Page MenuHomePhabricator
Create Task
Maniphest T223332

update *.tools.wmflabs.org certificate
Closed, ResolvedPublic0 Estimated Story Points
Actions

Description

This task will track the implementation of the updated/renewed *.tools.wmflabs.org certificate and key.

The new key is already committed to the private puppet repo as new.star.tools.wmflabs.org.key. The new certificate will be linked into this task via gerrit patchset once the order is received by @RobH. Then this task will be reassigned to the cloud-services-team for implementation.

implementation details

The gerrit patchset https://gerrit.wikimedia.org/r/510250 stages the new certificate, and the new private key is stored in the private puppet repo as new.star.tools.wmflabs.org. Please ensure both the private key and the staged certificate are merged live at the same time, or failures will result.

Details

SubjectRepoBranchLines +/-
updating/renewing star.tools.wmflabs.org cert/keypairoperations/puppetproduction+22 -22
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
Unknown Object (Task)
 ResolvedaborreroT223332 update *.tools.wmflabs.org certificate

Event Timeline

RobH triaged this task as High priority.May 14 2019, 8:31 PM
RobH created this task.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 14 2019, 8:31 PM
gerritbot added a comment.May 14 2019, 8:59 PM

Change 510250 had a related patch set uploaded (by RobH; owner: RobH):
[operations/puppet@production] updating/renewing star.tools.wmflabs.org cert/keypair

https://gerrit.wikimedia.org/r/510250

gerritbot added a project: Patch-For-Review.May 14 2019, 8:59 PM
RobH reassigned this task from RobH to aborrero.May 14 2019, 9:01 PM
RobH removed a project: Patch-For-Review.
RobH updated the task description. (Show Details)

@aborrero: Since you were the one to confirm the certificate usage on the procurement task, would you also be the person to implement the renewed certificate/keypair?

If not, can you advise/reassign to who would handle this? Thanks in advance!

The gerrit patchset https://gerrit.wikimedia.org/r/510250 stages the new certificate, and the new private key is stored in the private puppet repo as new.star.tools.wmflabs.org.

RobH mentioned this in Unknown Object (Task).May 14 2019, 9:52 PM
Stashbot added a comment.May 20 2019, 10:53 AM

Mentioned in SAL (#wikimedia-cloud) [2019-05-20T10:53:00Z] <arturo> T223332 disable puppet agent in tools-k8s-master and tools-docker-registry nodes

Stashbot added a comment.May 20 2019, 11:01 AM

Mentioned in SAL (#wikimedia-operations) [2019-05-20T11:01:47Z] <arturo> icinga downtime toolschecker for 3h for T223332

gerritbot added a comment.May 20 2019, 11:05 AM

Change 510250 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] updating/renewing star.tools.wmflabs.org cert/keypair

https://gerrit.wikimedia.org/r/510250

Stashbot added a comment.May 20 2019, 11:25 AM

Mentioned in SAL (#wikimedia-cloud) [2019-05-20T11:25:19Z] <arturo> T223332 enable puppet agent in tools-k8s-master and tools-docker-registry nodes and deploy new SSL cert

aborrero closed this task as Resolved.May 20 2019, 11:40 AM

This has been done. Thanks @RobH

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits