Page MenuHomePhabricator

Reconfigure fundraising public-reporting server role to fundraising-data
Closed, ResolvedPublic

Description

Current thinking is that this role will be changed to a donor interaction service (data delivery, email prefs)

Here are a couple things that point to it now. A web search brings up a handful of external references as well.

Puppetized components to migrate from role::public_reporting to role::frdata:

  • create puppet role::frdata
    • slander IRC bot
    • syslog collector for log_to_irc
    • privatebin
    • fundraising::donorwiki
    • nginx vhost frdata.wm.o simple webserver
    • nginx vhost fundraising.wm.o with URL shortened redirects and proxy pass to donorwiki and privatebin
    • separate nginx vhost with client cert authentication for fundraising.wm.o admin interface
  • adjust firewall policies related to log_to_irc
  • adjust firewall policies related to public data export
  • adjust configured log_to_irc host
  • adjust NAT and firewall policy for privatebin/donorwiki
  • update data push destination in localsettings/process-control/civi1001/fundraiser_public_data_export.yaml
  • adjust DNS CNAME for frdata.wikimedia.org
  • reconfigure production monitoring
  • adjust central log collation for frdata* hostnames
  • evaluate firejail or container for IRC bot
  • firewall config for frdata1002/2001 {T274422}
  • configure cross-host data sync to standby server (pushing off to T283092)
  • adjust DNS CNAME for fundraising.wikimedia.org
  • configure LE to fetch fundraising.wikimedia.org certificate

Deprecated server, vlan, policies, and puppet components:

  • remove puppet role::public_reporting
  • remove iptables policy for public_reporting role
  • shut down host frdata1001
  • remove internal DNS for frdata1001
  • remove external DNS for frdata1001 and 208.80.155.10
  • remove deprecated frack-DMZ1-c-eqiad VLAN T174203: Investigate decommissioning two eqiad-frack vlans
  • remove pfw policy for public_reporting role {T274422}
  • remove pfw NAT for public_reporting role {T274422}
  • remove fundraising.wikimedia.org site from payments-listener role
  • remove fundraising-eqiad NAT from pfw
  • remove fundraising IP alias from payments-listener role
  • remove DNS entries related to fundraising-* NAT external IPs
  • remove DNS entries related to frpig*-fundraising internal IPs
  • clean up pfw policy for deprecated fundraising-eqiad IP
  • clean up iptables policy for deprecated fundraising-eqiad IP

Event Timeline

DStrine closed subtask Restricted Task as Resolved.Jun 16 2020, 7:55 PM
ayounsi closed subtask Restricted Task as Resolved.Feb 8 2021, 8:58 AM

Change 662713 had a related patch set uploaded (by Jgreen; owner: Jgreen):
[operations/dns@master] switch frdata.wm.o cname to point to frdata-eqiad.wm.o

https://gerrit.wikimedia.org/r/662713

Change 662713 merged by Jgreen:
[operations/dns@master] switch frdata.wm.o cname to point to frdata-eqiad.wm.o

https://gerrit.wikimedia.org/r/662713

Change 662728 had a related patch set uploaded (by Jgreen; owner: Jgreen):
[operations/puppet@production] adjust nsca_frack.cfg.erb remove frdata1001, add frdata1002,frdata2001

https://gerrit.wikimedia.org/r/662728

Change 662728 merged by Jgreen:
[operations/puppet@production] adjust nsca_frack.cfg.erb remove frdata1001, add frdata1002,frdata2001

https://gerrit.wikimedia.org/r/662728

Change 662737 had a related patch set uploaded (by Jgreen; owner: Jgreen):
[operations/puppet@production] nsca_frack.cfg.erb switch frdata* IPs to external ones b/c ping is flapping

https://gerrit.wikimedia.org/r/662737

Change 662737 merged by Jgreen:
[operations/puppet@production] nsca_frack.cfg.erb switch frdata* IPs to external ones b/c ping is flapping

https://gerrit.wikimedia.org/r/662737

Jgreen updated the task description. (Show Details)

Just reworked slander to run within firejail.

[frack::puppet] d0e31bc9 Move slander to using firejail and new log location 
[frack::puppet] 2dbe000f Shift variable declaration in frdata role 
[frack::puppet] cf40aaab Fix typo in ExecStart for slander systemd init 
[frack::puppet] caff2562 Shift how slander restarts the service based on firejail changes

Change 663307 had a related patch set uploaded (by Jgreen; owner: Jgreen):
[operations/dns@master] remove A/PTR records for frdata1001.wikimedia.org

https://gerrit.wikimedia.org/r/663307

Change 663307 merged by Jgreen:
[operations/dns@master] remove A/PTR records for frdata1001.wikimedia.org

https://gerrit.wikimedia.org/r/663307

ayounsi closed subtask Restricted Task as Resolved.Mar 16 2021, 7:55 PM

Change 705728 had a related patch set uploaded (by Jgreen; author: Jgreen):

[operations/dns@master] Switch fundraising.wm.o CNAME to point to frdata-eqiad.wm.o

https://gerrit.wikimedia.org/r/705728

Change 705728 merged by Jgreen:

[operations/dns@master] Switch fundraising.wm.o CNAME to point to frdata-eqiad.wm.o

https://gerrit.wikimedia.org/r/705728

Jgreen updated the task description. (Show Details)

Change 705735 had a related patch set uploaded (by Jgreen; author: Jgreen):

[operations/puppet@production] adjust monitoring for frdata and payments-listener roles

https://gerrit.wikimedia.org/r/705735

Change 705735 merged by Jgreen:

[operations/puppet@production] adjust monitoring for frdata and payments-listener roles

https://gerrit.wikimedia.org/r/705735

ayounsi closed subtask Restricted Task as Resolved.Jul 21 2021, 9:57 AM

Change 705892 had a related patch set uploaded (by Jgreen; author: Jgreen):

[operations/dns@master] remove deprecated frpig*-fundraising A/PTR records

https://gerrit.wikimedia.org/r/705892

Change 705892 merged by Jgreen:

[operations/dns@master] remove deprecated frpig*-fundraising A/PTR records

https://gerrit.wikimedia.org/r/705892

Change 705893 had a related patch set uploaded (by Jgreen; author: Jgreen):

[operations/dns@master] Remove deprecated fundraising-[eqiad|codfw].wikimedia.org A/PTR records

https://gerrit.wikimedia.org/r/705893

Change 705893 merged by Jgreen:

[operations/dns@master] Remove deprecated fundraising-[eqiad|codfw].wikimedia.org A/PTR records

https://gerrit.wikimedia.org/r/705893

Jgreen claimed this task.
Jgreen triaged this task as Medium priority.
Jgreen updated the task description. (Show Details)
Jgreen moved this task from In Progress to Done on the fundraising-tech-ops board.