</code> cookbook must be run. See also [[Cookbooks#Cookbook_Operations]].
To update the dynamically generated records based on the current Netbox data and '''deploy''' them to all the authoritative DNS servers, the <code>sre.dns.netbox</code> cookbook must be run. See also [[Cookbooks#Cookbook_Operations]]. For example:
 
  sudo cookbook sre.dns.netbox -t T12345 "Add newly racked cp hosts in eqiad"


=== Convert an hardcoded $ORIGIN to Netbox ===
=== Convert an hardcoded $ORIGIN to Netbox ===
This is an [https://gerrit.wikimedia.org/r/c/operations/dns/+/585545 example patch] to convert an hardcoded <code>$ORIGIN</code> to the dynamically generated data.
This is an [https://gerrit.wikimedia.org/r/c/operations/dns/+/585545 example patch] to convert an hardcoded <code>$ORIGIN</code> to the dynamically generated data.
== Transition ==
The records involved in the transition from hardcoded records to the Netbox driven ones and the order of the transition is listed above, see the [[DNS/Netbox#To_be_migrated|To be migrated]] section.
Here's an [https://gerrit.wikimedia.org/r/c/operations/dns/+/585545 example patch] of the transition of management records for <code>ulsfo</code>.
==== What changes ====
Once we start the transition '''all new management records''' must be created using the [https://netbox.wikimedia.org/extras/scripts/interface_automation/CreateManagementInterface/ Create Management Interface] Netbox script.
It can be reached from Netbox menu <code>Other -> Scripts</code>.
Fill the required parameters and run it. To test it, it can also be run in dry-run mode.
A similar one will be provided before we start transitioning any primary IP record.
Once a category of records has been migrated those are the differences from the previous system:
* No more changes to the <code>operations/dns</code> git repository are needed
* Update Netbox data
* Run the <code>sre.dns.netbox</code> cookbook, see above the [[DNS/Netbox#Update_generated_records|Update generated records]] section


[[Category:Wikimedia infrastructure]]
[[Category:Wikimedia infrastructure]]

Revision as of 11:00, 15 April 2020

Part of the DNS records are or will soon be automatically generated from data that resides in Netbox.

Infrastructure

  • Netbox data is exported via Netbox#DNS.
  • Netbox data is checked out on the authoritative DNS servers in /srv/git/netbox_dns_snippets.
  • When compiling the gdnsd final zones, the Netbox data is copied into /etc/gdnsd/zones/netbox for later inclusion.
  • In the actual zonefiles, within an $ORIGIN, the related snippet file is included using the $INCLUDE directive.

DNS records involved

  • Management forward (A) and reverse (PTR) records for both the hostname (foo.mgmt.eqiad.wmnet) and the asset tag (wmf1234.mgmt.eqiad.wmnet)
  • Primary IPv4 (A) and IPv6 (AAAA) and related reverse (PTR) records for the hostname (foo.eqiad.wmnet or foo.wikimedia.org)

Active

  • NONE

To be migrated

  • Management in ulsfo
  • Management in eqsin
  • Management in esams
  • Management frack in codfw
  • Management frack in eqiad
  • Management in codfw
  • Management in eqiad
  • Primary IPv4/6 in ulsfo
  • Primary IPv4/6 in eqsin
  • Primary IPv4/6 in esams
  • Primary frack IPv4/6 in codfw
  • Primary frack IPv4/6 in eqiad
  • Primary IPv4/6 in codfw
  • Primary IPv4/6 in eqiad

Operations

Update generated records

To update the dynamically generated records based on the current Netbox data and deploy them to all the authoritative DNS servers, the sre.dns.netbox cookbook must be run. See also Cookbooks#Cookbook_Operations. For example:

 sudo cookbook sre.dns.netbox -t T12345 "Add newly racked cp hosts in eqiad"

Convert an hardcoded $ORIGIN to Netbox

This is an example patch to convert an hardcoded $ORIGIN to the dynamically generated data.

Transition

The records involved in the transition from hardcoded records to the Netbox driven ones and the order of the transition is listed above, see the To be migrated section.

Here's an example patch of the transition of management records for ulsfo.

What changes

Once we start the transition all new management records must be created using the Create Management Interface Netbox script.

It can be reached from Netbox menu Other -> Scripts.

Fill the required parameters and run it. To test it, it can also be run in dry-run mode.

A similar one will be provided before we start transitioning any primary IP record.


Once a category of records has been migrated those are the differences from the previous system:

  • No more changes to the operations/dns git repository are needed
  • Update Netbox data
  • Run the sre.dns.netbox cookbook, see above the Update generated records section