puppet)

Andrew Bogott (Code Review) Tue, 23 Feb 2016 08:47:18 -0800

Andrew Bogott has submitted this change and it was merged.

Change subject: Updates to designate/mdns/pdns setup for Labs internal dns
......................................................................



Updates to designate/mdns/pdns setup for Labs internal dns

These changes are in response to a long conversation with a designate
developer, Kiall MacInnes:

- Remove a couple of obsolete settings that no longer have any effect.

- Turn off 'master' for pdns servers.  They should listen to mdns
  for updates but not broadcast updates themselves.

- Add a second pool_nameserver representing the secondary dns
  server (holmium)

That last change /may/ resolve confusion in interaction
between pdns and mdns.  It also creates a clear path
forward for splitting out the two pdns servers onto separate
dbs, which I have more faith in as a proper fix for the
associated bug.

Bug:  T124680
Change-Id: I454118b9a0c506fce934df4ef9616358bdfe864e
---
M modules/labs_dns/templates/pdns.conf.erb
M modules/openstack/manifests/designate/service.pp
M modules/openstack/templates/kilo/designate/designate.conf.erb
M modules/role/manifests/labs/openstack/designate.pp
4 files changed, 31 insertions(+), 18 deletions(-)

Approvals:
  Andrew Bogott: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/labs_dns/templates/pdns.conf.erb 
b/modules/labs_dns/templates/pdns.conf.erb
index 2f18d35..3ae9b02 100644
--- a/modules/labs_dns/templates/pdns.conf.erb
+++ b/modules/labs_dns/templates/pdns.conf.erb
@@ -20,7 +20,7 @@
 #distributor-threads=1
 
 # Master for allowing AXFRs
-master=yes
+master=no
 slave=yes
 
 # Running privileged is unnecessary
diff --git a/modules/openstack/manifests/designate/service.pp 
b/modules/openstack/manifests/designate/service.pp
index df1c5aa..64e485d 100644
--- a/modules/openstack/manifests/designate/service.pp
+++ b/modules/openstack/manifests/designate/service.pp
@@ -8,6 +8,8 @@
     $keystone_host,
     $keystoneconfig,
     $designateconfig,
+    $primary_pdns_ip,
+    $secondary_pdns_ip,
 )
     {
 
diff --git a/modules/openstack/templates/kilo/designate/designate.conf.erb 
b/modules/openstack/templates/kilo/designate/designate.conf.erb
index d4b2557..bca2422 100644
--- a/modules/openstack/templates/kilo/designate/designate.conf.erb
+++ b/modules/openstack/templates/kilo/designate/designate.conf.erb
@@ -54,8 +54,6 @@
 # Minimum TTL
 #min_ttl = None
 
-backend_driver = powerdns
-
 ## Managed resources settings
 
 # Email to use for managed resources like domains created by the FloatingIP API
@@ -141,7 +139,6 @@
 # Pool Manager Service
 #-----------------------
 [service:pool_manager]
-backends = powerdns
 #workers = None
 #pool_id = 794ccc2c-d751-44fe-b57f-8894c9f5c842
 #threshold_percentage = 100
@@ -156,20 +153,32 @@
 
 [pool:794ccc2c-d751-44fe-b57f-8894c9f5c842]
 nameservers = 0f66b842-96c2-4189-93fc-1dc95a08b012
-targets = f26e0b32-736f-4f0a-831b-039a415c481e
+targets = f26e0b32-736f-4f0a-831b-039a415c481e, 
17474d59-a989-48fb-9f8b-19fbdaeff243
 
+# A 'pool_nameserver' is a pdns instance that receives axfr updates.
+# This is the primary dns server, currently 'labservices1001'
 [pool_nameserver:0f66b842-96c2-4189-93fc-1dc95a08b012]
 port = 53
-host = <%= scope.function_ipresolve([@fqdn, 4]) %>
+host = <%= @primary_pdns_ip %>
 
