Page MenuHomePhabricator

Expose cloudelastic to wmf cloud
Closed, ResolvedPublic


To make the cloudelastic service publicly available we need to expose it to the appropriate networks. Basic plan:

  • Add a new port that only allows GET requests
    • Optionally, if possible, allow POST to ^/.*/_m?search$
  • Expose that port, via ferm, to the wmfcloud srange

A new port is used, rather than the existing tlsproxy port, as the new port needs to be read only. It will be easier to guarantee things are configured properly accepting production write traffic on separate ports from the read only traffic.

Event Timeline

Change 510823 had a related patch set uploaded (by EBernhardson; owner: EBernhardson):
[operations/puppet@production] [WIP] Expose cloudelastic to wmfcloud

Change 510823 merged by Gehel:
[operations/puppet@production] Expose cloudelastic to wmfcloud


krenair@bastion-eqiad1-01:~$ python '\$j[(.]'
arwiki              MediaWiki:Gadget-ContribsTabVector.js
arwiki              MediaWiki:RefToolbarBase.js
arwiki              MediaWiki:RefToolbarConfig.js
aswiki              MediaWiki:RefToolbarBase.js
be_x_oldwiki        MediaWiki:RefToolbarBase.js
be_x_oldwiki        MediaWiki:RefToolbarConfig.js
be_x_oldwiki        MediaWiki:RefToolbarNoDialogs.js
[lots of stuff]

(total: 90, shown: 90)
krenair@bastion-eqiad1-01:~$ python --user noone
commonswiki         User:Alofok/monobook.js
commonswiki         User:Dschwen/ignore.js
enwiki              User:Dschwen/vector.js
enwiki              User:Jj137/typos.js
mediawikiwiki       User:Krenair/test.js
tawiki              User:Shriheeran/கருவிகள்.js

(total: 6, shown: 6)

(this is just modules/scap/files/ with the stuff about private wikis removed and the host changed to

Change 511381 had a related patch set uploaded (by Mathew.onipe; owner: Mathew.onipe):
[operations/puppet@production] cloudelastic: remove ocsp_proxy

debt claimed this task.

Change 511381 merged by Gehel:
[operations/puppet@production] cloudelastic: remove ocsp_proxy