Page MenuHomePhabricator
Create Task
Maniphest T357750

Phase out cergen
Open, HighPublic
Actions

Description

cergen is currently only installed on puppetmaster1001 by means of the cergen Puppet class. Even building cergen for Buster proved to be challenging back then, as it needs python-networkx 1 and even back then needed python3-lib2to3 (https://phabricator.wikimedia.org/T235405)

There are curently 48 services defined in certificate.manifests.d which use the Puppet 5 CA (authority: puppet_ca), we should probably just fix forward and move them all to the PKI/cfssl (some might also no longer be in use and just need cleaning up):

Data Engineering:

Collaboration Services:

ServiceOps:

  • chartmuseum.certs.yaml T360636
  • docker_registry.certs.yaml T360636
  • _etcd-server-ssl._tcp.v3.certs.yaml T352245
  • etcd-v3.certs.yaml T352245
  • etcd-v3-eqiad.certs.yaml T352245
  • mediawiki.certs.yaml (will be obsoleted when all legacy deployments are moved to wikikube) T360636
  • mwmaint.certs.yaml (used by noc.w.o which is already on wikikube, should be just a cleanup) T360636
  • parsoid.certs.yaml (will be obsoleted when all legacy deployments are moved to wikikube) T359387
  • restbase.certs.yaml T360636
  • testreduce.certs.yaml T360636
  • maps/karthoterian T360778

Infrastructure Foundations:

Observability:

frtech:

  • kafka_fundraising_client.certs.yaml T360779

Cloud Services:

Traffic:

Search:

Data Persistence:

Details

SubjectRepoBranchLines +/-
Remove dummy cert for debmonitorlabs/privatemaster+0 -3
debmonitor: Remove obsolete discovery certificateoperations/puppetproduction+0 -24
hieradata: use cfssl for cloudweb in eqiadoperations/puppetproduction+8 -1
Add component/cergen for Bookwormoperations/puppetproduction+1 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

MoritzMuehlenhoff created this task.Feb 16 2024, 8:34 AM
Restricted Application removed a project: Patch-For-Review. · View Herald TranscriptFeb 16 2024, 8:34 AM
gerritbot added a comment.Feb 16 2024, 9:22 AM

Change 1004043 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Add component/cergen for Bookworm

https://gerrit.wikimedia.org/r/1004043

gerritbot added a project: Patch-For-Review.Feb 16 2024, 9:22 AM
MoritzMuehlenhoff renamed this task from Build cergen for Bookworm and add cergen to Puppet 7 servers to Figure out next steps for cergen in Puppet setup.Feb 16 2024, 9:40 AM
MoritzMuehlenhoff updated the task description. (Show Details)
gerritbot added a comment.Feb 16 2024, 11:49 AM

Change 1004043 abandoned by Muehlenhoff:

[operations/puppet@production] Add component/cergen for Bookworm

Reason:

https://gerrit.wikimedia.org/r/1004043

MoritzMuehlenhoff updated the task description. (Show Details)Feb 19 2024, 2:12 PM
MoritzMuehlenhoff triaged this task as High priority.Feb 19 2024, 3:18 PM
MoritzMuehlenhoff updated the task description. (Show Details)Feb 21 2024, 10:38 AM
MoritzMuehlenhoff updated the task description. (Show Details)Feb 21 2024, 12:35 PM
MoritzMuehlenhoff updated the task description. (Show Details)Feb 22 2024, 2:25 PM
MoritzMuehlenhoff updated the task description. (Show Details)Feb 22 2024, 2:30 PM
CDanis subscribed.Feb 26 2024, 3:59 PM

Should this ticket really be "deprecate cergen"? :)

MoritzMuehlenhoff claimed this task.Feb 26 2024, 4:00 PM
MoritzMuehlenhoff added a comment.Feb 28 2024, 3:15 PM
In T357750#9576803, @CDanis wrote:

Should this ticket really be "deprecate cergen"? :)

Good point :-)

MoritzMuehlenhoff renamed this task from Figure out next steps for cergen in Puppet setup to Phase out cergen.Feb 28 2024, 3:16 PM
MoritzMuehlenhoff updated the task description. (Show Details)Feb 28 2024, 4:04 PM
MoritzMuehlenhoff updated the task description. (Show Details)Mar 19 2024, 10:11 AM
MoritzMuehlenhoff updated the task description. (Show Details)Mar 19 2024, 10:26 AM
MoritzMuehlenhoff updated the task description. (Show Details)Mar 19 2024, 10:34 AM
MoritzMuehlenhoff updated the task description. (Show Details)Mar 19 2024, 11:16 AM
gerritbot added a comment.Mar 19 2024, 11:32 AM

Change 1012629 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] hieradata: use cfssl for cloudweb in eqiad

https://gerrit.wikimedia.org/r/1012629

MoritzMuehlenhoff updated the task description. (Show Details)Mar 19 2024, 2:43 PM
MoritzMuehlenhoff added a subtask: T356412: Consolidate TLS cert puppetry for ms and thanos swift frontends.
MoritzMuehlenhoff updated the task description. (Show Details)
gerritbot added a comment.Mar 19 2024, 3:09 PM

Change 1012629 merged by Majavah:

[operations/puppet@production] hieradata: use cfssl for cloudweb in eqiad

https://gerrit.wikimedia.org/r/1012629

MoritzMuehlenhoff updated the task description. (Show Details)Mar 20 2024, 9:41 AM
MoritzMuehlenhoff updated the task description. (Show Details)Mar 20 2024, 10:20 AM
akosiaris mentioned this in T360598: kafka-main certificates expiring on 2024-04-04.Mar 21 2024, 9:31 AM
MoritzMuehlenhoff updated the task description. (Show Details)Mar 21 2024, 1:56 PM
MoritzMuehlenhoff updated the task description. (Show Details)Mar 22 2024, 8:17 AM
MoritzMuehlenhoff updated the task description. (Show Details)Mar 22 2024, 1:53 PM
Jgreen updated the task description. (Show Details)Mar 22 2024, 3:05 PM
Dzahn updated the task description. (Show Details)Mar 22 2024, 6:10 PM
Dzahn changed the status of subtask T360413: Phase out cergen for Collaboration Services services from Open to In Progress.Mar 22 2024, 9:50 PM
BTullis closed subtask T360412: Phase out cergen for Data Platform services as Resolved.Mar 25 2024, 4:24 PM
Dzahn updated the task description. (Show Details)Mar 25 2024, 11:06 PM
Dzahn updated the task description. (Show Details)Mar 25 2024, 11:47 PM
Dzahn updated the task description. (Show Details)Mar 27 2024, 8:47 PM
Dzahn updated the task description. (Show Details)Mar 28 2024, 8:05 PM
MoritzMuehlenhoff updated the task description. (Show Details)Tue, Apr 2, 8:06 AM
MoritzMuehlenhoff updated the task description. (Show Details)Tue, Apr 2, 11:12 AM
MoritzMuehlenhoff updated the task description. (Show Details)Tue, Apr 2, 11:17 AM
Dzahn updated the task description. (Show Details)Tue, Apr 2, 6:15 PM
gerritbot added a comment.Wed, Apr 3, 9:34 AM

Change #1016723 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] debmonitor: Remove obsolete discovery certificate

https://gerrit.wikimedia.org/r/1016723

gerritbot added a comment.Wed, Apr 3, 9:49 AM

Change #1016726 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[labs/private@master] Remove dummy cert for debmonitor

https://gerrit.wikimedia.org/r/1016726

Paladox unsubscribed.Wed, Apr 3, 10:17 AM
Dzahn updated the task description. (Show Details)Wed, Apr 3, 9:57 PM
gerritbot added a comment.Thu, Apr 4, 11:19 AM

Change #1016723 merged by Muehlenhoff:

[operations/puppet@production] debmonitor: Remove obsolete discovery certificate

https://gerrit.wikimedia.org/r/1016723

gerritbot added a comment.Thu, Apr 4, 11:27 AM

Change #1016726 merged by Muehlenhoff:

[labs/private@master] Remove dummy cert for debmonitor

https://gerrit.wikimedia.org/r/1016726

Muehlenhoff mentioned this in rLPRI65548fbb92fb: Remove dummy cert for debmonitor.Thu, Apr 4, 11:29 AM
MoritzMuehlenhoff updated the task description. (Show Details)Thu, Apr 4, 11:33 AM
andrea.denisse changed the status of subtask T360414: Phase out cergen for Observability services from Open to In Progress.Thu, Apr 4, 5:45 PM
andrea.denisse updated the task description. (Show Details)Thu, Apr 4, 8:03 PM
akosiaris subscribed.Mon, Apr 8, 3:59 PM
MoritzMuehlenhoff updated the task description. (Show Details)Tue, Apr 9, 12:32 PM
andrea.denisse updated the task description. (Show Details)Tue, Apr 9, 4:31 PM
andrea.denisse updated the task description. (Show Details)Tue, Apr 9, 6:45 PM
MoritzMuehlenhoff updated the task description. (Show Details)Wed, Apr 10, 11:29 AM
jijiki removed a subtask: T360778: Move maps/karthoterian to PKI/cfssl.Thu, Apr 11, 9:34 AM
jijiki updated the task description. (Show Details)
MoritzMuehlenhoff updated the task description. (Show Details)Fri, Apr 12, 7:35 AM
MoritzMuehlenhoff updated the task description. (Show Details)Mon, Apr 15, 1:35 PM
MoritzMuehlenhoff updated the task description. (Show Details)Tue, Apr 16, 8:29 AM
MoritzMuehlenhoff updated the task description. (Show Details)Wed, Apr 17, 7:16 AM
Dzahn closed subtask T360413: Phase out cergen for Collaboration Services services as Resolved.Thu, Apr 18, 9:47 PM
Dzahn updated the task description. (Show Details)
Dzahn updated the task description. (Show Details)Thu, Apr 18, 11:11 PM
MoritzMuehlenhoff updated the task description. (Show Details)Thu, Apr 25, 3:22 PM
BTullis updated the task description. (Show Details)Fri, Apr 26, 5:00 PM
andrea.denisse updated the task description. (Show Details)Mon, Apr 29, 3:12 PM
andrea.denisse updated the task description. (Show Details)Mon, Apr 29, 6:30 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL