Unless we can somehow entirely avoid writes on GET/HEAD (which might be hard for CentralAuth and a few other things), these will still happen on occasion, mostly as post-send writes in DeferredUpdates.
Such updates should use encryption, instead of just sending passwords and data over the wire.
Scope: All app servers, including job runners and maintenance servers.
Plan:
- Use the ultimate primary DB server as the top entry in $wgLBFactoryConf['sectionLoads'] on the secondary DC. Similarly for writable clusters in externalLoads.
- Add those servers to $wgLBFactoryConf['hostsByName']
- Add the DBO_SSL flag to those servers, probably using $wgLBFactoryConf['templateOverridesByServer']