Page MenuHomePhabricator

Move termbox to use TLS only
Open, Needs TriagePublic

Description

termbox should be moved to be TLS only. As termbox is only called by mediawiki, this can already switched to TLS (as mediawiki calls it via envoy).

  • Add TLS support to the deployment chart
  • Enable TLS on k8s in production
  • Add Additional LVS endpoint configuration
  • Switch mediawiki envoy to use TLS
  • Remove non-TLS LVS endpoint configuration
  • Remove the non-TLS k8s service

Event Timeline

JMeybohm created this task.Jun 5 2020, 1:51 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 5 2020, 1:51 PM

Change 603437 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs::configuration: add termbox-https

https://gerrit.wikimedia.org/r/603437

Change 603437 merged by JMeybohm:
[operations/puppet@production] lvs::configuration: add termbox-https

https://gerrit.wikimedia.org/r/603437

Mentioned in SAL (#wikimedia-operations) [2020-06-09T09:57:49Z] <jayme> restarting pybal on lvs1016 and lvs2010 for T254581

Mentioned in SAL (#wikimedia-operations) [2020-06-09T10:14:26Z] <jayme> restarting pybal on lvs1015 and lvs2009 for T254581

Change 603974 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs::configuration: termbox-https monitoring_setup

https://gerrit.wikimedia.org/r/603974

Change 603974 merged by JMeybohm:
[operations/puppet@production] lvs::configuration: termbox-https monitoring_setup

https://gerrit.wikimedia.org/r/603974

Change 604050 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs::configuration: termbox-https production

https://gerrit.wikimedia.org/r/604050

JMeybohm moved this task from Backlog to Doing on the serviceops board.Jun 9 2020, 3:37 PM

Change 604050 merged by JMeybohm:
[operations/puppet@production] lvs::configuration: termbox-https production

https://gerrit.wikimedia.org/r/604050

JMeybohm updated the task description. (Show Details)Jun 9 2020, 4:08 PM

Change 604062 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] services_proxy: switch termbox to TLS

https://gerrit.wikimedia.org/r/604062

Mentioned in SAL (#wikimedia-operations) [2020-06-10T09:14:17Z] <jayme> T254581 disabling puppet on all mw, api and jobrunner servers to move termbox envoy config to TLS

Change 604062 merged by JMeybohm:
[operations/puppet@production] services_proxy: switch termbox to TLS

https://gerrit.wikimedia.org/r/604062

Mentioned in SAL (#wikimedia-operations) [2020-06-10T10:23:34Z] <jayme> T254581 re-enabled puppet on all mw, api and jobrunner servers

JMeybohm updated the task description. (Show Details)Jun 10 2020, 10:59 AM