All six sessionstore cluster nodes have SSL certificates that will expire in the coming month, and need to be replaced.
After the events of https://wikitech.wikimedia.org/wiki/Incidents/2023-01-24_sessionstore_quorum_issues, we should exercise additional care when completing this work.
Proposal:
- codfw:
- De-pool sessionstore in codfw
- Replace SSL certificates
- Perform a rolling restart of Cassandra
-
Perform rolling restart of sessionstore service (Kask)(skipped) - Re-pool codfw
- eqiad:
-
De-pool sessionstore in eqiad(skipped) - Replace SSL certificates
- Perform a rolling restart of Cassandra
-
Perform rolling restart the sessionstore service (Kask)(skipped) -
Re-pool eqiad(skipped)
-