Page MenuHomePhabricator

Vgutierrez (Valentín Gutiérrez)
Senior Site Reliability Engineer, Traffic Team

Projects (6)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Saturday

  • Clear sailing ahead.

User Details

User Since
Feb 12 2018, 9:51 AM (205 w, 2 d)
Availability
Available
IRC Nick
vgutierrez
LDAP User
Vgutierrez
MediaWiki User
Unknown

Recent Activity

Tue, Jan 11

Vgutierrez updated the task description for T294120: Migrate eqiad Ganeti cluster to KVM machine type pc-i440fx-2.8.
Tue, Jan 11, 5:13 PM · Infrastructure-Foundations, SRE
Vgutierrez updated the task description for T294120: Migrate eqiad Ganeti cluster to KVM machine type pc-i440fx-2.8.
Tue, Jan 11, 4:00 PM · Infrastructure-Foundations, SRE

Wed, Jan 5

Vgutierrez updated the task description for T271421: Test envoyproxy as a WMF's CDN TLS terminator with real traffic.
Wed, Jan 5, 12:08 PM · Patch-For-Review, SRE, Traffic

Mon, Jan 3

Vgutierrez added a comment to T298293: cp2029 crashed, hardware memory error.

@Papaul cool, I'll repool the server then

Mon, Jan 3, 3:56 PM · SRE, Traffic, ops-codfw
Vgutierrez added a comment to T298293: cp2029 crashed, hardware memory error.

@Papaul yes, go ahead please. Happy new year :)

Mon, Jan 3, 3:38 PM · SRE, Traffic, ops-codfw
Vgutierrez added a comment to T298293: cp2029 crashed, hardware memory error.

System Event Log shows a failure on DIMM A1:

-------------------------------------------------------------------------------
Record:      49
Date/Time:   12/24/2021 03:32:47
Source:      system
Severity:    Critical
Description: Multi-bit memory errors detected on a memory device at location(s) DIMM_A1.
-------------------------------------------------------------------------------
Mon, Jan 3, 9:16 AM · SRE, Traffic, ops-codfw

Dec 15 2021

Vgutierrez updated the task description for T271421: Test envoyproxy as a WMF's CDN TLS terminator with real traffic.
Dec 15 2021, 9:33 AM · Patch-For-Review, SRE, Traffic

Dec 9 2021

Vgutierrez closed T297383: Add damilare to icinga as Resolved.
Dec 9 2021, 4:07 PM · SRE, SRE-Access-Requests
Vgutierrez added a member for WMF-NDA: Damilare.
Dec 9 2021, 3:43 PM
Vgutierrez triaged T297383: Add damilare to icinga as Medium priority.

per T235676 as @MoritzMuehlenhoff mentioned there, @Damilare should be added to cn=wmf group

Dec 9 2021, 2:22 PM · SRE, SRE-Access-Requests
Vgutierrez changed the status of T271421: Test envoyproxy as a WMF's CDN TLS terminator with real traffic from Open to In Progress.
Dec 9 2021, 2:00 PM · Patch-For-Review, SRE, Traffic

Dec 2 2021

Vgutierrez closed T296874: HAProxy fails to reuse connections under some conditions, a subtask of T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic, as Resolved.
Dec 2 2021, 6:22 PM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic
Vgutierrez closed T296874: HAProxy fails to reuse connections under some conditions as Resolved.
Dec 2 2021, 6:22 PM · SRE, Traffic
Vgutierrez moved T296874: HAProxy fails to reuse connections under some conditions from Triage to In Progress on the Traffic board.

As pointed out by Willy Tarreau on https://github.com/haproxy/haproxy/issues/1472#issuecomment-984745445 it's a matter of FD usage and increasing maxconn seems to solve it:

image.png (338×1 px, 36 KB)

Dec 2 2021, 6:05 PM · SRE, Traffic

Dec 1 2021

Vgutierrez created T296874: HAProxy fails to reuse connections under some conditions.
Dec 1 2021, 7:05 PM · SRE, Traffic
Vgutierrez updated the task description for T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic.
Dec 1 2021, 6:41 PM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic
Vgutierrez updated the task description for T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic.
Dec 1 2021, 1:21 PM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic

Nov 29 2021

Vgutierrez updated the task description for T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic.
Nov 29 2021, 9:57 AM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic

Nov 24 2021

Vgutierrez updated the task description for T294119: Migrate codfw Ganeti cluster to KVM machine type pc-i440fx-2.8.
Nov 24 2021, 6:58 PM · Infrastructure-Foundations, SRE

Nov 23 2021

Vgutierrez updated the task description for T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic.
Nov 23 2021, 11:18 AM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic

Nov 22 2021

Vgutierrez updated the task description for T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic.
Nov 22 2021, 7:09 PM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic
Vgutierrez updated the task description for T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic.
Nov 22 2021, 7:09 PM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic

Nov 19 2021

Vgutierrez added a comment to T295118: Can't commit on asw-b-codfw.

@ayounsi both lvs2008 and lvs2009 are primary LVS, so lvs2010 would assume the load of both during asw1-b2-codfw reboot. Far from ideal but it should be ok

Nov 19 2021, 2:48 PM · SRE-swift-storage, ops-codfw, SRE, Infrastructure-Foundations, netops

Nov 18 2021

Vgutierrez updated the task description for T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic.
Nov 18 2021, 9:33 AM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic

Nov 16 2021

Jelto awarded T295770: Cronspam from acmechief-test1001 a Like token.
Nov 16 2021, 2:41 PM · SRE
Vgutierrez closed T295770: Cronspam from acmechief-test1001, a subtask of T132324: Tracking and Reducing cron-spam to root@ , as Resolved.
Nov 16 2021, 2:39 PM · Patch-For-Review, Tracking-Neverending, SRE
Vgutierrez closed T295770: Cronspam from acmechief-test1001 as Resolved.

LE staging environment had a rough time :) It's fixed now

Nov 16 2021, 2:39 PM · SRE

Nov 11 2021

Vgutierrez updated the task description for T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic.
Nov 11 2021, 10:19 AM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic

Nov 9 2021

Vgutierrez updated the task description for T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic.
Nov 9 2021, 11:51 AM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic

Nov 8 2021

Vgutierrez changed the status of T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic from Open to In Progress.
Nov 8 2021, 10:28 AM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic

Oct 18 2021

Vgutierrez added a comment to T273956: acme-chief sometimes doesn't refresh certificates because it ignores SIGHUP.

@dcaro I've implemented systemd's watchdog support on acme-chief. This is already running on the production instances and it should avoid acme-chief to hang indefinitely, you could try enabling it on your instances as well, it should be as easy as updating to acme-chief 0.34 and setting profile::acme_chief::watchdog_sec like we did on https://gerrit.wikimedia.org/r/c/operations/puppet/+/731335

Oct 18 2021, 3:43 PM · User-dcaro, Acme-chief, cloud-services-team (Kanban)
Vgutierrez closed T292619: Implement a watchdog mechanism on acme-chief as Resolved.
Oct 18 2021, 3:40 PM · Patch-For-Review, SRE, Traffic, Acme-chief
Vgutierrez closed T292619: Implement a watchdog mechanism on acme-chief, a subtask of T273956: acme-chief sometimes doesn't refresh certificates because it ignores SIGHUP, as Resolved.
Oct 18 2021, 3:39 PM · User-dcaro, Acme-chief, cloud-services-team (Kanban)

Oct 15 2021

Vgutierrez committed rOSAC3d54c8bcaed2: acme_chief: auto-detect systemd watchdog (authored by Vgutierrez).
acme_chief: auto-detect systemd watchdog
Oct 15 2021, 9:59 AM
Vgutierrez committed rOSACdabc46932029: debian: Add release 0.34 to the changelog (authored by Vgutierrez).
debian: Add release 0.34 to the changelog
Oct 15 2021, 9:59 AM
Vgutierrez committed rOSAC3dfb70bd6b8b: Release 0.34 (authored by Vgutierrez).
Release 0.34
Oct 15 2021, 9:59 AM
Vgutierrez committed rOSAC3894009d6455: Release 0.34 (authored by Vgutierrez).
Release 0.34
Oct 15 2021, 9:26 AM

Oct 14 2021

Vgutierrez committed rOSAC248b6f1ca275: acme_chief: auto-detect systemd watchdog (authored by Vgutierrez).
acme_chief: auto-detect systemd watchdog
Oct 14 2021, 4:09 PM
Vgutierrez committed rOSACb75324f47b37: acme_chief: Add systemd based watchdog support (authored by Vgutierrez).
acme_chief: Add systemd based watchdog support
Oct 14 2021, 9:29 AM
Vgutierrez committed rOSAC4272a7a51031: Release 0.33 (authored by Vgutierrez).
Release 0.33
Oct 14 2021, 9:29 AM
Vgutierrez committed rOSACcbeca694a9f8: debian: Add release 0.33 to the changelog (authored by Vgutierrez).
debian: Add release 0.33 to the changelog
Oct 14 2021, 9:29 AM
Vgutierrez committed rOSAC985fe6e5a15e: Release 0.33 (authored by Vgutierrez).
Release 0.33
Oct 14 2021, 9:09 AM
Vgutierrez committed rOSACde8747cdd903: acme_chief: Add systemd based watchdog support (authored by Vgutierrez).
acme_chief: Add systemd based watchdog support
Oct 14 2021, 8:53 AM

Oct 6 2021

Vgutierrez triaged T292632: Many KaiOS devices can't access WMF websites and can't use Wikipedia app as Low priority.

ack, thanks for the heads up @SBisson.

Oct 6 2021, 1:27 PM · KaiOS-Wikipedia-app, SRE, Traffic, Inuka-Team
Vgutierrez triaged T292619: Implement a watchdog mechanism on acme-chief as Medium priority.
Oct 6 2021, 9:29 AM · Patch-For-Review, SRE, Traffic, Acme-chief
Vgutierrez created T292619: Implement a watchdog mechanism on acme-chief.
Oct 6 2021, 9:29 AM · Patch-For-Review, SRE, Traffic, Acme-chief
Vgutierrez closed T292537: Additional DNS entries for Wikilearn project (Community Development) as Resolved.
vgutierrez@carrot:~/wikimedia.org/operations/dns$ host _fbf735f01a612e98f20b40a80776eef1.forum.stage.learn.wiki.
_fbf735f01a612e98f20b40a80776eef1.forum.stage.learn.wiki is an alias for _579f7247d0f2261ece062c56f884b1be.fsdcfjjflr.acm-validations.aws.
vgutierrez@carrot:~/wikimedia.org/operations/dns$ host  _4a7584ade44564ae4ec7333e13fd3143.forum.learn.wiki.
_4a7584ade44564ae4ec7333e13fd3143.forum.learn.wiki is an alias for _a98f7adacc036101b58734ff92b628e7.fsdcfjjflr.acm-validations.aws.
vgutierrez@carrot:~/wikimedia.org/operations/dns$ host -t CNAME forum.stage.learn.wiki.
forum.stage.learn.wiki is an alias for wkm-stage-alb-1830818829.us-east-1.elb.amazonaws.com.
vgutierrez@carrot:~/wikimedia.org/operations/dns$ host -t CNAME forum.learn.wiki.
forum.learn.wiki is an alias for wkm-stage-alb-1830818829.us-east-1.elb.amazonaws.com.
vgutierrez@carrot:~/wikimedia.org/operations/dns$ host -t A forum.dev.learn.wiki
forum.dev.learn.wiki has address 52.44.207.59
Oct 6 2021, 5:43 AM · Traffic, SRE, DNS
Vgutierrez changed the status of T292537: Additional DNS entries for Wikilearn project (Community Development) from Stalled to In Progress.
Oct 6 2021, 5:36 AM · Traffic, SRE, DNS

Oct 5 2021

Vgutierrez changed the status of T292537: Additional DNS entries for Wikilearn project (Community Development) from In Progress to Stalled.
Oct 5 2021, 2:58 PM · Traffic, SRE, DNS
Vgutierrez added a comment to T292537: Additional DNS entries for Wikilearn project (Community Development).

