Page MenuHomePhabricator
Create Task
Maniphest T355189

Create automation for registered MarkMonitor DNS and acme-chief/ncredir
Closed, ResolvedPublic
Actions

Description

To reduce toil and keep consistency between services such as acme-chief and ncredir (we have amassed a lot of drift over the years), let's automate the whole process.

  • Automate propagation of MarkMonitor-registered domains down to ncredir and acme-chief
    • Note that MarkMonitor is read-only
    • Note that WMF has their MarkMonitor API usage limited to our production IP range
  • Adapt the work of ncmonitor and extend it to
  • Automate adding the domains to acme-chief for HTTPS certificates
  • Automate adding domain redirection with ncredir
  • Implement this automation into the production environment safely (MarkMonitor API is limited to our production IP range)

Details

SubjectRepoBranchLines +/-
ncmonitor: Add SSH credentials supportoperations/puppetproduction+71 -9
ncredir: Reformat/sort the redirects fileoperations/puppetproduction+176 -217
hieradata: Move acme certificates to its own fileoperations/puppetproduction+271 -271
Customize query in gerrit
TitleReferenceAuthorSource BranchDest Branch
Update repos/Submit patches to Gerrit automaticallyrepos/sre/ncmonitor!6brettT355189-patch-submissionmain
Add JSON output, reorg calculationsrepos/sre/ncmonitor!5brettT354988-json-outputmain
Add configuration, user-supplied conf file/pathrepos/sre/ncmonitor!3brettT354988-config-filemain
Fix pylint testsrepos/sre/ncmonitor!2brettT355189-fix-pylint-testsT354988-packaging-improvements
Customize query in GitLab

Related Objects
Search...

Event Timeline

BCornwall created this task.Jan 16 2024, 8:45 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 16 2024, 8:45 PM
BCornwall added a subtask: T354988: Improve ncmonitor's packaging.Jan 16 2024, 8:45 PM
BCornwall renamed this task from Create automation for DNS registration and related services to Create automation for registered MarkMonitor DNS and acme-chief/ncredir.Jan 18 2024, 11:38 PM
BCornwall changed the task status from Open to In Progress.
BCornwall triaged this task as Medium priority.
BCornwall moved this task from Backlog to Traffic team actively servicing on the Traffic board.
BCornwall updated the task description. (Show Details)
CodeReviewBot added a project: Patch-For-Review.Jan 23 2024, 4:34 PM

brett opened https://gitlab.wikimedia.org/repos/sre/ncmonitor/-/merge_requests/2

Fix pylint tests

CodeReviewBot added a comment.Jan 23 2024, 5:30 PM

brett merged https://gitlab.wikimedia.org/repos/sre/ncmonitor/-/merge_requests/2

Fix pylint tests

Maintenance_bot removed a project: Patch-For-Review.Jan 23 2024, 5:31 PM
CodeReviewBot added a project: Patch-For-Review.Jan 24 2024, 4:42 PM

brett opened https://gitlab.wikimedia.org/repos/sre/ncmonitor/-/merge_requests/3

Add configuration, user-supplied conf file/path

BCornwall closed subtask T354988: Improve ncmonitor's packaging as Resolved.Jan 24 2024, 4:49 PM
BCornwall changed the status of subtask T355190: Puppetize deployment of ncmonitor from Open to In Progress.
CodeReviewBot added a comment.Jan 26 2024, 5:00 PM

brett merged https://gitlab.wikimedia.org/repos/sre/ncmonitor/-/merge_requests/3

Add configuration, user-supplied conf file/path

Maintenance_bot removed a project: Patch-For-Review.Jan 26 2024, 5:31 PM
BCornwall closed subtask T355190: Puppetize deployment of ncmonitor as Resolved.Feb 15 2024, 6:24 PM
CodeReviewBot added a project: Patch-For-Review.Feb 24 2024, 1:30 AM

brett opened https://gitlab.wikimedia.org/repos/sre/ncmonitor/-/merge_requests/5

Add JSON output, reorg calculations

CodeReviewBot added a comment.Feb 24 2024, 1:30 AM

brett merged https://gitlab.wikimedia.org/repos/sre/ncmonitor/-/merge_requests/5

Add JSON output, reorg calculations

Maintenance_bot removed a project: Patch-For-Review.Feb 24 2024, 1:30 AM
gerritbot added a comment.Apr 30 2024, 11:56 PM

Change #1025875 had a related patch set uploaded (by BCornwall; author: BCornwall):

[operations/puppet@production] ncredir: Reformat/sort the redirects file

https://gerrit.wikimedia.org/r/1025875

gerritbot added a project: Patch-For-Review.Apr 30 2024, 11:56 PM
gerritbot added a comment.May 13 2024, 6:54 PM

Change #1031046 had a related patch set uploaded (by BCornwall; author: BCornwall):

[operations/puppet@production] hieradata/common: Move shared_acme_certificates to its own file

https://gerrit.wikimedia.org/r/1031046

gerritbot added a comment.May 14 2024, 4:44 PM

Change #1031046 merged by BCornwall:

[operations/puppet@production] hieradata: Move acme certificates to its own file

https://gerrit.wikimedia.org/r/1031046

CodeReviewBot added a comment.May 22 2024, 1:57 AM

brett opened https://gitlab.wikimedia.org/repos/sre/ncmonitor/-/merge_requests/6

Update repos/Submit patches to Gerrit automatically

gerritbot added a comment.Tue, Jun 4, 7:35 PM

Change #1038890 had a related patch set uploaded (by BCornwall; author: BCornwall):

[operations/puppet@production] ncmonitor: Add SSH credentials support

https://gerrit.wikimedia.org/r/1038890

gerritbot added a comment.Wed, Jun 5, 8:30 PM

Change #1038890 merged by BCornwall:

[operations/puppet@production] ncmonitor: Add SSH credentials support

https://gerrit.wikimedia.org/r/1038890

CodeReviewBot added a comment.Thu, Jun 20, 8:10 PM

brett merged https://gitlab.wikimedia.org/repos/sre/ncmonitor/-/merge_requests/6

Update repos/Submit patches to Gerrit automatically

BCornwall closed this task as Resolved.Thu, Jun 27, 5:00 PM

Marking as resolved since this is vague and technically has been achieved. Any further developments will be in more specific tickets.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits