roachprod: add A records during cluster create

dt · dt · commit 9d6ff9292707 · 2025-07-15T12:38:45.000Z
Release note: none.
Epic: none.
diff --git a/pkg/roachprod/cloud/cluster_cloud.go b/pkg/roachprod/cloud/cluster_cloud.go
@@ -540,9 +540,16 @@ func DestroyCluster(l *logger.Logger, c *Cluster) error {
 	// DNS entries are destroyed first to ensure that the GC job will not try
 	// and clean-up entries prematurely.
 	stopSpinner := ui.NewDefaultSpinner(l, "Destroying DNS entries").Start()
+	publicRecords := make([]string, 0, len(c.VMs))
+	for _, v := range c.VMs {
+		publicRecords = append(publicRecords, v.PublicDNS)
+	}
 	dnsErr := vm.FanOutDNS(c.VMs, func(p vm.DNSProvider, vms vm.List) error {
-		return p.DeleteRecordsBySubdomain(context.Background(), c.Name)
+		publicRecordsErr := p.DeletePublicRecordsByName(context.Background(), publicRecords...)
+		srvRecordsErr := p.DeleteSRVRecordsBySubdomain(context.Background(), c.Name)
+		return errors.CombineErrors(publicRecordsErr, srvRecordsErr)
 	})
+
 	stopSpinner()
 
 	stopSpinner = ui.NewDefaultSpinner(l, "Destroying VMs").Start()
diff --git a/pkg/roachprod/cloud/gc.go b/pkg/roachprod/cloud/gc.go
@@ -570,7 +570,7 @@ func GCDNS(l *logger.Logger, cloud *Cloud, dryrun bool) error {
 		sort.Strings(recordNames)
 
 		if err := destroyResource(dryrun, func() error {
-			return p.DeleteRecordsByName(ctx, recordNames...)
+			return p.DeleteSRVRecordsByName(ctx, recordNames...)
 		}); err != nil {
 			return err
 		}
diff --git a/pkg/roachprod/install/services_test.go b/pkg/roachprod/install/services_test.go
@@ -334,7 +334,7 @@ func TestMultipleRegistrations(t *testing.T) {
 	verify := func(c *SyncedCluster, servicesToRegister [][]ServiceDesc) bool {
 		for _, services := range servicesToRegister {
 			if len(services) == 0 {
-				err := testDNS.DeleteRecordsBySubdomain(ctx, c.Name)
+				err := testDNS.DeleteSRVRecordsBySubdomain(ctx, c.Name)
 				require.NoError(t, err)
 				continue
 			}
diff --git a/pkg/roachprod/roachprod.go b/pkg/roachprod/roachprod.go
@@ -1763,6 +1763,11 @@ func Create(
 		// No need for ssh for local clusters.
 		return LoadClusters()
 	}
+
+	if err := CreatePublicDNS(ctx, l, clusterName); err != nil {
+		l.Printf("Failed to create DNS for cluster %s: %v", clusterName, err)
+	}
+
 	l.Printf("Created cluster %s; setting up SSH...", clusterName)
 	return SetupSSH(ctx, l, clusterName, false /* sync */)
 }
@@ -2584,8 +2589,34 @@ func DestroyDNS(ctx context.Context, l *logger.Logger, clusterName string) error
 	if err != nil {
 		return err
 	}
+	publicRecords := make([]string, 0, len(c.VMs))
+	for _, v := range c.VMs {
+		publicRecords = append(publicRecords, v.PublicDNS)
+	}
+
+	return vm.FanOutDNS(c.VMs, func(p vm.DNSProvider, vms vm.List) error {
+		return errors.CombineErrors(
+			p.DeleteSRVRecordsBySubdomain(ctx, c.Name),
+			p.DeletePublicRecordsByName(ctx, publicRecords...),
+		)
+	})
+}
+
+// CreatePublicDNS creates or updates the public A records for the given cluster.
+func CreatePublicDNS(ctx context.Context, l *logger.Logger, clusterName string) error {
+	c, err := GetClusterFromCache(l, clusterName)
+	if err != nil {
+		return err
+	}
+
 	return vm.FanOutDNS(c.VMs, func(p vm.DNSProvider, vms vm.List) error {
-		return p.DeleteRecordsBySubdomain(ctx, c.Name)
+		recs := make([]vm.DNSRecord, 0, len(c.VMs))
+		for _, v := range c.VMs {
+			rec := vm.CreateDNSRecord(v.PublicDNS, vm.A, v.PublicIP, 60)
+			rec.Public = true
+			recs = append(recs, rec)
+		}
+		return p.CreateRecords(ctx, recs...)
 	})
 }
 
diff --git a/pkg/roachprod/vm/dns.go b/pkg/roachprod/vm/dns.go
@@ -38,6 +38,8 @@ type DNSRecord struct {
 	Data string `json:"data"`
 	// TTL is the time to live of the DNS record.
 	TTL int `json:"TTL"`
+	// Public indicates whether the DNS should be published in the public zone.
+	Public bool
 }
 
 // DNSProvider is an optional capability for a Provider that provides DNS
@@ -52,10 +54,12 @@ type DNSProvider interface {
 	LookupSRVRecords(ctx context.Context, name string) ([]DNSRecord, error)
 	// ListRecords lists all DNS records managed for the zone.
 	ListRecords(ctx context.Context) ([]DNSRecord, error)
-	// DeleteRecordsBySubdomain deletes all DNS records with the given subdomain.
-	DeleteRecordsBySubdomain(ctx context.Context, subdomain string) error
-	// DeleteRecordsByName deletes all DNS records with the given name.
-	DeleteRecordsByName(ctx context.Context, names ...string) error
+	// DeleteSRVRecordsBySubdomain deletes all DNS SRV records with the given subdomain.
+	DeleteSRVRecordsBySubdomain(ctx context.Context, subdomain string) error
+	// DeleteRecordsByName deletes all DNS SRV records with the given name.
+	DeleteSRVRecordsByName(ctx context.Context, names ...string) error
+	// DeletePublicRecordsByName deletes all DNS A records named.
+	DeletePublicRecordsByName(ctx context.Context, names ...string) error
 	// Domain returns the domain name (zone) of the DNS provider.
 	Domain() string
 }
diff --git a/pkg/roachprod/vm/gce/dns.go b/pkg/roachprod/vm/gce/dns.go
@@ -156,10 +156,14 @@ func (n *dnsProvider) CreateRecords(ctx context.Context, records ...vm.DNSRecord
 			firstRecord := recordGroup[0]
 			data := maps.Keys(combinedRecords)
 			sort.Strings(data)
+			zone := n.managedZone
+			if firstRecord.Public {
+				zone = n.publicZone
+			}
 			args := []string{"--project", n.dnsProject, "dns", "record-sets", command, name,
 				"--type", string(firstRecord.Type),
 				"--ttl", strconv.Itoa(firstRecord.TTL),
-				"--zone", n.managedZone,
+				"--zone", zone,
 				"--rrdatas", strings.Join(data, ","),
 			}
 			cmd := exec.CommandContext(ctx, "gcloud", args...)
@@ -170,10 +174,10 @@ func (n *dnsProvider) CreateRecords(ctx context.Context, records ...vm.DNSRecord
 				n.clearCacheEntry(name)
 				return rperrors.TransientFailure(errors.Wrapf(err, "output: %s", out), dnsProblemLabel)
 			}
-			// If fastDNS is enabled, we need to wait for the records to become available
+			// If fastDNS is enabled, we need to wait for the SRV records to become available
 			// on the Google DNS servers.
-			if config.FastDNS {
-				err = n.waitForRecordsAvailable(ctx, maps.Values(combinedRecords)...)
+			if config.FastDNS && !firstRecord.Public {
+				err = n.waitForSRVRecordsAvailable(ctx, maps.Values(combinedRecords)...)
 				if err != nil {
 					return err
 				}
@@ -210,13 +214,14 @@ func (n *dnsProvider) ListRecords(ctx context.Context) ([]vm.DNSRecord, error) {
 	return n.listSRVRecords(ctx, "", dnsMaxResults)
 }
 
-// DeleteRecordsByName implements the vm.DNSProvider interface.
-func (n *dnsProvider) DeleteRecordsByName(ctx context.Context, names ...string) error {
+func (n *dnsProvider) deleteRecords(
+	ctx context.Context, zone string, recordType vm.DNSType, names ...string,
+) error {
 	for _, name := range names {
 		err := n.withRecordLock(name, func() error {
 			args := []string{"--project", n.dnsProject, "dns", "record-sets", "delete", name,
-				"--type", string(vm.SRV),
-				"--zone", n.managedZone,
+				"--type", string(recordType),
+				"--zone", zone,
 			}
 			cmd := exec.CommandContext(ctx, "gcloud", args...)
 			out, err := n.execFn(cmd)
@@ -235,8 +240,18 @@ func (n *dnsProvider) DeleteRecordsByName(ctx context.Context, names ...string)
 	return nil
 }
 
+// DeleteSRVRecordsByName implements the vm.DNSProvider interface.
+func (n *dnsProvider) DeleteSRVRecordsByName(ctx context.Context, names ...string) error {
+	return n.deleteRecords(ctx, n.managedZone, vm.SRV, names...)
+}
+
+// DeletePublicRecordsByName implements the vm.DNSProvider interface
+func (n *dnsProvider) DeletePublicRecordsByName(ctx context.Context, names ...string) error {
+	return n.deleteRecords(ctx, n.publicZone, vm.A, names...)
+}
+
 // DeleteRecordsBySubdomain implements the vm.DNSProvider interface.
-func (n *dnsProvider) DeleteRecordsBySubdomain(ctx context.Context, subdomain string) error {
+func (n *dnsProvider) DeleteSRVRecordsBySubdomain(ctx context.Context, subdomain string) error {
 	suffix := fmt.Sprintf("%s.%s.", subdomain, n.Domain())
 	records, err := n.listSRVRecords(ctx, suffix, dnsMaxResults)
 	if err != nil {
@@ -256,7 +271,7 @@ func (n *dnsProvider) DeleteRecordsBySubdomain(ctx context.Context, subdomain st
 			delete(names, name)
 		}
 	}
-	return n.DeleteRecordsByName(ctx, maps.Keys(names)...)
+	return n.DeleteSRVRecordsByName(ctx, maps.Keys(names)...)
 }
 
 // Domain implements the vm.DNSProvider interface.
diff --git a/pkg/roachprod/vm/gce/fast_dns.go b/pkg/roachprod/vm/gce/fast_dns.go
@@ -35,7 +35,9 @@ func googleDNSResolvers() []*net.Resolver {
 
 // waitForRecordsAvailable waits for the DNS records to become available on all
 // the DNS servers through a standard net tools lookup.
-func (n *dnsProvider) waitForRecordsAvailable(ctx context.Context, records ...vm.DNSRecord) error {
+func (n *dnsProvider) waitForSRVRecordsAvailable(
+	ctx context.Context, records ...vm.DNSRecord,
+) error {
 	checkResolver := func(resolver *net.Resolver) error {
 		type recordKey struct {
 			name string
diff --git a/pkg/roachprod/vm/local/dns.go b/pkg/roachprod/vm/local/dns.go
@@ -82,8 +82,12 @@ func (n *dnsProvider) ListRecords(_ context.Context) ([]vm.DNSRecord, error) {
 	return maps.Values(records), nil
 }
 
+func (n *dnsProvider) DeletePublicRecordsByName(ctx context.Context, names ...string) error {
+	return n.DeleteSRVRecordsByName(ctx, names...)
+}
+
 // DeleteRecordsByName is part of the vm.DNSProvider interface.
-func (n *dnsProvider) DeleteRecordsByName(_ context.Context, names ...string) error {
+func (n *dnsProvider) DeleteSRVRecordsByName(_ context.Context, names ...string) error {
 	unlock, err := lock.AcquireFilesystemLock(n.lockFilePath)
 	if err != nil {
 		return err
@@ -100,8 +104,8 @@ func (n *dnsProvider) DeleteRecordsByName(_ context.Context, names ...string) er
 	return n.saveRecords(entries)
 }
 
-// DeleteRecordsBySubdomain is part of the vm.DNSProvider interface.
-func (n *dnsProvider) DeleteRecordsBySubdomain(_ context.Context, subdomain string) error {
+// DeleteSRVRecordsBySubdomain is part of the vm.DNSProvider interface.
+func (n *dnsProvider) DeleteSRVRecordsBySubdomain(_ context.Context, subdomain string) error {
 	unlock, err := lock.AcquireFilesystemLock(n.lockFilePath)
 	if err != nil {
 		return err
diff --git a/pkg/roachprod/vm/local/local.go b/pkg/roachprod/vm/local/local.go
@@ -93,7 +93,7 @@ func DeleteCluster(l *logger.Logger, name string) error {
 	// Local clusters are expected to specifically use the local DNS provider
 	// implementation, and should clean up any DNS records in the local file
 	// system cache.
-	return p.DeleteRecordsBySubdomain(context.Background(), c.Name)
+	return p.DeleteSRVRecordsBySubdomain(context.Background(), c.Name)
 }
 
 // Clusters returns a list of all known local clusters.

Original file line number	Diff line number	Diff line change
`@@ -570,7 +570,7 @@ func GCDNS(l logger.Logger, cloud Cloud, dryrun bool) error {`
`570`	`570`	`sort.Strings(recordNames)`
`571`	`571`
`572`	`572`	`if err := destroyResource(dryrun, func() error {`
`573`		`- return p.DeleteRecordsByName(ctx, recordNames...)`
	`573`	`+ return p.DeleteSRVRecordsByName(ctx, recordNames...)`
`574`	`574`	`}); err != nil {`
`575`	`575`	`return err`
`576`	`576`	`}`
Original file line number	Diff line number	Diff line change
`@@ -334,7 +334,7 @@ func TestMultipleRegistrations(t *testing.T) {`
`334`	`334`	`verify := func(c *SyncedCluster, servicesToRegister [][]ServiceDesc) bool {`
`335`	`335`	`for _, services := range servicesToRegister {`
`336`	`336`	`if len(services) == 0 {`
`337`		`- err := testDNS.DeleteRecordsBySubdomain(ctx, c.Name)`
	`337`	`+ err := testDNS.DeleteSRVRecordsBySubdomain(ctx, c.Name)`
`338`	`338`	`require.NoError(t, err)`
`339`	`339`	`continue`
`340`	`340`	`}`
Original file line number	Diff line number	Diff line change
`@@ -93,7 +93,7 @@ func DeleteCluster(l *logger.Logger, name string) error {`
`93`	`93`	`// Local clusters are expected to specifically use the local DNS provider`
`94`	`94`	`// implementation, and should clean up any DNS records in the local file`
`95`	`95`	`// system cache.`
`96`		`- return p.DeleteRecordsBySubdomain(context.Background(), c.Name)`
	`96`	`+ return p.DeleteSRVRecordsBySubdomain(context.Background(), c.Name)`
`97`	`97`	`}`
`98`	`98`
`99`	`99`	`// Clusters returns a list of all known local clusters.`