Page MenuHomePhabricator
Create Task
Maniphest T168460

Update certificates on productions replicas of corp.wikimedia.org LDAP
Closed, ResolvedPublic
Actions

Description

Hi All,

Certificates for corp.wikimedia.org LDAP (hosted by OIT) will expire on Friday, June 23rd. Please, let us know if the production LDAP replicas need the new *.corp.wikimedia.org certificate and key.

Procurement task: https://phabricator.wikimedia.org/T167346

Thanks,
Byron

Event Timeline

bbogaert created this task.Jun 20 2017, 7:05 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 20 2017, 7:05 PM
bbogaert updated the task description. (Show Details)Jun 20 2017, 7:06 PM
RobH added projects: SRE, LDAP.EditedJun 20 2017, 7:11 PM
RobH added a subscriber: MoritzMuehlenhoff.

I'm not 100% sure we need to run that same *.corp.wikimedia.org cert. I don't see any private key file for star.corp.wikimedia.org.key in the private ops repo. That makes me think we don't need to update anything, as we don't seem to host the files for this presently.

I am pretty sure Moritz handled ldap stuff last time, but I'm not sure. I've added him as a subscriber and will follow up with him when he is around (his work hours) tomorrow.

Framawiki added projects: HTTPS, Traffic.Jun 20 2017, 7:12 PM
Framawiki subscribed.
RobH added a comment.EditedJun 20 2017, 7:14 PM

This is for ldap use, not https, not sure Traffic or HTTPS are needed (but seems silly to try to remove and potentially have it automatically added back ;)

Framawiki removed projects: Traffic, HTTPS.EditedJun 20 2017, 7:35 PM

(Oh, true, sorry)

MoritzMuehlenhoff added a comment.Jun 21 2017, 10:24 AM

Yes, that is used by the corp LDAP replica in role::openldap::corp

RobH assigned this task to bbogaert.Jun 21 2017, 3:26 PM

@bbogaert: Seems we need that private key, can you gpg encrypt and email it to me? Thanks!

MoritzMuehlenhoff added a comment.Jun 22 2017, 5:01 AM

Sorry for the confusion, we don't need the private key. My comment was directed as to whether we use the cert in the corp replica, I missed that part of Byron's question.

bbogaert triaged this task as Medium priority.Jul 25 2017, 12:17 AM
Aklapper removed bbogaert as the assignee of this task.Jun 12 2018, 10:06 AM
Phabricator_maintenance moved this task from Backlog to Acknowledged on the SRE board.Jan 26 2019, 9:19 PM
Krenair subscribed.Mar 18 2019, 10:24 AM

was looking through some LDAP tasks, this one is for corp but was presumably completed as it was about a June 2017 expiry?

RobH unsubscribed.Mar 3 2020, 6:13 PM
LSobanski closed this task as Resolved.Nov 4 2022, 3:14 PM
LSobanski claimed this task.
LSobanski subscribed.

This looks long done - here's the task for the 2018 renewal: T197840. Resolving.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL