Switch all eventgate clients to use new TLS port
Closed, ResolvedPublic
Actions

Description

Clients should now produce to the new TLS ports added in T241073: Set up TLS for eventgate-main and eventgate-analytics.

eventgate-analytics

eventgate-main

EventBus
change-propagation
restbase
cp-job-queue - doesn't use eventgate

Along the way we should document all users so they are easier to find in the future! Started here by adding Clients sections:
https://wikitech.wikimedia.org/wiki/Event_Platform/EventGate#EventGate_Services

Details

	Subject	Repo	Branch	Lines +/-
	Switch change-prop and restbase event_service_uri to new TLS eventgate-main	operations/puppet	production	+3 -3
	Use new TLS port for eventgate-analytics	operations/mediawiki-config	master	+1 -1

Customize query in gerrit

Related Objects
Search...

Status	Assigned	Task
Resolved	Ottomata	T185233 Modern Event Platform
Resolved	Ottomata	T201068 Modern Event Platform: Stream Intake Service
Resolved	Ottomata	T241073 Set up TLS for eventgate-main and eventgate-analytics
Resolved	Ottomata	T242224 Switch all eventgate clients to use new TLS port

Event Timeline

Ottomata created this task.Jan 8 2020, 2:29 PM

Restricted Application removed a project: Patch-For-Review. · View Herald TranscriptJan 8 2020, 2:29 PM

Ottomata updated the task description. (Show Details)Jan 8 2020, 2:29 PM

Ah @elukey, we need to allow port 4192 for eventgate-analytics from analytics VLAN.

Change 562840 had a related patch set uploaded (by Ottomata; owner: Ottomata):
[operations/mediawiki-config@master] Use new TLS port for eventgate-analytics

https://gerrit.wikimedia.org/r/562840

gerritbot added a project: Patch-For-Review.Jan 8 2020, 2:46 PM

Change 562842 had a related patch set uploaded (by Elukey; owner: Elukey):
[operations/homer/public@master] Add port 4192 to term eventgate-analytics in analytics-in4

https://gerrit.wikimedia.org/r/562842

Change 562840 merged by Ottomata:
[operations/mediawiki-config@master] Use new TLS port for eventgate-analytics

https://gerrit.wikimedia.org/r/562840

Mentioned in SAL (#wikimedia-operations) [2020-01-08T15:00:39Z] <ottomata> deploying change to use new TLS port for eventgate-analytics - T242224

Ottomata updated the task description. (Show Details)Jan 8 2020, 3:04 PM

Mentioned in SAL (#wikimedia-operations) [2020-01-08T15:10:09Z] <otto@deploy1001> Synchronized wmf-config/ProductionServices.php: Make EventBus use TLS for eventgate-analytics - T242224 (duration: 06m 10s)

Mentioned in SAL (#wikimedia-operations) [2020-01-08T15:11:43Z] <otto@deploy1001> sync-file aborted: Make EventBus use TLS for eventgate-analytics - T242224 (duration: 00m 00s)

Mentioned in SAL (#wikimedia-operations) [2020-01-08T15:19:59Z] <otto@deploy1001> sync-file aborted: REVERT Make EventBus use TLS for eventgate-analytics - T242224 (duration: 06m 33s)

Mentioned in SAL (#wikimedia-operations) [2020-01-08T15:23:58Z] <otto@deploy1001> sync-file aborted: REVERT Make EventBus use TLS for eventgate-analytics - T242224 (duration: 03m 56s)

Mentioned in SAL (#wikimedia-operations) [2020-01-08T15:26:25Z] <otto@deploy1001> Synchronized wmf-config/ProductionServices.php: REVERT Make EventBus use TLS for eventgate-analytics - T242224 (duration: 00m 34s)

Ottomata moved this task from Backlog to In Progress Before Value Streams Kickoff (August 15th) on the Event-Platform board.Jan 8 2020, 3:53 PM

Ottomata moved this task from Next Up to In Progress on the Analytics-Kanban board.Jan 8 2020, 5:04 PM

@Joe Q for you. If php-fpm will not do HTTPS requests under load...what should we do for TLS everywhere with eventgate? Should we just stall on this for the time being?

Ottomata moved this task from In Progress to Paused on the Analytics-Kanban board.Jan 15 2020, 5:09 PM

Ottomata moved this task from Incoming to Event Platform on the Analytics board.Feb 6 2020, 5:45 PM

Milimetric removed a project: Analytics-Kanban.Feb 24 2020, 4:56 PM

Change 576370 had a related patch set uploaded (by Ottomata; owner: Ottomata):
[operations/puppet@production] Switch change-prop and restbase event_service_uri to new TLS eventgate-main

https://gerrit.wikimedia.org/r/576370

Change 576370 merged by Ottomata:
[operations/puppet@production] Switch change-prop and restbase event_service_uri to new TLS eventgate-main

https://gerrit.wikimedia.org/r/576370

Mentioned in SAL (#wikimedia-operations) [2020-03-03T16:17:44Z] <Pchelolo> restart restbase on 2009 for T242224

Mentioned in SAL (#wikimedia-operations) [2020-03-03T16:35:11Z] <otto@deploy1001> Started restart [restbase/deploy@bfdd342] (dev-cluster): Restart (dev-cluster) to pick up new LVS TLS port for eventgate T242224

• Pchelolo updated the task description. (Show Details)Mar 3 2020, 4:37 PM

Mentioned in SAL (#wikimedia-operations) [2020-03-03T16:47:13Z] <otto@deploy1001> Started restart [restbase/deploy@bfdd342]: Restart to pick up new LVS TLS port for eventgate T242224

Mentioned in SAL (#wikimedia-operations) [2020-03-03T17:14:43Z] <otto@deploy1001> Started restart [changeprop/deploy@e2fe8ca]: Restart to pick up new LVS TLS port for eventgate T242224

Ottomata updated the task description. (Show Details)Mar 3 2020, 5:19 PM

Ottomata updated the task description. (Show Details)

EventBus switches are being worked on as part of T247484: Lots of "EventBus: Unable to deliver all events"

@Joe can we call this one done too now?

In T242224#6003048, @Ottomata wrote:

@Joe can we call this one done too now?

I think so, yes. We can always reopen if something weird shows up

Switch all eventgate clients to use new TLS portClosed, ResolvedPublicActions