+
+# A 'pool_nameserver' is a pdns instance that receives axfr updates.
+# This is the secondary dns server, currently 'holmium,' soon to be 
'labservices1002'
+[pool_nameserver:17474d59-a989-48fb-9f8b-19fbdaeff243]
+port = 53
+host = <%= @secondary_pdns_ip %>
+
+
+# the 'pool_target' is the pdns database, which we write to for zone creation 
and deletion
 [pool_target:f26e0b32-736f-4f0a-831b-039a415c481e]
 options = connection: mysql://<%= @designateconfig["pdns_db_user"] %>:<%= 
@designateconfig["pdns_db_pass"] %>@<%= @designateconfig["db_host"] %>/<%= 
@designateconfig["pdns_db_name"] %>
 # This is an alternate db account with more rights -- this setting should
 #  be used when running the db-sync command and the like during upgrades.
 #options = connection: mysql://<%= @designateconfig["pdns_db_admin_user"] 
%>:<%= @designateconfig["pdns_db_admin_pass"] %>@<%= 
@designateconfig["db_host"] %>/<%= @designateconfig["pdns_db_name"] %>
-masters = 127.0.0.1:5354 # this is a comma separated list of the mdns servers
+# Note that for this to take effect, the list of masters must also be set in 
the pdns database:
+#  UPDATE pdns.domains SET master="<comman-separated list of masters>"
+masters = <%= scope.function_ipresolve([@fqdn, 4]) %>:5354 # this is a comma 
separated list of the mdns servers
 type = powerdns
-
 
 ##############
 ## Network API
diff --git a/modules/role/manifests/labs/openstack/designate.pp 
b/modules/role/manifests/labs/openstack/designate.pp
index 2bb22f6..faec41d 100644
--- a/modules/role/manifests/labs/openstack/designate.pp
+++ b/modules/role/manifests/labs/openstack/designate.pp
@@ -15,23 +15,25 @@
     $horizon_ip      = ipresolve('horizon.wikimedia.org',4)
     $wikitech_ip     = ipresolve('wikitech.wikimedia.org',4)
 
+    $dns_host              = hiera('labs_dns_host')
+    $dns_host_secondary    = hiera('labs_dns_host_secondary')
+    $dns_host_ip           = ipresolve ($dns_host)
+    $dns_host_secondary_ip = ipresolve ($dns_host_secondary)
+
     class { 'openstack::designate::service':
-        active_server   => $designate_host,
-        nova_controller => $nova_controller,
-        keystone_host   => $keystone_host,
-        keystoneconfig  => $keystoneconfig,
-        designateconfig => $designateconfig,
+        active_server      => $designate_host,
+        nova_controller    => $nova_controller,
+        keystone_host      => $keystone_host,
+        keystoneconfig     => $keystoneconfig,
+        designateconfig    => $designateconfig,
+        primary_pdns_ip    => $dns_host_ip,
+        secondary_pdns_ip => $dns_host_secondary_ip,
     }
 
     # Poke a firewall hole for the designate api
     ferm::rule { 'designate-api':
         rule => "saddr (${wikitech_ip} ${horizon_ip} ${controller_ip}) proto 
tcp dport (9001) ACCEPT;",
     }
-
-    $dns_host              = hiera('labs_dns_host')
-    $dns_host_secondary    = hiera('labs_dns_host_secondary')
-    $dns_host_ip           = ipresolve ($dns_host)
-    $dns_host_secondary_ip = ipresolve ($dns_host_secondary)
 
     # allow axfr traffic between mdns and pdns on the pdns hosts
     ferm::rule { 'mdns-axfr':

-- 
To view, visit https://gerrit.wikimedia.org/r/271797
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I454118b9a0c506fce934df4ef9616358bdfe864e
Gerrit-PatchSet: 9
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <abog...@wikimedia.org>
Gerrit-Reviewer: Andrew Bogott <abog...@wikimedia.org>
Gerrit-Reviewer: Chasemp <r...@wikimedia.org>
Gerrit-Reviewer: Mark Bergsma <m...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Updates to designate/mdns/pdns setup for Labs internal dns - change (operations/puppet)

Reply via email to