Expose cloudelastic to wmf cloud
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	EBernhardson
	May 17 2019, 8:34 AM

Description

To make the cloudelastic service publicly available we need to expose it to the appropriate networks. Basic plan:

Add a new port that only allows GET requests
- Optionally, if possible, allow POST to ^/.*/_m?search$
Expose that port, via ferm, to the wmfcloud srange

A new port is used, rather than the existing tlsproxy port, as the new port needs to be read only. It will be easier to guarantee things are configured properly accepting production write traffic on separate ports from the read only traffic.

Details

	Subject	Repo	Branch	Lines +/-
	cloudelastic: remove ocsp_proxy	operations/puppet	production	+1 -5
	Expose cloudelastic to wmfcloud	operations/puppet	production	+57 -16

Customize query in gerrit

Related Objects
Search...

Status	Subtype	Assigned	Task
Declined	Feature	None	T71489 Expose mwgrep functionality on-wiki
Resolved		None	T109715 Replicate production elasticsearch indices to labs
Resolved		EBernhardson	T220625 Initialize CirrusSearch on cloudelastic
Resolved		debt	T223519 Expose cloudelastic to wmf cloud

Event Timeline

EBernhardson created this task.May 17 2019, 8:34 AM

Restricted Application edited projects, added Discovery-Search; removed Discovery-Search (Current work). · View Herald TranscriptMay 17 2019, 8:34 AM

Change 510823 had a related patch set uploaded (by EBernhardson; owner: EBernhardson):
[operations/puppet@production] [WIP] Expose cloudelastic to wmfcloud

https://gerrit.wikimedia.org/r/510823

gerritbot added a project: Patch-For-Review.May 17 2019, 9:06 AM

Change 510823 merged by Gehel:
[operations/puppet@production] Expose cloudelastic to wmfcloud

https://gerrit.wikimedia.org/r/510823

Krenair awarded a token.May 18 2019, 6:10 AM

nice:

krenair@bastion-eqiad1-01:~$ python mwgrep.py '\$j[(.]'
arwiki              MediaWiki:Gadget-ContribsTabVector.js
arwiki              MediaWiki:RefToolbarBase.js
arwiki              MediaWiki:RefToolbarConfig.js
aswiki              MediaWiki:RefToolbarBase.js
be_x_oldwiki        MediaWiki:RefToolbarBase.js
be_x_oldwiki        MediaWiki:RefToolbarConfig.js
be_x_oldwiki        MediaWiki:RefToolbarNoDialogs.js
[lots of stuff]

(total: 90, shown: 90)

krenair@bastion-eqiad1-01:~$ python mwgrep.py --user noone
commonswiki         User:Alofok/monobook.js
commonswiki         User:Dschwen/ignore.js
enwiki              User:Dschwen/vector.js
enwiki              User:Jj137/typos.js
mediawikiwiki       User:Krenair/test.js
tawiki              User:Shriheeran/கருவிகள்.js

(total: 6, shown: 6)

(this is just modules/scap/files/mwgrep.py with the stuff about private wikis removed and the host changed to cloudelastic1001.wikimedia.org:8243)

TheDJ awarded a token.May 18 2019, 8:23 AM

EBernhardson moved this task from needs triage to Current work on the Discovery-Search board.May 18 2019, 12:24 PM

EBernhardson edited projects, added Discovery-Search (Current work); removed Discovery-Search.

• Mathew.onipe mentioned this in T223734: nginx is failing to restart on cloudelastic100[1-2].wikimedia.org. Will also fail on cloudelastic100[3-4] when restart is attempted..May 18 2019, 3:46 PM

Change 511381 had a related patch set uploaded (by Mathew.onipe; owner: Mathew.onipe):
[operations/puppet@production] cloudelastic: remove ocsp_proxy

https://gerrit.wikimedia.org/r/511381

Gehel mentioned this in T220554: Open cloudelastic to wmf cloud hosts.May 21 2019, 8:52 AM

EBernhardson moved this task from Incoming to Needs Reporting on the Discovery-Search (Current work) board.May 23 2019, 5:12 PM

debt closed this task as Resolved.May 28 2019, 11:55 PM

debt claimed this task.

Peachey88 merged a task: T220554: Open cloudelastic to wmf cloud hosts.Jul 12 2019, 7:47 AM