Page MenuHomePhabricator

Deploy encryption certificate for *.wikimedia.de
Closed, ResolvedPublic2 Story Points

Description

The current certificate expires on Nov 3th. We need to deploy a new wildcard certificate to some of the machines we use.

Acceptance Criteria:
The new certificate is deployed to the following sites:

  • deploy.wikimedia.de
  • backend.wikimedia.de
  • monitor.wikimedia.de
  • test-spenden-2.wikimedia.de
  • test-backend.wikimedia.de
  • tracking.wikimedia.de
  • ticket.wikimedia.de

Background:

  • All of the systems can be updated using ansible.
  • deploy.wikimedia.de's Jenkin's nginx (in docker) currently does not react to ansible's restart handler and needs to be restarted manually

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 4 2017, 5:03 PM
kai.nissen renamed this task from Renew and deploy encryption certificate for *.wikimedia.de to Deploy encryption certificate for *.wikimedia.de.Oct 6 2017, 11:10 AM

Our IT department will take care of renewing the certificate and notify us, once the certificate is ready for deployment.

kai.nissen updated the task description. (Show Details)Oct 19 2017, 1:56 PM
kai.nissen updated the task description. (Show Details)Oct 19 2017, 1:58 PM
Pablo-WMDE updated the task description. (Show Details)Oct 19 2017, 2:03 PM
Pablo-WMDE set the point value for this task to 2.
Pablo-WMDE updated the task description. (Show Details)Oct 19 2017, 2:05 PM

@MasinAlDujailiWMDE Can you drop a comment here, once the new certificate was issued?

@kai.nissen monitor.wikimedia.de is missing on the github wiki page concerning this subject. Should I fix this or this is an intended exception?

Thanks for pointing out. It was not intended, so I just added it to the page.

kai.nissen closed this task as Resolved.Nov 15 2017, 1:15 PM