We are about to enable writes from the active MediaWiki cluster to Swift clusters in both datacenters. Therefore, it would be ideal to TLS encrypt this traffic, as sometimes sensitive information (such as access tokens and relatively rarely, sensitive files) may be transmitted from/to Swift.
Description
Details
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | LSobanski | T111653 Encrypt all the things | |||
Resolved | aaron | T88445 MediaWiki active/active datacenter investigation and work (tracking) | |||
Resolved | fgiunchedi | T127455 Enable HTTPS for Swift traffic |
Event Timeline
Change 310549 had a related patch set uploaded (by Filippo Giunchedi):
[WIP] swift: terminate https with nginx
Change 339191 had a related patch set uploaded (by Filippo Giunchedi):
hieradata: use_tls for swift proxy in codfw
Change 339191 merged by Filippo Giunchedi:
hieradata: use_tls for swift proxy in codfw
Change 339197 had a related patch set uploaded (by Filippo Giunchedi):
lvs: add swift https service
Change 339410 had a related patch set uploaded (by Filippo Giunchedi):
conftool-data: add nginx service to swift
Change 339413 had a related patch set uploaded (by Filippo Giunchedi):
hieradata: use 'uri' for swift icinga configuration
Change 339413 merged by Filippo Giunchedi:
hieradata: use 'uri' for swift icinga configuration
Change 339430 had a related patch set uploaded (by Filippo Giunchedi):
hieradata: use 'localhost' vhost for icinga checks
Change 339430 merged by Filippo Giunchedi:
hieradata: use 'localhost' vhost for icinga checks
Change 342438 had a related patch set uploaded (by Filippo Giunchedi):
[operations/puppet] hieradata: enable https for swift eqiad
Change 342438 merged by Filippo Giunchedi:
[operations/puppet] hieradata: enable https for swift eqiad