Page MenuHomePhabricator
Create Task
Maniphest T343987

Switch thanos-fe to cfssl
Closed, InvalidPublic
Actions

Description

Thanos-fe currently uses cergen certs. Since we'll be onboarding the pyrra service to these hosts let's switch to cfssl certificates

Details

SubjectRepoBranchLines +/-
thanos-fe: switch to cfssloperations/puppetproduction+12 -15
thanos-fe: switch to cfssloperations/puppetproduction+11 -1
thanos-fe: switch to cfssloperations/puppetproduction+11 -1
Revert "thanos-fe: switch to cfssl"operations/puppetproduction+1 -11
thanos-fe: switch to cfssloperations/puppetproduction+11 -1
Revert "thanos-fe: switch to cfssl"operations/puppetproduction+1 -11
thanos-fe: switch to cfssloperations/puppetproduction+11 -1
thanos-fe: switch to cfssloperations/puppetproduction+11 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

herron triaged this task as Medium priority.Aug 10 2023, 2:16 PM
herron created this task.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 10 2023, 2:16 PM
gerritbot added a comment.Aug 10 2023, 2:16 PM

Change 946559 had a related patch set uploaded (by Herron; author: Herron):

[operations/puppet@production] thanos-fe: switch to cfssl

https://gerrit.wikimedia.org/r/946559

gerritbot added a project: Patch-For-Review.Aug 10 2023, 2:16 PM
herron renamed this task from Switch thanos-fe to csffl to Switch thanos-fe to cfssl.Aug 10 2023, 2:19 PM
gerritbot added a comment.Aug 14 2023, 1:14 PM

Change 946559 merged by Herron:

[operations/puppet@production] thanos-fe: switch to cfssl

https://gerrit.wikimedia.org/r/946559

Maintenance_bot removed a project: Patch-For-Review.Aug 14 2023, 1:29 PM
gerritbot added a comment.Aug 14 2023, 2:54 PM

Change 948125 had a related patch set uploaded (by Herron; author: Herron):

[operations/puppet@production] thanos-fe: switch to cfssl

https://gerrit.wikimedia.org/r/948125

gerritbot added a project: Patch-For-Review.Aug 14 2023, 2:54 PM
gerritbot added a comment.Aug 17 2023, 1:23 PM

Change 948125 merged by Herron:

[operations/puppet@production] thanos-fe: switch to cfssl

https://gerrit.wikimedia.org/r/948125

Maintenance_bot removed a project: Patch-For-Review.Aug 17 2023, 1:31 PM
gerritbot added a comment.Aug 17 2023, 4:13 PM

Change 950007 had a related patch set uploaded (by Herron; author: Herron):

[operations/puppet@production] Revert "thanos-fe: switch to cfssl"

https://gerrit.wikimedia.org/r/950007

gerritbot added a project: Patch-For-Review.Aug 17 2023, 4:13 PM
herron added a subscriber: jijiki.Aug 17 2023, 4:14 PM
gerritbot added a comment.Aug 17 2023, 4:15 PM

Change 950007 merged by Herron:

[operations/puppet@production] Revert "thanos-fe: switch to cfssl"

https://gerrit.wikimedia.org/r/950007

Maintenance_bot removed a project: Patch-For-Review.Aug 17 2023, 4:30 PM
gerritbot added a comment.Aug 18 2023, 2:10 PM

Change 950072 had a related patch set uploaded (by Herron; author: Herron):

[operations/puppet@production] thanos-fe: switch to cfssl

https://gerrit.wikimedia.org/r/950072

gerritbot added a project: Patch-For-Review.Aug 18 2023, 2:10 PM
gerritbot added a comment.Aug 18 2023, 2:13 PM

Change 950072 merged by Herron:

[operations/puppet@production] thanos-fe: switch to cfssl

https://gerrit.wikimedia.org/r/950072

Maintenance_bot removed a project: Patch-For-Review.Aug 18 2023, 2:31 PM
gerritbot added a comment.Aug 18 2023, 5:07 PM

Change 950073 had a related patch set uploaded (by Herron; author: Herron):

[operations/puppet@production] Revert "thanos-fe: switch to cfssl"

https://gerrit.wikimedia.org/r/950073

gerritbot added a project: Patch-For-Review.Aug 18 2023, 5:07 PM

Change 950073 merged by Herron:

[operations/puppet@production] Revert "thanos-fe: switch to cfssl"

https://gerrit.wikimedia.org/r/950073

Maintenance_bot removed a project: Patch-For-Review.Aug 18 2023, 5:10 PM
jijiki added a subtask: T344324: Maps Unavailability due to thanos-swift cfssl rollout (14 Aug 2023).Aug 22 2023, 4:47 PM
jijiki changed the status of subtask T344324: Maps Unavailability due to thanos-swift cfssl rollout (14 Aug 2023) from Open to In Progress.
gerritbot added a comment.Aug 23 2023, 1:18 PM

Change 951851 had a related patch set uploaded (by Herron; author: Herron):

[operations/puppet@production] thanos-fe: switch to cfssl

https://gerrit.wikimedia.org/r/951851

gerritbot added a project: Patch-For-Review.Aug 23 2023, 1:18 PM
gerritbot added a comment.Aug 23 2023, 1:21 PM

Change 951851 merged by Herron:

[operations/puppet@production] thanos-fe: switch to cfssl

https://gerrit.wikimedia.org/r/951851

Maintenance_bot removed a project: Patch-For-Review.Aug 23 2023, 1:30 PM
lmata subscribed.Aug 23 2023, 1:38 PM
gerritbot added a comment.Aug 24 2023, 9:58 AM

Change 952156 had a related patch set uploaded (by Effie Mouzeli; author: Effie Mouzeli):

[operations/puppet@production] thanos-fe: switch to cfssl

https://gerrit.wikimedia.org/r/952156

gerritbot added a project: Patch-For-Review.Aug 24 2023, 9:58 AM
gerritbot added a comment.Aug 24 2023, 10:15 AM

Change 952156 merged by Effie Mouzeli:

[operations/puppet@production] thanos-fe: switch to cfssl

https://gerrit.wikimedia.org/r/952156

Maintenance_bot removed a project: Patch-For-Review.Aug 24 2023, 10:30 AM
gerritbot added a comment.Aug 29 2023, 11:31 AM

Change 953236 had a related patch set uploaded (by Effie Mouzeli; author: Effie Mouzeli):

[operations/puppet@production] thanos-fe: switch to cfssl

https://gerrit.wikimedia.org/r/953236

gerritbot added a project: Patch-For-Review.Aug 29 2023, 11:31 AM
jijiki added a comment.Aug 29 2023, 1:28 PM

observability we are still looking into how things could progress here on the Maps side of things. Please let me know if it is alright to stall this roll out for now.

herron changed the task status from Open to Stalled.Aug 29 2023, 1:48 PM

Yes stalling is fine. The original reason for the switch to cfssl was related to adding a SAN to the thanos-fe certificate. That shouldn't be blocked since we can use still cergen for the time being.

jijiki changed the status of subtask T344324: Maps Unavailability due to thanos-swift cfssl rollout (14 Aug 2023) from In Progress to Stalled.Aug 29 2023, 2:26 PM
Jgiannelos changed the status of subtask T344324: Maps Unavailability due to thanos-swift cfssl rollout (14 Aug 2023) from Stalled to In Progress.Oct 2 2023, 3:10 PM
herron closed this task as Invalid.Oct 2 2023, 4:13 PM

We (o11y) have moved pyrra to the titan hosts, which makes this task moot. Transitioning to invalid

MatthewVernon mentioned this in T356412: Consolidate TLS cert puppetry for ms and thanos swift frontends.Feb 1 2024, 2:33 PM
jijiki changed the status of subtask T344324: Maps Unavailability due to thanos-swift cfssl rollout (14 Aug 2023) from In Progress to Stalled.Feb 1 2024, 6:09 PM
gerritbot added a comment.Feb 7 2024, 3:49 PM

Change 953236 abandoned by Effie Mouzeli:

[operations/puppet@production] thanos-fe: switch to cfssl

Reason:

abandon in favour of T356412

https://gerrit.wikimedia.org/r/953236

Maintenance_bot removed a project: Patch-For-Review.Feb 7 2024, 4:31 PM
elukey changed the status of subtask T344324: Maps Unavailability due to thanos-swift cfssl rollout (14 Aug 2023) from Stalled to Open.Wed, May 15, 2:42 PM
elukey closed subtask T344324: Maps Unavailability due to thanos-swift cfssl rollout (14 Aug 2023) as Resolved.Wed, May 29, 1:30 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL