Page MenuHomePhabricator
Create Task
Maniphest T255875

Move mathoid to use TLS only
Open, MediumPublic
Actions

Description

  • Add TLS support to the deployment chart
  • Enable TLS on k8s in production
  • Add Additional LVS endpoint configuration
  • Switch services to use the TLS LVS
  • Remove non-TLS LVS endpoint configuration
  • Remove the non-TLS k8s service

Details

ProjectBranchLines +/-Subject
operations/puppetproduction+0 -36lvs: Remove mathoid non-TLS endpoint 2/2
operations/puppetproduction+2 -11lvs: Remove mathoid non-TLS endpoint 1/2
operations/puppetproduction+1 -2services_proxy: switch mathoid to the TLS endpoint
operations/puppetproduction+8 -2service: add TLS endpoint for mathoid 2/2
operations/puppetproduction+41 -1service: add TLS endpoint for mathoid 1/2
Customize query in gerrit

Related Objects
Search...

Event Timeline

JMeybohm created this task.Jun 19 2020, 3:42 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 19 2020, 3:42 PM
JMeybohm triaged this task as Medium priority.Jul 21 2020, 7:54 AM
jijiki moved this task from Incoming 🐫 to Unsorted on the serviceops board.Aug 17 2020, 11:45 PM
JMeybohm claimed this task.Sep 22 2020, 2:34 PM
gerritbot added a comment.Sep 23 2020, 9:30 AM

Change 629325 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] service: add TLS endpoint for mathoid 1/2

https://gerrit.wikimedia.org/r/629325

gerritbot added a project: Patch-For-Review.Sep 23 2020, 9:30 AM

Change 629326 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] service: add TLS endpoint for mathoid 2/2

https://gerrit.wikimedia.org/r/629326

gerritbot added a comment.Sep 23 2020, 9:30 AM

Change 629327 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] services_proxy: switch mathoid to the TLS endpoint

https://gerrit.wikimedia.org/r/629327

gerritbot added a comment.Sep 23 2020, 9:30 AM

Change 629328 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs: Remove mathoid non-TLS endpoint 1/2

https://gerrit.wikimedia.org/r/629328

gerritbot added a comment.Sep 23 2020, 9:30 AM

Change 629329 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs: Remove mathoid non-TLS endpoint 2/2

https://gerrit.wikimedia.org/r/629329

gerritbot added a comment.Sep 24 2020, 9:42 AM

Change 629325 merged by JMeybohm:
[operations/puppet@production] service: add TLS endpoint for mathoid 1/2

https://gerrit.wikimedia.org/r/629325

Stashbot added a comment.Sep 24 2020, 9:43 AM

Mentioned in SAL (#wikimedia-operations) [2020-09-24T09:43:40Z] <jayme> running puppet on lvs servers - T255875

Stashbot added a comment.Sep 24 2020, 9:46 AM

Mentioned in SAL (#wikimedia-operations) [2020-09-24T09:46:28Z] <jayme> restart pybal on lvs1016.eqiad.wmnet,lvs2010.codfw.wmnet - T255875

Stashbot added a comment.Sep 24 2020, 9:48 AM

Mentioned in SAL (#wikimedia-operations) [2020-09-24T09:48:58Z] <jayme> restart pybal on lvs1015.eqiad.wmnet,lvs2009.codfw.wmnet - T255875

gerritbot added a comment.Sep 24 2020, 9:57 AM

Change 629326 merged by JMeybohm:
[operations/puppet@production] service: add TLS endpoint for mathoid 2/2

https://gerrit.wikimedia.org/r/629326

gerritbot added a comment.Sep 24 2020, 12:57 PM

Change 629327 merged by JMeybohm:
[operations/puppet@production] services_proxy: switch mathoid to the TLS endpoint

https://gerrit.wikimedia.org/r/629327

Stashbot added a comment.Sep 24 2020, 12:58 PM

Mentioned in SAL (#wikimedia-operations) [2020-09-24T12:58:37Z] <jayme> switched mathoid service-proxy listener to use TLS - T255875

JMeybohm updated the task description. (Show Details)Sep 29 2020, 8:32 AM
gerritbot added a comment.Oct 1 2020, 8:33 AM

Change 629328 merged by JMeybohm:
[operations/puppet@production] lvs: Remove mathoid non-TLS endpoint 1/2

https://gerrit.wikimedia.org/r/629328

gerritbot added a comment.Oct 2 2020, 9:08 AM

Change 629329 merged by JMeybohm:
[operations/puppet@production] lvs: Remove mathoid non-TLS endpoint 2/2

https://gerrit.wikimedia.org/r/629329

Maintenance_bot removed a project: Patch-For-Review.Oct 2 2020, 9:10 AM
Stashbot added a comment.Oct 2 2020, 9:12 AM

Mentioned in SAL (#wikimedia-operations) [2020-10-02T09:12:25Z] <jayme> running puppet on lvs servers - T255875 T255869

Stashbot mentioned this in T255869: Move zotero to use TLS only.Oct 2 2020, 9:12 AM
Stashbot added a comment.Oct 2 2020, 9:14 AM

Mentioned in SAL (#wikimedia-operations) [2020-10-02T09:14:41Z] <jayme> restarting pybal on lvs1016.eqiad.wmnet,lvs2010.codfw.wmnet - T255875 T255869

Stashbot added a comment.Oct 2 2020, 9:17 AM

Mentioned in SAL (#wikimedia-operations) [2020-10-02T09:17:49Z] <jayme> restarting pybal on lvs1015.eqiad.wmnet,lvs2009.codfw.wmnet - T255875 T255869

Stashbot added a comment.Oct 2 2020, 9:18 AM

Mentioned in SAL (#wikimedia-operations) [2020-10-02T09:18:14Z] <jayme> running ipvsadm -D -t 10.2.2.20:10042; ipvsadm -D -t 10.2.2.16:1969 on lvs1016.eqiad.wmnet,lvs1015.eqiad.wmnet - T255875 T255869

Stashbot added a comment.Oct 2 2020, 9:19 AM

Mentioned in SAL (#wikimedia-operations) [2020-10-02T09:19:01Z] <jayme> running ipvsadm -D -t 10.2.1.20:10042; ipvsadm -D -t 10.2.1.16:1969 on lvs2010.codfw.wmnet,lvs2009.codfw.wmnet - T255875 T255869

JMeybohm updated the task description. (Show Details)Oct 2 2020, 9:22 AM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL