Use tls for dump backup generation
Open, MediumPublic
Actions

Description

Some database hosts have already enabled and require TLS by default, others don't. That creates difficulties when running mysqldump, as it can sometimes fail. I have deployed https://gerrit.wikimedia.org/r/323420 as a temporary workaround, but a proper fix is needed for the client creating the backups to adopt TLS so it doesn't fail AND it is secure.

This is probably something that can be done at the same time that dbstore1001 gets its new disks (T143874).

Related Objects
Search...

Status	Assigned	Task
Open	None	T138562 Improve regular production database backups handling
Open	None	T151583 Use tls for dump backup generation
Open	None	T157702 Followup for TLS MariaDB server roll-out
Open	None	T152427 Create a check/calendar alert for MariaDB TLS certs
Resolved	jcrespo	T183469 Setup newer machines and replace all old misc (m*) and x1 eqiad machines
Resolved	Cmjohnson	T184054 Decommission db1029 and db1031
Resolved	Cmjohnson	T187542 Decommission db1043
Resolved	Cmjohnson	T184703 Decommission db1011
Resolved	jcrespo	T184704 Setup tendril database monitoring on 2 new hosts, one on eqiad and one on codfw
		Unknown Object (Task)
Resolved	Marostegui	T186123 rack/setup/install db2093 (WAS: rack/setup/install tendril2001)
Resolved	RobH	T186172 switch port configuration for db2093
Resolved	Andrew	T189005 Failover m5 master from db1009 to db1073
Resolved	Cmjohnson	T189216 Decommission db1009
Resolved	jcrespo	T189655 Switchover m1 master from db1016 to db1063
Resolved	Cmjohnson	T190179 Decommission db1016
Resolved	Cmjohnson	T189773 Decommission db1020
Resolved	jcrespo	T189656 Switchover m2 master from db1020 to db1051
Resolved	Cmjohnson	T190262 Decommission db1001
Resolved	jcrespo	T183470 Setup newer machines and replace all old misc (m*) and x1 codfw machines
Resolved	Papaul	T187543 Decommission db2012
Resolved	Marostegui	T187722 Replace db2030 from m5 with another host (WAS: Degraded RAID on db2030)
Resolved	RobH	T187768 Decommission db2030
Resolved	RobH	T187886 Decommission db2011

Event Timeline

jcrespo created this task.Nov 24 2016, 6:50 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 24 2016, 6:50 PM

Krenair added a subscriber: Krenair.Nov 24 2016, 8:22 PM

jcrespo removed a parent task: T111654: Set up TLS for MariaDB replication.Dec 14 2016, 6:17 PM

jcrespo added a subtask: T111654: Set up TLS for MariaDB replication.

jcrespo closed subtask T111654: Set up TLS for MariaDB replication as Resolved.Feb 9 2017, 5:08 PM

jcrespo edited subtasks, added: T157702: Followup for TLS MariaDB server roll-out; removed: T111654: Set up TLS for MariaDB replication.Feb 9 2017, 5:37 PM

jcrespo added a parent task: T138562: Improve regular production database backups handling.Apr 12 2017, 1:21 PM

• 1978Gage2001 moved this task from Triage to In progress on the DBA board.Dec 11 2017, 9:45 AM

• 1978Gage2001 moved this task from Triage to In progress on the DBA board.

Marostegui moved this task from In progress to Triage on the DBA board.Dec 11 2017, 11:07 AM

This needs more work, probably recompile mydumper to support modern standards (TLS1.2+).

jcrespo moved this task from Triage to Backlog on the DBA board.Jun 15 2018, 3:50 PM

Use tls for dump backup generationOpen, MediumPublicActions

Description

Related ObjectsSearch...

Event Timeline

Use tls for dump backup generation
Open, MediumPublic
Actions

Related Objects
Search...