- No Ganglia in Labs;
- puppetmaster::puppetdb uses nginx, puppetmaster uses Apache, so separate hosts or if.
|Invalid||None||T108946 [Epic] Improve the development infrastructure|
|Declined||None||T99531 [Task] move wikiba.se webhosting to wikimedia cluster|
|Resolved||• MasinAlDujailiWMDE||T155359 wikiba.se should use HTTPS|
|Resolved||• ema||T108827 Investigate TCP Fast Open for tlsproxy|
|Declined||None||T107236 Switch port 80 to nginx on primary clusters|
|Resolved||Vgutierrez||T207050 Migrate most standard public TLS certificates to CertCentral issuance|
|Resolved||None||T199711 Deploy a scalable service for ACME (LetsEncrypt) certificate management|
|Open||None||T101048 Policy decisions for new (and current) DNS domains registered to the WMF|
|Resolved||BBlack||T104681 HTTPS Plans (tracking / high-level info)|
|Resolved||Vgutierrez||T214253 en.wikipedia.com [sic] serves an invalid certificate|
|Resolved||Vgutierrez||T190244 en-wp.org certificate error|
|Open||Vgutierrez||T133548 Create a secure redirect service for large count of non-canonical / junk domains|
|Resolved||Krenair||T194962 Create and deploy a centralized letsencrypt service|
|Open||None||T152866 Make clush safer|
|Open||Krenair||T153163 Set up and use exported resources for Tool Labs's shared knowledge|
|Resolved||Krenair||T72792 Set up puppet exported resources to collect ssh host keys for beta|
|Resolved||Krenair||T153577 Make standalone puppetmasters optionally use PuppetDB|
|Resolved||scfc||T154104 role::puppetmaster::puppetdb depends on Ganglia and cannot be used in Labs|
I'm pretty sure the patches work except that I can't get them to work on toolsbeta-puppetmaster7 due to some PostgreSQL hiccups (our puppetry for that is far too fragile for my taste). I'll set up a new puppetmaster and test that tomorrow.
I think on labs we can host it on the same instance as the puppetmaster. I got it working like that and reduces the complexity of this :).
we wont need nginx installed.
I got puppetdb working on the same host as the puppetmaster as it needs the same cert as the puppetmaster for puppetdb jetty.