Page MenuHomePhabricator

Get live hacks on wikitech-static into git
Closed, ResolvedPublic

Description

A fair bit of the code that manages wikitech-static is in https://gerrit.wikimedia.org/r/#/admin/projects/operations/wikitech-static

Recently we made some changes for LE but those changes seem to be live on wikitech-static and not checked in.

Event Timeline

Andrew created this task.Jun 6 2019, 10:26 PM
Krenair added a subscriber: Krenair.Jun 7 2019, 2:45 AM

Mentioned in SAL (#wikimedia-operations) [2019-07-16T22:06:12Z] <mutante> wikitech-static: move /etc/apache2/sites-available/000-default.conf and default-ssl.conf out of directory and reload apache to confirm they are not used and get us in sync with the repo contents again (T225258)

Mentioned in SAL (#wikimedia-operations) [2019-07-16T22:11:27Z] <mutante> wikitech-static: turn /etc/apache2/sites-available/wikitech-static.wikimedia.org-ssl.conf and status.wikimedia.org-ssl.conf into symlinks to /wikitech-static/apache/ to match config for http vhosts (T225258)

This did not include: "Cert renewal was broken; this was fixed by changing authenticator = webroot to for authenticator = standalone in /etc/letsencrypt/renewal/wikitech-static.wikimedia.org.conf which is not yet reflected in gerrit." which i found in T204840#5243222.

Mentioned in SAL (#wikimedia-operations) [2019-07-16T22:29:22Z] <mutante> wikitech-static the diff between the ssl config files in the repo and on server were just a space at the end of the ServerAdmin line .... T225258

Mentioned in SAL (#wikimedia-operations) [2019-07-16T23:09:19Z] <mutante> wikitech-static got ssl config files in sync with the repo, the difference was really just that space on one line each though (T225258)

Dzahn closed this task as Resolved.EditedJul 16 2019, 11:17 PM

The Apache2 config is cleaned up. The contents of /etc/apache2/sites-enabled/ are just 4 config files now and all of them are symlinks to /wikitech-static/apache/ now, not just 2 of them.

Also the files in the repo have no more diff to the files on server.

That being said this does not mean /etc/letsencrypt/ config files are in the repo.