provide bastion redundancy via DNS round robin
Closed, DeclinedPublic
Actions

Assigned To

Authored By

	hashar
	Dec 2 2013, 12:11 PM

Description

The labs project has three instances we can connect to:

bastion1 208.80.153.207
bastion2 208.80.153.203
bastion3 208.80.153.202

They each have a DNS entry in wmflabs.org.

I have setup my ssh ProxyCommand to point to bastion.wmflabs.org expecting it to pick up one of the bastions. Unfortunately the DNS A record points to 208.80.153.207 (bastion1). Whenever that instance is dead I have to update my ProxyCommand manually.

We could make bastion.wmflabs.org a round robin DNS entry that would distribute incoming connections to the different bastion instances. To do so:

bastion.wmflabs.org should have three A entries
the DNS server needs to be configured to yield the entry using round robin (aka change order on each DNS request).
all three bastions need to share the same SSH host key

Version: unspecified
Severity: enhancement

Details

Reference: bz57834

Event Timeline

• bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 2:36 AM

• bzimport added a project: Cloud-VPS.

• bzimport set Reference to bz57834.

hashar created this task.Dec 2 2013, 12:11 PM

Note that bastion1 is missing a DNS entry (bastion1.wmflabs.org) which is bug 60894

faidon unsubscribed.Nov 24 2014, 1:44 PM

Aklapper added a project: Cloud-Services.Apr 29 2015, 12:18 PM

Andrew triaged this task as Medium priority.May 13 2015, 3:18 PM

Andrew set Security to None.

Let's not do this, this will confuse people running screen and what not. We have redundancy now by being able to switch over the IP address in case something fails.

• Phabricator_maintenance removed a subscriber: yuvipanda.Jun 7 2017, 7:01 PM

provide bastion redundancy via DNS round robinClosed, DeclinedPublicActions

Description

Details

Event Timeline

provide bastion redundancy via DNS round robin
Closed, DeclinedPublic
Actions