Page MenuHomePhabricator
Create Task
Maniphest T174611

update *.wmflabs.org by 2017-10-16
Closed, ResolvedPublic
Actions

Description

This will be the public tracking task for the replacement of the *.wmflabs.org cert/key pair. The existing certificate expires on 2017-10-16. The new certificate is available on: https://gerrit.wikimedia.org/r/#/c/374873/

The certificate was purchased via T174053, which is not a pubic task, so it shoudn't be used to track implementation (hence this task's creation.)

The new private key is on the private repo, named new.star.wmflabs.org.key. When the above patchset is pushed live, the private key must be updated. (Either replace the contents of the exiting file, or git rm and git mv the new file into the existing keyfiles place.)

Since this affects the cloud team, This has been flagged with cloud-services-team project for their review.

Related Objects
Search...

StatusSubtypeAssignedTask
Unknown Object (Task)
 Resolved madhuvishyT174611 update *.wmflabs.org by 2017-10-16

Event Timeline

RobH created this task.Aug 30 2017, 7:47 PM
Krenair subscribed.Aug 30 2017, 7:50 PM
bd808 edited projects, added cloud-services-team (Kanban); removed cloud-services-team.Aug 30 2017, 7:52 PM
bd808 moved this task from Inbox to Soon! on the cloud-services-team (Kanban) board.
RobH mentioned this in Unknown Object (Task).Aug 30 2017, 7:54 PM
Paladox subscribed.Aug 30 2017, 7:56 PM
Stashbot subscribed.Aug 31 2017, 8:24 PM

Mentioned in SAL (#wikimedia-cloud) [2017-08-31T20:24:06Z] <madhuvishy> Disabling puppet on tools-proxy-* and tools-static-* for star.wmflabs.org SSL cert update (T174611)

Stashbot added a comment.Aug 31 2017, 8:25 PM

Mentioned in SAL (#wikimedia-cloud) [2017-08-31T20:25:10Z] <madhuvishy> Merging new cert https://gerrit.wikimedia.org/r/#/c/374873/ (T174611)

Stashbot added a comment.Aug 31 2017, 8:33 PM

Mentioned in SAL (#wikimedia-cloud) [2017-08-31T20:33:28Z] <madhuvishy> Updated certs and ran puppet, restarted nginx on tools-proxy-* and tools-static-* (T174611)

Stashbot added a comment.Aug 31 2017, 9:12 PM

Mentioned in SAL (#wikimedia-cloud) [2017-08-31T21:12:36Z] <madhuvishy> Updated star.wmflabs.org cert, ran puppet and restarted nginx in novaproxy-01 and 02 (Copied the private key manually to /etc/ssl/private) T174611

madhuvishy closed this task as Resolved.Aug 31 2017, 9:19 PM
madhuvishy claimed this task.

This is all done, new private key committed in ops/private. New certs are showing up okay!

bd808 moved this task from Soon! to Done on the cloud-services-team (Kanban) board.Sep 1 2017, 2:49 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits