Page MenuHomePhabricator
Create Task
Maniphest T282454

Switch kafka/Hadoop away from java::security
Closed, ResolvedPublic
Actions

Description

The java::security is obsolete and replaced by the hardened_tls=true of profile::java.

profile::hadoop::common and profile::kafka::broker still use java::security and should move to the new structure eventually (and java::security removed).

Details

SubjectRepoBranchLines +/-
Remove obsolete java::securityoperations/puppetproduction+0 -17
kafka - Use hardened_tls instead of java::security if $ssl_enabledoperations/puppetproduction+10 -8
Hadoop - set hardened_tls: true and remove java::securty from hadoop::commonoperations/puppetproduction+27 -4
Customize query in gerrit

Related Objects

Event Timeline

MoritzMuehlenhoff created this task.May 10 2021, 1:34 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 10 2021, 1:34 PM
MoritzMuehlenhoff triaged this task as Medium priority.May 10 2021, 1:34 PM
Milimetric edited projects, added Analytics-Clusters; removed Analytics.May 10 2021, 3:27 PM
Ottomata claimed this task.May 17 2021, 3:45 PM
Ottomata added a project: Analytics-Kanban.
Ottomata moved this task from Backlog to Q4 2020/2021 on the Analytics-Clusters board.May 17 2021, 3:47 PM
Ottomata added a comment.May 18 2021, 3:17 PM

Can we add defaults for the profile::java parameters? I see some duplicate values copy and pasted in quite a few role yamls already.

Ottomata added a comment.May 18 2021, 3:21 PM

Oh, you put the defaults in the common/profile/java.yaml class parameter hiera? Huh. I had thought that wasn't allowed:
https://wikitech.wikimedia.org/wiki/Puppet_coding#Hiera

?

MoritzMuehlenhoff added a comment.May 18 2021, 3:22 PM
In T282454#7095851, @Ottomata wrote:

Can we add defaults for the profile::java parameters? I see some duplicate values copy and pasted in quite a few role yamls already.

It does use default settings in hieradata/common/profile/java.yaml already?

gerritbot added a comment.May 18 2021, 3:36 PM

Change 692626 had a related patch set uploaded (by Ottomata; author: Ottomata):

[operations/puppet@production] Hadoop - set hardened_tls: true and remove java::securty from hadoop::common

https://gerrit.wikimedia.org/r/692626

gerritbot added a project: Patch-For-Review.May 18 2021, 3:36 PM
Ottomata moved this task from Next Up to In Progress on the Analytics-Kanban board.May 18 2021, 6:38 PM
gerritbot added a comment.May 18 2021, 9:42 PM

Change 692734 had a related patch set uploaded (by Ottomata; author: Ottomata):

[operations/puppet@production] kafka - Use hardened_tls instead of java::security if $ssl_enabled

https://gerrit.wikimedia.org/r/692734

gerritbot added a comment.May 19 2021, 6:16 AM

Change 692626 merged by Elukey:

[operations/puppet@production] Hadoop - set hardened_tls: true and remove java::securty from hadoop::common

https://gerrit.wikimedia.org/r/692626

gerritbot added a comment.May 19 2021, 7:50 PM

Change 692734 merged by Ottomata:

[operations/puppet@production] kafka - Use hardened_tls instead of java::security if $ssl_enabled

https://gerrit.wikimedia.org/r/692734

Ottomata moved this task from In Progress to Done on the Analytics-Kanban board.May 19 2021, 7:52 PM
Ottomata moved this task from Done to Ready to Deploy on the Analytics-Kanban board.May 19 2021, 8:00 PM
Ottomata moved this task from Ready to Deploy to In Code Review on the Analytics-Kanban board.

Had to revert Kafka change: https://gerrit.wikimedia.org/r/c/operations/puppet/+/692661

Can un-revert after T279342: Migrate colocated kafka-logging brokers to dedicated kafka-logging hosts is done.

Maintenance_bot removed a project: Patch-For-Review.May 19 2021, 8:10 PM
Ottomata moved this task from In Code Review to Paused on the Analytics-Kanban board.Jun 14 2021, 6:27 PM
Ottomata moved this task from Paused to In Progress on the Analytics-Kanban board.Jul 23 2021, 2:42 PM
Ottomata moved this task from Q4 2020/2021 to Q1 2021/2022 on the Analytics-Clusters board.Jul 26 2021, 3:41 PM
Ottomata moved this task from In Progress to Done on the Analytics-Kanban board.Jul 27 2021, 7:14 PM
Ottomata closed this task as Resolved.Jul 29 2021, 4:03 PM
gerritbot added a comment.Sep 7 2021, 1:05 PM

Change 719261 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove obsolete java::security

https://gerrit.wikimedia.org/r/719261

gerritbot added a project: Patch-For-Review.Sep 7 2021, 1:05 PM
gerritbot added a comment.Sep 17 2021, 6:53 AM

Change 719261 merged by Muehlenhoff:

[operations/puppet@production] Remove obsolete java::security

https://gerrit.wikimedia.org/r/719261

Maintenance_bot removed a project: Patch-For-Review.Sep 17 2021, 7:10 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL