Page MenuHomePhabricator
Create Task
Maniphest T151583

Use tls for dump backup generation
Open, MediumPublic
Actions

Description

Some database hosts have already enabled and require TLS by default, others don't. That creates difficulties when running mysqldump, as it can sometimes fail. I have deployed https://gerrit.wikimedia.org/r/323420 as a temporary workaround, but a proper fix is needed for the client creating the backups to adopt TLS so it doesn't fail AND it is secure.

This is probably something that can be done at the same time that dbstore1001 gets its new disks (T143874).

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT138562 Improve regular production database backups handling
 OpenNoneT151583 Use tls for dump backup generation

Event Timeline

jcrespo created this task.Nov 24 2016, 6:50 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 24 2016, 6:50 PM
Krenair added a subscriber: Krenair.Nov 24 2016, 8:22 PM
jcrespo removed a parent task: T111654: Set up TLS for MariaDB replication.Dec 14 2016, 6:17 PM
jcrespo added a subtask: T111654: Set up TLS for MariaDB replication.
jcrespo closed subtask T111654: Set up TLS for MariaDB replication as Resolved.Feb 9 2017, 5:08 PM
jcrespo edited subtasks, added: T157702: Followup for TLS MariaDB server roll-out; removed: T111654: Set up TLS for MariaDB replication.Feb 9 2017, 5:37 PM
jcrespo added a parent task: T138562: Improve regular production database backups handling.Apr 12 2017, 1:21 PM
1978Gage2001 moved this task from Triage to In progress on the DBA board.Dec 11 2017, 9:45 AM
1978Gage2001 moved this task from Triage to In progress on the DBA board.
Marostegui moved this task from In progress to Triage on the DBA board.Dec 11 2017, 11:07 AM
jcrespo added a comment.Mar 9 2018, 3:27 PM

This needs more work, probably recompile mydumper to support modern standards (TLS1.2+).

jcrespo moved this task from Triage to Backlog on the DBA board.Jun 15 2018, 3:50 PM
jcrespo removed a subtask: T157702: Followup for TLS MariaDB server roll-out.Mar 7 2022, 1:57 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL