private DNS

Within labs, each instance has a name like <instancename>.eqiad.wmflabs. In the future we well move to a system with names like <instancename>.<projectname>.eqiad.wmflabs.

During the transition, old-style dns entries can be imported to designate by running /root/novastats/olddnslist on virt1000, collecting the output, and feeding it to ~andrew/backfill/backfill.sh on holmium.

public DNS

Public DNS (e.g. tools-login.wmflabs.org) is currently handled by labs-ns0 and labs-ns1 running pdns with ldap. Soon this will move to a Horizon/Designate system using the new pdns server labs-ns2.

ldap dns

Labs DNS is PowerDNS, backed by ldap served by opendj.

When a new instance is created, OpenStackManager automatically makes an entry for the instance, like this:

   # i-000007b7.eqiad.wmflabs, hosts, wikimedia.org
   dn: dc=i-000007b7.eqiad.wmflabs,ou=hosts,dc=wikimedia,dc=org
   objectClass: domainrelatedobject
   objectClass: dnsdomain
   objectClass: puppetclient
   objectClass: domain
   objectClass: dcobject
   objectClass: top
   puppetVar: realm=labs
   puppetVar: instanceproject=openstack
   puppetVar: instancename=labs-bootstrapvz-jessie
   puppetClass: base
   puppetClass: role::labs::instance
   puppetClass: labs_bootstrapvz
   l: eqiad
   associatedDomain: i-000007b7.eqiad.wmflabs
   associatedDomain: labs-bootstrapvz-jessie.eqiad.wmflabs
   dc: i-000007b7.eqiad.wmflabs
   aRecord: 10.68.16.107

Note that the private DNS record in ldap is generally unused, the result of an aborted earlier attempt to move away from dnsmasq.

When floating IPs are allocated and assigned, OpenStackManager creates something like this:

   # 208.80.155.129, hosts, wikimedia.org
   dn: dc=208.80.155.129,ou=hosts,dc=wikimedia,dc=org
   objectClass: domainrelatedobject
   objectClass: dnsdomain
   objectClass: domain
   objectClass: dcobject
   objectClass: top
   associatedDomain: bastion-eqiad.wmflabs.org
   associatedDomain: bastion1-eqiad.wmflabs.org
   associatedDomain: bastion.wmflabs.org
   associatedDomain: bastion1.wmflabs.org
   dc: 208.80.155.129
   aRecord: 208.80.155.129

Restarting PowerDNS

PowerDNS copes very poorly with interruptions in ldap service. Anytime opendj restarts, pdns needs to be restarted as well. So, to refresh either service (ldap or dns):

   $ sudo service opendj restart (on nembus and/or neptunium)
   $ sudo service pdns restart (on virt1000 and labcontrol2001)

DHCP and internal DNS

Hostnames (such as deployment-salt.eqiad.wmflabs) are resolved by dnsmasq, which also assigns them IP addresses (via DHCP). This is managed completely by nova network on labnet1001. To make any changes to the dnsmasq setup take effect,

Kill dnsmasq manually on labnet1001 (there's no upstart script since nova-network doesn't apparently like dnsmasq's upstart being called. Sounds very possessive).
Restart nova-network (service nova-network restart)
Hope.