Page MenuHomePhabricator
Create Task
Maniphest T255869

Move zotero to use TLS only
Closed, ResolvedPublic
Actions

Description

  • Add TLS support to the deployment chart
  • Enable TLS on k8s in production
  • Add Additional LVS endpoint configuration
  • Switch services to use the TLS LVS
  • Remove non-TLS LVS endpoint configuration
  • Remove the non-TLS k8s service

Details

Show related patches Customize query in gerrit

Related Objects
Search...

Event Timeline

JMeybohm created this task.Jun 19 2020, 3:35 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 19 2020, 3:35 PM
JMeybohm triaged this task as Medium priority.Jul 21 2020, 7:53 AM
jijiki moved this task from Incoming 🐫 to 🔦Unused2 on the serviceops board.Aug 17 2020, 11:45 PM
JMeybohm claimed this task.Sep 23 2020, 9:40 AM
gerritbot added a comment.Sep 23 2020, 10:02 AM

Change 629334 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] service: add TLS endpoint for zotero 1/3

https://gerrit.wikimedia.org/r/629334

gerritbot added a project: Patch-For-Review.Sep 23 2020, 10:02 AM

Change 629335 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] service: add TLS endpoint for zotero 2/3

https://gerrit.wikimedia.org/r/629335

gerritbot added a comment.Sep 23 2020, 10:02 AM

Change 629336 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] service: add TLS endpoint for zotero 3/3

https://gerrit.wikimedia.org/r/629336

gerritbot added a comment.Sep 23 2020, 10:02 AM

Change 629337 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] services_proxy: switch zotero to the TLS endpoint

https://gerrit.wikimedia.org/r/629337

gerritbot added a comment.Sep 23 2020, 10:02 AM

Change 629338 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs: Remove zotero non-TLS endpoint 1/2

https://gerrit.wikimedia.org/r/629338

gerritbot added a comment.Sep 23 2020, 10:02 AM

Change 629339 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs: Remove zotero non-TLS endpoint 2/2

https://gerrit.wikimedia.org/r/629339

gerritbot added a comment.Sep 24 2020, 2:05 PM

Change 629334 merged by JMeybohm:
[operations/puppet@production] service: add TLS endpoint for zotero 1/3

https://gerrit.wikimedia.org/r/629334

Stashbot added a comment.Sep 24 2020, 2:09 PM

Mentioned in SAL (#wikimedia-operations) [2020-09-24T14:09:32Z] <jayme> running puppet on lvs servers - T255869

Stashbot added a comment.Sep 24 2020, 2:16 PM

Mentioned in SAL (#wikimedia-operations) [2020-09-24T14:16:54Z] <jayme> restart pybal on lvs1016.eqiad.wmnet,lvs2010.codfw.wmnet - T255869

Stashbot added a comment.Sep 24 2020, 2:18 PM

Mentioned in SAL (#wikimedia-operations) [2020-09-24T14:18:27Z] <jayme> restart pybal on lvs1015.eqiad.wmnet,lvs2009.codfw.wmnet - T255869

gerritbot added a comment.Sep 24 2020, 2:29 PM

Change 629335 merged by JMeybohm:
[operations/puppet@production] service: add TLS endpoint for zotero 2/3

https://gerrit.wikimedia.org/r/629335

gerritbot added a comment.Sep 24 2020, 2:54 PM

Change 629336 merged by JMeybohm:
[operations/puppet@production] service: add TLS endpoint for zotero 3/3

https://gerrit.wikimedia.org/r/629336

gerritbot added a comment.Sep 24 2020, 3:09 PM

Change 629337 merged by JMeybohm:
[operations/puppet@production] services_proxy: switch zotero to the TLS endpoint

https://gerrit.wikimedia.org/r/629337

Stashbot added a comment.Sep 24 2020, 3:10 PM

Mentioned in SAL (#wikimedia-operations) [2020-09-24T15:10:18Z] <jayme> switched zotero service-proxy listener to use TLS - T255869

gerritbot added a comment.Sep 29 2020, 9:02 AM

Change 630769 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/deployment-charts@master] citoid: Add zotero TLS port to egress

https://gerrit.wikimedia.org/r/630769

gerritbot added a comment.Sep 29 2020, 9:14 AM

Change 630771 had a related patch set uploaded (by Alexandros Kosiaris; owner: Alexandros Kosiaris):
[operations/deployment-charts@master] citoid: Allow zotero access to HTTPS port

https://gerrit.wikimedia.org/r/630771

gerritbot added a comment.Sep 29 2020, 9:20 AM

Change 630771 abandoned by Alexandros Kosiaris:
[operations/deployment-charts@master] citoid: Allow zotero access to HTTPS port

Reason:
Also being done in https://gerrit.wikimedia.org/r/c/operations/deployment-charts/ /630769, abandoning in favor of that.

https://gerrit.wikimedia.org/r/630771

gerritbot added a comment.Sep 29 2020, 9:43 AM

Change 630769 merged by jenkins-bot:
[operations/deployment-charts@master] citoid: Add zotero TLS port to egress

https://gerrit.wikimedia.org/r/630769

gerritbot added a comment.Sep 29 2020, 12:40 PM

Change 630788 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] services_proxy: switch zotero to the TLS endpoint

https://gerrit.wikimedia.org/r/630788

gerritbot added a comment.Sep 29 2020, 12:46 PM

Change 630788 merged by JMeybohm:
[operations/puppet@production] services_proxy: switch zotero to the TLS endpoint

https://gerrit.wikimedia.org/r/630788

gerritbot added a comment.Sep 30 2020, 9:10 AM

Change 631147 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] services_proxy: Add nodejs keepalive timeout (4.5s) to citoid and zotero

https://gerrit.wikimedia.org/r/631147

gerritbot added a comment.Sep 30 2020, 9:39 AM

Change 631147 merged by JMeybohm:
[operations/puppet@production] services_proxy: Add nodejs keepalive timeout (4.5s) to citoid and zotero

https://gerrit.wikimedia.org/r/631147

JMeybohm updated the task description. (Show Details)Sep 30 2020, 1:11 PM
gerritbot added a comment.Oct 1 2020, 1:08 PM

Change 629338 merged by JMeybohm:
[operations/puppet@production] lvs: Remove zotero non-TLS endpoint 1/2

https://gerrit.wikimedia.org/r/629338

gerritbot added a comment.Oct 2 2020, 9:10 AM

Change 629339 merged by JMeybohm:
[operations/puppet@production] lvs: Remove zotero non-TLS endpoint 2/2

https://gerrit.wikimedia.org/r/629339

Stashbot mentioned this in T255875: Move mathoid to use TLS only.Oct 2 2020, 9:12 AM

Mentioned in SAL (#wikimedia-operations) [2020-10-02T09:12:25Z] <jayme> running puppet on lvs servers - T255875 T255869

Stashbot added a comment.Oct 2 2020, 9:14 AM

Mentioned in SAL (#wikimedia-operations) [2020-10-02T09:14:41Z] <jayme> restarting pybal on lvs1016.eqiad.wmnet,lvs2010.codfw.wmnet - T255875 T255869

Stashbot added a comment.Oct 2 2020, 9:17 AM

Mentioned in SAL (#wikimedia-operations) [2020-10-02T09:17:49Z] <jayme> restarting pybal on lvs1015.eqiad.wmnet,lvs2009.codfw.wmnet - T255875 T255869

Stashbot added a comment.Oct 2 2020, 9:18 AM

Mentioned in SAL (#wikimedia-operations) [2020-10-02T09:18:14Z] <jayme> running ipvsadm -D -t 10.2.2.20:10042; ipvsadm -D -t 10.2.2.16:1969 on lvs1016.eqiad.wmnet,lvs1015.eqiad.wmnet - T255875 T255869

Stashbot added a comment.Oct 2 2020, 9:19 AM

Mentioned in SAL (#wikimedia-operations) [2020-10-02T09:19:01Z] <jayme> running ipvsadm -D -t 10.2.1.20:10042; ipvsadm -D -t 10.2.1.16:1969 on lvs2010.codfw.wmnet,lvs2009.codfw.wmnet - T255875 T255869

JMeybohm updated the task description. (Show Details)Oct 2 2020, 9:22 AM
gerritbot added a comment.Aug 30 2021, 8:06 AM

Change 715450 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] zotero: Remove HTTP service from kubernetes

https://gerrit.wikimedia.org/r/715450

gerritbot added a comment.Sep 2 2021, 1:49 PM

Change 715450 merged by jenkins-bot:

[operations/deployment-charts@master] zotero: Remove HTTP service from kubernetes

https://gerrit.wikimedia.org/r/715450

JMeybohm closed this task as Resolved.Sep 2 2021, 2:40 PM
JMeybohm updated the task description. (Show Details)
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL