#6527 do-domains only disables a single proxy with matching name
Closed: Fixed 4 years ago by kevin. Opened 6 years ago by puiterwijk.

If we for example disable "proxy01", it will only disable the first matching record (in this case, the external IP), and not other matching records (internal).
This should be fixed, but a workaround for now is to disable proxy01 and proxy01-int.


Metadata Update from @kevin:
- Issue priority set to: Waiting on Asignee
- Issue tagged with: easyfix

5 years ago

@kevin Is this a universal issue or is it only occurring on a specific device?

There's background missing here (as their often is ;)

This is talking about a script in our dns repo. You can get it via 'git clone /git/dns' on batcave01. It's where we store our dns info and our dns servers pull that repo to know what to serve. This repo has a script called 'zone-template' We use this to take out of dns particular proxies. You would call it like:

./zone-template fedoraproject.org.cfg disable proxy01

However, some proxies have multiple ip addresses and it just disables the first one. We should adjust it so each proxy has -subnames for each of it's ip addresses, ie, proxy01-int (the 10.x.x.x address), proxy01-ext (the 209.x external one), etc.

Do we want to append, for example, proxy01-ext, to the list of names associated with the IP or do we want to replace the occurrence of the bare name (e.g. proxy01) with the sub-named versions? Do we want the sub-names added to the FQDNs (e.g. proxy01-ext.fedoraproject.org)

I'll be taking a look at this over the next couple days.

I have't been able to duplicate this. The zone-template script does a loop over the proxies, and checks all name entries for each, so this should catch any records with the name given.

Looking at the commits around the time this was created, for instance 672636d, shows that the cmds/fedoraproject.org file contained the proxy names, but not a command. So, for instance, instead of "disable proxy01" it only contains "proxy01". This is a possible cause for the record not being removed.

The comment from kevin re: adding a -subname for each IP makes sense, and would help if we want to be able to disable the specific IPs separately, but I don't think that would help with the original reported issue of disabling all matching entries. I'm happy to add -ext names to each of the external IPs in the files if that's desired, though.

ok, lets just close this for now then? Thanks so much for looking into it...

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

4 years ago

Login to comment on this ticket.

Metadata