Page MenuHomePhabricator
Create Task
Maniphest T268882

PKI/CFSSL Next steps
Closed, ResolvedPublic
Actions

Description

  • Migrate to mysql
  • Enable mysql SSL
  • Enable second site
  • use one DB for all multica signers
  • Test secondary intermediate CA
  • OCSP
  • CRL
  • rebuild pki servers to test puppet policy
  • package golang-cfssl
  • monitoring
  • Enable test service
  • create document describing secrets policy

Details

Show related patches Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedjbondT268882 PKI/CFSSL Next steps
 ResolvedjbondT268775 CFSSL: certdb not populating AKI making revokes impossible

Event Timeline

jbond triaged this task as Medium priority.Nov 27 2020, 10:49 AM
jbond created this task.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 27 2020, 10:49 AM
jbond added a subtask: T268775: CFSSL: certdb not populating AKI making revokes impossible.Nov 27 2020, 10:50 AM
jbond closed subtask T268775: CFSSL: certdb not populating AKI making revokes impossible as Resolved.
jbond updated the task description. (Show Details)
gerritbot added a comment.Nov 27 2020, 10:52 AM

Change 643914 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] cfssl: move cfssl::db to its own define

https://gerrit.wikimedia.org/r/643914

gerritbot added a project: Patch-For-Review.Nov 27 2020, 10:52 AM
gerritbot added a comment.Nov 27 2020, 11:22 AM

Change 643914 merged by Jbond:
[operations/puppet@production] cfssl: move cfssl::db to its own define

https://gerrit.wikimedia.org/r/643914

gerritbot added a comment.Nov 27 2020, 11:32 AM

Change 643923 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] pki: use only one db config for multirootca

https://gerrit.wikimedia.org/r/643923

gerritbot added a comment.Nov 27 2020, 12:19 PM

Change 643923 merged by Jbond:
[operations/puppet@production] pki: use only one db config for multirootca

https://gerrit.wikimedia.org/r/643923

jbond updated the task description. (Show Details)Nov 27 2020, 12:42 PM
gerritbot added a comment.Nov 27 2020, 12:43 PM

Change 643928 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] pki: enable mysql TLS

https://gerrit.wikimedia.org/r/643928

gerritbot added a comment.Nov 27 2020, 12:45 PM

Change 643928 merged by Jbond:
[operations/puppet@production] pki: enable mysql TLS

https://gerrit.wikimedia.org/r/643928

gerritbot added a comment.Nov 27 2020, 1:04 PM

Change 643930 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] pki: allow ability to provide key material content for intermediates

https://gerrit.wikimedia.org/r/643930

gerritbot added a comment.Nov 27 2020, 1:09 PM

Change 643930 merged by Jbond:
[operations/puppet@production] pki: allow ability to provide key material content for intermediates

https://gerrit.wikimedia.org/r/643930

Maintenance_bot removed a project: Patch-For-Review.Nov 27 2020, 1:10 PM
gerritbot added a comment.Nov 27 2020, 1:26 PM

Change 643932 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] pki: provide content for intermediate certs

https://gerrit.wikimedia.org/r/643932

gerritbot added a project: Patch-For-Review.Nov 27 2020, 1:26 PM
gerritbot added a comment.Nov 27 2020, 1:47 PM

Change 643932 merged by Jbond:
[operations/puppet@production] pki: provide content for intermediate certs

https://gerrit.wikimedia.org/r/643932

gerritbot added a comment.Nov 27 2020, 2:03 PM

Change 643935 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] pki: fix certificate location and mysql tls options

https://gerrit.wikimedia.org/r/643935

gerritbot added a comment.Nov 27 2020, 2:09 PM

Change 643935 merged by Jbond:
[operations/puppet@production] pki: fix certificate location and mysql tls options

https://gerrit.wikimedia.org/r/643935

Maintenance_bot removed a project: Patch-For-Review.Nov 27 2020, 2:10 PM
gerritbot added a comment.Nov 27 2020, 2:11 PM

Change 643937 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] pki: correct path

https://gerrit.wikimedia.org/r/643937

gerritbot added a project: Patch-For-Review.Nov 27 2020, 2:11 PM

Change 643937 merged by Jbond:
[operations/puppet@production] pki: correct path

https://gerrit.wikimedia.org/r/643937

gerritbot added a comment.Nov 27 2020, 2:16 PM

Change 643938 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] cfssl: force removal of unmanged resources

https://gerrit.wikimedia.org/r/643938

gerritbot added a comment.Nov 27 2020, 2:20 PM

Change 643938 merged by Jbond:
[operations/puppet@production] cfssl: force removal of unmanged resources

https://gerrit.wikimedia.org/r/643938

gerritbot added a comment.Nov 27 2020, 2:38 PM

Change 643940 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] pki: allow more flexible profile config and add test intermediate

https://gerrit.wikimedia.org/r/643940

gerritbot added a comment.Nov 27 2020, 2:40 PM

Change 643940 merged by Jbond:
[operations/puppet@production] pki: allow more flexible profile config and add test intermediate

https://gerrit.wikimedia.org/r/643940

gerritbot added a comment.Nov 30 2020, 4:52 PM

Change 644254 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] cfss::ocsp: move ocsp servie to its own resource

https://gerrit.wikimedia.org/r/644254

gerritbot added a comment.Nov 30 2020, 5:15 PM

Change 644254 merged by Jbond:
[operations/puppet@production] cfss::ocsp: move ocsp service to its own resource

https://gerrit.wikimedia.org/r/644254

gerritbot added a comment.Nov 30 2020, 5:25 PM

Change 644291 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] profile::pki::server: enable ocsp service

https://gerrit.wikimedia.org/r/644291

gerritbot added a comment.Nov 30 2020, 5:40 PM

Change 644291 merged by Jbond:
[operations/puppet@production] profile::pki::server: enable ocsp service

https://gerrit.wikimedia.org/r/644291

gerritbot added a comment.Nov 30 2020, 5:48 PM

Change 644295 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] P:pki::server: use safe_title for the label

https://gerrit.wikimedia.org/r/644295

gerritbot added a comment.Nov 30 2020, 5:50 PM

Change 644295 merged by Jbond:
[operations/puppet@production] P:pki::server: use safe_title for the label

https://gerrit.wikimedia.org/r/644295

gerritbot added a comment.Nov 30 2020, 6:00 PM

Change 644298 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] P:pki::server: use the correct CA certificate and add ocsp_port

https://gerrit.wikimedia.org/r/644298

gerritbot added a comment.Nov 30 2020, 6:06 PM

Change 644298 merged by Jbond:
[operations/puppet@production] P:pki::server: use the correct CA certificate and add ocsp_port

https://gerrit.wikimedia.org/r/644298

gerritbot added a comment.Dec 4 2020, 11:33 AM

Change 645318 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] pki::server: add ocsp proxy

https://gerrit.wikimedia.org/r/645318

gerritbot added a comment.Dec 4 2020, 11:48 AM

Change 645318 merged by Jbond:
[operations/puppet@production] ki::server: add ocsp proxy

https://gerrit.wikimedia.org/r/645318

gerritbot added a comment.Dec 4 2020, 2:15 PM

Change 645367 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] cfssl: add ocsp refresh script and timer

https://gerrit.wikimedia.org/r/645367

gerritbot added a comment.Dec 4 2020, 2:58 PM

Change 645367 merged by Jbond:
[operations/puppet@production] cfssl: add ocsp refresh script and timer

https://gerrit.wikimedia.org/r/645367

gerritbot added a comment.Dec 4 2020, 3:03 PM

Change 645373 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] cfssl: move ocsprefesh to a timer

https://gerrit.wikimedia.org/r/645373

gerritbot added a comment.Dec 4 2020, 3:13 PM

Change 645373 merged by Jbond:
[operations/puppet@production] cfssl: move ocsprefesh to a timer

https://gerrit.wikimedia.org/r/645373

gerritbot added a comment.Dec 4 2020, 3:16 PM

Change 645377 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] cfssl: add ocsp refresh timer

https://gerrit.wikimedia.org/r/645377

gerritbot added a comment.Dec 4 2020, 3:22 PM

Change 645377 merged by Jbond:
[operations/puppet@production] cfssl: add ocsp refresh timer

https://gerrit.wikimedia.org/r/645377

jbond closed this task as Resolved.Apr 29 2021, 11:06 AM
jbond claimed this task.
jbond updated the task description. (Show Details)
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL