Page MenuHomePhabricator
Create Task
Maniphest T263831

puppetmaster[12]001: add TLS termination
Closed, ResolvedPublic
Actions

Description

The puppetmaster is one of the very few remaining origin servers available only via plain HTTP, see T108580#6488253. We should make it available via HTTPS instead to ensure that traffic between ATS and the puppetmasters (used for https://config-master.wikimedia.org) is encrypted.

Details

SubjectRepoBranchLines +/-
puppetmaster: remove default apache ports from puppetmasteroperations/puppetproduction+24 -27
httpd: Add abbility to remove the defauls ports configuerationoperations/puppetproduction+50 -35
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 Resolved emaT108580 HTTPS for internal service traffic
 ResolvedjbondT263831 puppetmaster[12]001: add TLS termination

Event Timeline

ema created this task.Sep 25 2020, 8:15 AM
Restricted Application added a project: SRE. · View Herald TranscriptSep 25 2020, 8:15 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
ema added a parent task: T108580: HTTPS for internal service traffic.Sep 25 2020, 8:27 AM
MoritzMuehlenhoff added a subscriber: jbond.Sep 25 2020, 9:08 AM
ArielGlenn triaged this task as Medium priority.Sep 28 2020, 9:35 AM
Nintendofan885 added a project: HTTPS.Nov 4 2020, 2:21 PM
ema moved this task from Backlog to Feature Requests on the Traffic board.Nov 24 2020, 3:19 PM
gerritbot added a comment.Dec 17 2020, 3:23 PM

Change 650154 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] httpd: Add abbility to remove the defauls ports configueration

https://gerrit.wikimedia.org/r/650154

gerritbot added a project: Patch-For-Review.Dec 17 2020, 3:23 PM

Change 650155 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] puppetmaster: remove default apache ports from puppetmaster

https://gerrit.wikimedia.org/r/650155

gerritbot added a comment.Dec 17 2020, 3:35 PM

Change 650154 merged by Jbond:
[operations/puppet@production] httpd: Add abbility to remove the defauls ports configueration

https://gerrit.wikimedia.org/r/650154

gerritbot added a comment.Dec 17 2020, 3:35 PM

Change 650155 merged by Jbond:
[operations/puppet@production] puppetmaster: remove default apache ports from puppetmaster

https://gerrit.wikimedia.org/r/650155

Maintenance_bot removed a project: Patch-For-Review.Dec 17 2020, 4:11 PM
jbond closed this task as Resolved.Dec 17 2020, 4:59 PM
jbond claimed this task.

Sorry for the delay however this has been configured now

Dzahn subscribed.Dec 17 2020, 5:04 PM

@jbond @ema So puppetmaster1001 can also be checked off on T210411 ?

BBlack moved this task from Feature Requests to Done on the Traffic board.Oct 8 2021, 6:03 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits