Page MenuHomePhabricator
Create Task
Maniphest T355593

Re-generate webserver-misc-apps.discovery.wmnet cergen certificate
Closed, ResolvedPublic
Actions

Description

Requests to the wdqs services that don't directly hit /sparql or /bigdata/ldf get routed to the "microsite", which lives at webserver-misc-apps.discovery.wmnet

In order for that step to work, the miscweb certificate must include the 3 new experimental graph split services in the alt_names section.

How to do it

Follow the steps outlined here for modules/secret/secrets/certificates/certificate.manifests.d/webserver_misc_apps.certs.yaml

We'll pair with Collaboration Services during their office hours on 2024-01-23 to do this.

AC

Cergen cert for webserver-misc-apps.discovery.wmnet regenerated with the following:

  • query-preview (no-longer-existent service) removed from alt_names
  • added the following to alt_names:
    • query-main-experimental.wikidata.org
    • query-full-experimental.wikidata.org
    • query-scholarly-experimental.wikidata.org

Details

SubjectRepoBranchLines +/-
webserver-misc-apps: new cergen certoperations/puppetproduction+38 -36
Customize query in gerrit

Related Objects
Search...

Event Timeline

RKemper created this task.Jan 22 2024, 7:59 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 22 2024, 7:59 PM
RKemper mentioned this in T354661: Generate TLS certs for new WDQS endpoints.Jan 22 2024, 8:01 PM
RKemper added a parent task: T350464: Expose SPARQL endpoints with full wikidata data set and with split graph to enable experimentation on federation with a split graph.
Dzahn added a project: collaboration-services.Jan 23 2024, 12:28 AM
Dzahn mentioned this in T355273: ProbeDown - *_experimental_wikidata_org.
Gehel edited parent tasks, added: T351650: Expose 3 new dedicated WDQS endpoints; removed: T350464: Expose SPARQL endpoints with full wikidata data set and with split graph to enable experimentation on federation with a split graph.Jan 23 2024, 2:01 PM
bking subscribed.Jan 23 2024, 4:06 PM

We had good luck switching to CFSSL (which doesn't require manually touching private puppet). If you're interested, the CR is here.

Gehel triaged this task as High priority.Jan 23 2024, 4:24 PM
Gehel edited projects, added Data-Platform-SRE (2024.01.22 - 2024.02.11); removed Data-Platform-SRE.
gerritbot added a comment.Jan 23 2024, 4:54 PM

Change 992460 had a related patch set uploaded (by Ryan Kemper; author: Ryan Kemper):

[operations/puppet@production] webserver-misc-apps: new cergen cert

https://gerrit.wikimedia.org/r/992460

gerritbot added a project: Patch-For-Review.Jan 23 2024, 4:54 PM
gerritbot added a comment.Jan 23 2024, 4:56 PM

Change 992460 merged by Dzahn:

[operations/puppet@production] webserver-misc-apps: new cergen cert

https://gerrit.wikimedia.org/r/992460

RKemper moved this task from Backlog to Done on the Data-Platform-SRE (2024.01.22 - 2024.02.11) board.Jan 23 2024, 5:11 PM

We've rolled this out following the steps in https://wikitech.wikimedia.org/wiki/Cergen#Update_a_certificate

Maintenance_bot removed a project: Patch-For-Review.Jan 23 2024, 5:30 PM
Dzahn added a comment.Jan 23 2024, 5:46 PM

This should be resolved now. We confirmed the steps and that new sites are working now.

Dzahn updated the task description. (Show Details)Jan 23 2024, 6:14 PM
RKemper closed this task as Resolved.Jan 23 2024, 7:25 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL