Page MenuHomePhabricator
Create Task
Maniphest T255868

Move citoid to use TLS only
Closed, ResolvedPublic
Actions

Description

  • Add TLS support to the deployment chart
  • Enable TLS on k8s in production
  • Add Additional LVS endpoint configuration
  • Switch services to use the TLS LVS
  • Remove non-TLS LVS endpoint configuration
  • Remove the non-TLS k8s service

Details

Show related patches Customize query in gerrit

Related Objects
Search...

Event Timeline

JMeybohm created this task.Jun 19 2020, 3:34 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 19 2020, 3:34 PM
JMeybohm triaged this task as Medium priority.Jul 21 2020, 7:53 AM
jijiki moved this task from Incoming 🐫 to 🔦Unused2 on the serviceops board.Aug 17 2020, 11:45 PM
gerritbot added a comment.Sep 7 2020, 7:32 AM

Change 625592 had a related patch set uploaded (by Giuseppe Lavagetto; owner: Giuseppe Lavagetto):
[operations/puppet@production] profile::services_proxy::envoy: add zotero as a backend

https://gerrit.wikimedia.org/r/625592

gerritbot added a project: Patch-For-Review.Sep 7 2020, 7:32 AM
gerritbot added a comment.Sep 7 2020, 7:37 AM

Change 625592 merged by Giuseppe Lavagetto:
[operations/puppet@production] profile::services_proxy::envoy: add zotero as a backend

https://gerrit.wikimedia.org/r/625592

gerritbot added a comment.Sep 7 2020, 8:07 AM

Change 625595 had a related patch set uploaded (by Giuseppe Lavagetto; owner: Giuseppe Lavagetto):
[operations/deployment-charts@master] citoid: make the zotero port configurable

https://gerrit.wikimedia.org/r/625595

gerritbot added a comment.Sep 7 2020, 8:07 AM

Change 625596 had a related patch set uploaded (by Giuseppe Lavagetto; owner: Giuseppe Lavagetto):
[operations/deployment-charts@master] citoid: use the service proxy

https://gerrit.wikimedia.org/r/625596

gerritbot added a comment.Sep 7 2020, 8:37 AM

Change 625600 had a related patch set uploaded (by Giuseppe Lavagetto; owner: Giuseppe Lavagetto):
[operations/puppet@production] citoid: add LVS endpoint

https://gerrit.wikimedia.org/r/625600

gerritbot added a comment.Sep 7 2020, 8:37 AM

Change 625601 had a related patch set uploaded (by Giuseppe Lavagetto; owner: Giuseppe Lavagetto):
[operations/puppet@production] citoid: promote https lvs to production status

https://gerrit.wikimedia.org/r/625601

gerritbot added a comment.Sep 7 2020, 8:37 AM

Change 625602 had a related patch set uploaded (by Giuseppe Lavagetto; owner: Giuseppe Lavagetto):
[operations/puppet@production] service_proxy: switch citoid to TLS

https://gerrit.wikimedia.org/r/625602

gerritbot added a comment.Sep 7 2020, 8:37 AM

Change 625603 had a related patch set uploaded (by Giuseppe Lavagetto; owner: Giuseppe Lavagetto):
[operations/puppet@production] citoid: remove unencrypted LVS endpoint

https://gerrit.wikimedia.org/r/625603

gerritbot added a comment.Sep 7 2020, 8:45 AM

Change 625595 merged by jenkins-bot:
[operations/deployment-charts@master] citoid: make the zotero port configurable

https://gerrit.wikimedia.org/r/625595

gerritbot added a comment.Sep 7 2020, 9:08 AM

Change 625596 merged by jenkins-bot:
[operations/deployment-charts@master] citoid: use the service proxy

https://gerrit.wikimedia.org/r/625596

Mvolz added a project: Citoid.Sep 9 2020, 11:54 AM
Mvolz subscribed.
Mvolz added a comment.Sep 9 2020, 12:09 PM
This comment was removed by Mvolz.
gerritbot added a comment.Sep 14 2020, 7:51 AM

Change 625600 merged by Giuseppe Lavagetto:
[operations/puppet@production] citoid: add TLS LVS endpoint

https://gerrit.wikimedia.org/r/625600

gerritbot added a comment.Sep 14 2020, 8:40 AM

Change 625601 merged by Giuseppe Lavagetto:
[operations/puppet@production] citoid: promote https lvs to production status

https://gerrit.wikimedia.org/r/625601

gerritbot added a comment.Sep 14 2020, 9:00 AM

Change 625602 merged by Giuseppe Lavagetto:
[operations/puppet@production] service_proxy: switch citoid to TLS

https://gerrit.wikimedia.org/r/625602

gerritbot added a comment.Sep 22 2020, 10:11 AM

Change 629077 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] citoid: remove unencrypted LVS endpoint 1/2

https://gerrit.wikimedia.org/r/629077

gerritbot added a comment.Sep 22 2020, 1:37 PM

Change 629077 merged by Giuseppe Lavagetto:
[operations/puppet@production] citoid: remove unencrypted LVS endpoint 1/2

https://gerrit.wikimedia.org/r/629077

gerritbot added a comment.Sep 22 2020, 1:58 PM

Change 625603 merged by JMeybohm:
[operations/puppet@production] citoid: remove unencrypted LVS endpoint 2/2

https://gerrit.wikimedia.org/r/625603

Stashbot mentioned this in T255877: Move proton to use TLS only.Sep 22 2020, 2:05 PM

Mentioned in SAL (#wikimedia-operations) [2020-09-22T14:05:57Z] <jayme> running puppet on lvs servers - T255868 T255877

Stashbot added a comment.Sep 22 2020, 2:09 PM

Mentioned in SAL (#wikimedia-operations) [2020-09-22T14:09:15Z] <jayme> restarting pybal on lvs1016.eqiad.wmnet,lvs2010.codfw.wmnet - T255868 T255877

Stashbot added a comment.Sep 22 2020, 2:11 PM

Mentioned in SAL (#wikimedia-operations) [2020-09-22T14:11:21Z] <jayme> restarting pybal on lvs1015.eqiad.wmnet,lvs2009.codfw.wmnet - T255868 T255877

Stashbot added a comment.Sep 22 2020, 2:12 PM

Mentioned in SAL (#wikimedia-operations) [2020-09-22T14:12:01Z] <jayme> running ipvsadm -D -t 10.2.2.19:1970; ipvsadm -D -t 10.2.2.21:24766 on lvs1016.eqiad.wmnet,lvs1015.eqiad.wmnet - T255868 T255877

Stashbot added a comment.Sep 22 2020, 2:12 PM

Mentioned in SAL (#wikimedia-operations) [2020-09-22T14:12:40Z] <jayme> running ipvsadm -D -t 10.2.1.19:1970; ipvsadm -D -t 10.2.1.21:24766 on lvs2010.codfw.wmnet,lvs2009.codfw.wmnet - T255868 T255877

JMeybohm claimed this task.Sep 22 2020, 2:14 PM
JMeybohm updated the task description. (Show Details)
gerritbot added a comment.Sep 24 2020, 10:15 AM

Change 629646 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] monitor_services: switch citoid monitor to https

https://gerrit.wikimedia.org/r/629646

gerritbot added a comment.Sep 24 2020, 10:17 AM

Change 629646 merged by JMeybohm:
[operations/puppet@production] monitor_services: switch citoid monitor to https

https://gerrit.wikimedia.org/r/629646

gerritbot added a comment.Sep 30 2020, 9:10 AM

Change 631147 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] services_proxy: Add nodejs keepalive timeout (4.5s) to citoid and zotero

https://gerrit.wikimedia.org/r/631147

gerritbot added a comment.Sep 30 2020, 9:39 AM

Change 631147 merged by JMeybohm:
[operations/puppet@production] services_proxy: Add nodejs keepalive timeout (4.5s) to citoid and zotero

https://gerrit.wikimedia.org/r/631147

Mvolz moved this task from Backlog to Production on the Citoid board.Mar 10 2021, 2:03 PM
gerritbot added a comment.Aug 30 2021, 8:06 AM

Change 715449 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] citoid: Remove HTTP service from kubernetes

https://gerrit.wikimedia.org/r/715449

gerritbot added a comment.Sep 2 2021, 1:26 PM

Change 715449 merged by jenkins-bot:

[operations/deployment-charts@master] citoid: Remove HTTP service from kubernetes

https://gerrit.wikimedia.org/r/715449

JMeybohm closed this task as Resolved.Sep 2 2021, 2:41 PM
JMeybohm updated the task description. (Show Details)
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL