We'll need to build and test civi1001 alongside the existing civicrm server, so we'll firewall polices for it. We also need to build replacements for indium, db1025, and lutetium before taking those servers down.
|Open||None||T111653 Encrypt all the things|
|Resolved||Jgreen||T142994 configure TLS for fundraising syslog collection|
|Declined||None||T91896 Run CRM on HHVM|
|Resolved||Jgreen||T133524 frack eqiad hardware refresh|
|Resolved||Jgreen||T145107 replace db1025 with new hardware running jessie|
|Resolved||Jgreen||T145110 replace lutetium with new hardware running debian/jessie|
|Resolved||Jgreen||T145116 replace indium (eqiad fundraising logger) with new hardware running jessie|
|Resolved||• cwdent||T136959 EPIC: build fundraising civicrm (barium) replacement server on Debian Jessie, with HHVM or PHP5.5|
|Resolved||faidon||T159336 deploy firewall policies for (barium,lutetium,db1025,indium) replacements (civi1001,frdev1001,frdb1002,frlog1001)|
Also (fundraising private repo):
Author: Jeff Green <firstname.lastname@example.org>
Date: Mon Mar 6 15:32:57 2017 +0000
iptables and pfw policies for replacement hosts, remove deprecated 10514/tcp Bug: T142994,T145107,T145110,T145116
Note that in addition to the new hosts, some of the policies have been renamed (should be obvious) and we're removing an 'application' for 10514/tcp which is now deprecated.