To do after change on July 14th
See https://lists.wikimedia.org/pipermail/wikitech-l/2020-July/093588.html
I believe someone will just need to log into the wikibugs tool adjust .ssh/known_hosts and accept the new fingerprints.
Description
Description
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Declined | None | T257383 Update wikibugs's Gerrit ssh host keys | |||
| Restricted Task | |||||
| Resolved | hashar | T171165 Add support for ecdsa keys in zuul (Also update paramiko to 2.2+) | |||
| Resolved | ABran-WMF | T417247 Reimage gerrit2002 | |||
| Resolved | ABran-WMF | T418242 SystemdUnitFailed - rsync-lfs_replica_sync.service on gerrit2002:9100 | |||
| Resolved | ABran-WMF | T418264 Fix gerrit-restart cookbook | |||
| Resolved | ABran-WMF | T418266 GerritHAProxyServiceUnavailable | |||
| Resolved | ABran-WMF | T418240 GerritReplicationUnavailable | |||
| Resolved | ABran-WMF | T406334 Gerrit switchover between secondary instances |
Event Timeline
Comment Actions
If we land the currently proposed patches for T359096: Bot does not detect when ssh connection to Gerrit is interrupted this task will become obsolete as the asyncssh config in that MR ignores host keys entirely. This is not risky in my opinion as the bot is only reading an event stream. A MITM attack on the bot<->gerrit ssh connection could at worst produce some misleading or harassing irc messages.