The labs project has three instances we can connect to:
bastion1 208.80.153.207
bastion2 208.80.153.203
bastion3 208.80.153.202
They each have a DNS entry in wmflabs.org.
I have setup my ssh ProxyCommand to point to bastion.wmflabs.org expecting it to pick up one of the bastions. Unfortunately the DNS A record points to 208.80.153.207 (bastion1). Whenever that instance is dead I have to update my ProxyCommand manually.
We could make bastion.wmflabs.org a round robin DNS entry that would distribute incoming connections to the different bastion instances. To do so:
- bastion.wmflabs.org should have three A entries
- the DNS server needs to be configured to yield the entry using round robin (aka change order on each DNS request).
- all three bastions need to share the same SSH host key
Version: unspecified
Severity: enhancement