Page MenuHomePhabricator

Move termbox to use TLS only
Closed, ResolvedPublic

Description

termbox should be moved to be TLS only. As termbox is only called by mediawiki, this can already switched to TLS (as mediawiki calls it via envoy).

  • Add TLS support to the deployment chart
  • Enable TLS on k8s in production
  • Add Additional LVS endpoint configuration
  • Switch mediawiki envoy to use TLS
  • Remove non-TLS LVS endpoint configuration
  • Remove the non-TLS k8s service

Event Timeline

Restricted Application added a subscriber: Aklapper. ยท View Herald TranscriptJun 5 2020, 1:51 PM

Change 603437 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs::configuration: add termbox-https

https://gerrit.wikimedia.org/r/603437

Change 603437 merged by JMeybohm:
[operations/puppet@production] lvs::configuration: add termbox-https

https://gerrit.wikimedia.org/r/603437

Mentioned in SAL (#wikimedia-operations) [2020-06-09T09:57:49Z] <jayme> restarting pybal on lvs1016 and lvs2010 for T254581

Mentioned in SAL (#wikimedia-operations) [2020-06-09T10:14:26Z] <jayme> restarting pybal on lvs1015 and lvs2009 for T254581

Change 603974 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs::configuration: termbox-https monitoring_setup

https://gerrit.wikimedia.org/r/603974

Change 603974 merged by JMeybohm:
[operations/puppet@production] lvs::configuration: termbox-https monitoring_setup

https://gerrit.wikimedia.org/r/603974

Change 604050 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs::configuration: termbox-https production

https://gerrit.wikimedia.org/r/604050

Change 604050 merged by JMeybohm:
[operations/puppet@production] lvs::configuration: termbox-https production

https://gerrit.wikimedia.org/r/604050

Change 604062 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] services_proxy: switch termbox to TLS

https://gerrit.wikimedia.org/r/604062

Mentioned in SAL (#wikimedia-operations) [2020-06-10T09:14:17Z] <jayme> T254581 disabling puppet on all mw, api and jobrunner servers to move termbox envoy config to TLS

Change 604062 merged by JMeybohm:
[operations/puppet@production] services_proxy: switch termbox to TLS

https://gerrit.wikimedia.org/r/604062

Mentioned in SAL (#wikimedia-operations) [2020-06-10T10:23:34Z] <jayme> T254581 re-enabled puppet on all mw, api and jobrunner servers

JMeybohm triaged this task as Medium priority.Jul 21 2020, 7:50 AM

Change 627297 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs: Rename termbox-https to termbox

https://gerrit.wikimedia.org/r/627297

Change 627298 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs: Remove termbox non-TLS endpoint from LVS 1/3

https://gerrit.wikimedia.org/r/627298

Change 627299 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs: Remove termbox non-TLS endpoint from LVS 2/3

https://gerrit.wikimedia.org/r/627299

Change 627300 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs: Remove blubberoid non-TLS endpoint from LVS 3/3

https://gerrit.wikimedia.org/r/627300

Change 627297 merged by JMeybohm:
[operations/puppet@production] lvs: Rename termbox-https to termbox

https://gerrit.wikimedia.org/r/627297

Change 627299 abandoned by JMeybohm:
[operations/puppet@production] lvs: Remove termbox non-TLS endpoint from LVS 2/3

Reason:

https://gerrit.wikimedia.org/r/627299

Change 627298 merged by JMeybohm:
[operations/puppet@production] lvs: Remove termbox non-TLS endpoint from LVS 1/3

https://gerrit.wikimedia.org/r/627298

Change 627300 merged by JMeybohm:
[operations/puppet@production] lvs: Remove termbox non-TLS endpoint from LVS 3/3

https://gerrit.wikimedia.org/r/627300

Mentioned in SAL (#wikimedia-operations) [2020-09-22T07:42:29Z] <jayme> restarting pybal on lvs1016.eqiad.wmnet,lvs2010.codfw.wmnet - T255879 T254581

Mentioned in SAL (#wikimedia-operations) [2020-09-22T07:46:29Z] <jayme> restarting pybal on lvs1015.eqiad.wmnet,lvs2009.codfw.wmnet - T255879 T254581

Mentioned in SAL (#wikimedia-operations) [2020-09-22T07:49:48Z] <jayme> running ipvsadm -D -t 10.2.2.18:8080; ipvsadm -D -t 10.2.2.46:3030 on lvs1016.eqiad.wmnet,lvs1015.eqiad.wmnet - T255879 T254581

Mentioned in SAL (#wikimedia-operations) [2020-09-22T07:51:18Z] <jayme> running ipvsadm -D -t 10.2.1.18:8080; ipvsadm -D -t 10.2.1.46:3030 on lvs2010.codfw.wmnet,lvs2009.codfw.wmnet - T255879 T254581

JMeybohm updated the task description. (Show Details)
JMeybohm updated the task description. (Show Details)

Change 715448 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] termbox: Remove HTTP service from kubernetes

https://gerrit.wikimedia.org/r/715448

Change 715448 merged by jenkins-bot:

[operations/deployment-charts@master] termbox: Remove HTTP service from kubernetes

https://gerrit.wikimedia.org/r/715448

JMeybohm updated the task description. (Show Details)