Last modified: 2014-09-02 10:33:21 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T59834, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 57834 - provide bastion redundancy via DNS round robin
provide bastion redundancy via DNS round robin
Status: NEW
Product: Wikimedia Labs
Classification: Unclassified
Infrastructure (Other open bugs)
unspecified
All All
: Unprioritized enhancement
: ---
Assigned To: Andrew Bogott
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-12-02 12:11 UTC by Antoine "hashar" Musso (WMF)
Modified: 2014-09-02 10:33 UTC (History)
3 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Antoine "hashar" Musso (WMF) 2013-12-02 12:11:56 UTC 
The labs project has three instances we can connect to:

bastion1  208.80.153.207
bastion2  208.80.153.203
bastion3  208.80.153.202

They each have a DNS entry in wmflabs.org.

I have setup my ssh ProxyCommand to point to bastion.wmflabs.org expecting it to pick up one of the bastions. Unfortunately the DNS A record points to 208.80.153.207 (bastion1). Whenever that instance is dead I have to update my ProxyCommand manually.


We could make bastion.wmflabs.org a round robin DNS entry that would distribute incoming connections to the different bastion instances. To do so:

- bastion.wmflabs.org should have three A entries
- the DNS server needs to be configured to yield the entry using round robin (aka change order on each DNS request).
- all three bastions need to share the same SSH host key
Comment 1 Antoine "hashar" Musso (WMF) 2014-02-24 11:51:26 UTC 
Note that bastion1 is missing a DNS entry (bastion1.wmflabs.org) which is bug 60894
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links