This task will track the implementation of the new private key and certificate for *.tools.wmflabs.org.
The private key is in the private repo, with the filename of new.star.tools.wmflabs.org.key. The new certificate will be staged in gerrit, but not merged, with the proper filename.
When it is time to merge these, the private repo file will have to rename/replace the existing star.tools.wmflabs.org.key.
Typical checklist for this kind of SSL certificate/key update:
- - stage new private key in private repo with new.star.tools.wmflabs.org.key filename
- - stage new certificate in gerrit https://gerrit.wikimedia.org/r/#/c/342254/
- - halt puppet on affected hosts
- - merge in gerrit patchset - https://gerrit.wikimedia.org/r/#/c/342254/
- - git mv new.star.tools.wmflabs.org.key to replace existing(old) star.tools.wmflabs.org.key file in private repo
- - run puppet on affected hosts and ensure affected services accept update without error (this one is the step that can go horribly wrong.)