@Ijon could you confirm that you want forum.dev.learn.wiki. pointing to a private class C IP (192.168.193.13)? Similar A record requested on https://phabricator.wikimedia.org/T289618 are pointing to a public IP

Oct 5 2021, 2:56 PM · Traffic, SRE, DNS
Vgutierrez moved T292537: Additional DNS entries for Wikilearn project (Community Development) from Triage to DNS Names on the Traffic board.
Oct 5 2021, 2:51 PM · Traffic, SRE, DNS
Vgutierrez changed the status of T292537: Additional DNS entries for Wikilearn project (Community Development) from Open to In Progress.
Oct 5 2021, 2:51 PM · Traffic, SRE, DNS
Vgutierrez closed T290249: Support OCSP stapling from prefetched responses in HAProxy as Resolved.
Oct 5 2021, 10:19 AM · Patch-For-Review, Acme-chief, SRE, Traffic
Vgutierrez closed T290249: Support OCSP stapling from prefetched responses in HAProxy, a subtask of T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic, as Resolved.
Oct 5 2021, 10:19 AM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic
Vgutierrez committed rOSACc0ccf55a54ee: Release 0.32 (authored by Vgutierrez).
Release 0.32
Oct 5 2021, 9:38 AM
Vgutierrez committed rOSACace9bf17180d: debian: Add release 0.32 to the changelog (authored by Vgutierrez).
debian: Add release 0.32 to the changelog
Oct 5 2021, 9:38 AM
Vgutierrez committed rOSAC8a94371c97b0: acme_chief: Adopt f-strings (authored by Vgutierrez).
acme_chief: Adopt f-strings
Oct 5 2021, 9:36 AM
Vgutierrez committed rOSAC35bb4a423a5d: acme_chief,api: Provide .alt.chained.crt.key.ocsp (authored by Vgutierrez).
acme_chief,api: Provide .alt.chained.crt.key.ocsp
Oct 5 2021, 9:36 AM
Vgutierrez committed rOSAC55ab59894999: acme_chief: Adopt f-strings (authored by Vgutierrez).
acme_chief: Adopt f-strings
Oct 5 2021, 8:58 AM
Vgutierrez committed rOSACae98eedfdf3d: acme_chief,api: Provide .alt.chained.crt.key.ocsp (authored by Vgutierrez).
acme_chief,api: Provide .alt.chained.crt.key.ocsp
Oct 5 2021, 8:58 AM
Vgutierrez committed rOSAC7cbd4bae05e1: Release 0.32 (authored by Vgutierrez).
Release 0.32
Oct 5 2021, 8:58 AM

Oct 4 2021

Vgutierrez triaged T292397: Improve runbooks for OCSP-related alerts as Medium priority.
Oct 4 2021, 9:13 AM · SRE, Traffic

Sep 16 2021

Vgutierrez closed T291090: One more DNS request for Wikilearn as Resolved.
$ host -t A learn.wiki
learn.wiki has address 76.223.57.52
learn.wiki has address 13.248.190.88
Sep 16 2021, 9:56 AM · Traffic, SRE, DNS
Vgutierrez claimed T291090: One more DNS request for Wikilearn.
Sep 16 2021, 9:48 AM · Traffic, SRE, DNS

Sep 14 2021

Vgutierrez closed T290974: Additional DNS config for WikiLearn (urgent, AWS gives us 48 hours for verification) as Resolved.
vgutierrez@carrot:~/wikimedia.org/operations/dns/templates$ host -t CNAME _e8216d92d36158dd2198ac46e3739de7.learn.wiki.
_e8216d92d36158dd2198ac46e3739de7.learn.wiki is an alias for _58bdabc6b3bcd7a4a822c4b55d531e26.tjxrvlrcqj.acm-validations.aws.
vgutierrez@carrot:~/wikimedia.org/operations/dns/templates$ host -t CNAME _256c2d7552a0581589e84c388217cf63.studio.learn.wiki.
_256c2d7552a0581589e84c388217cf63.studio.learn.wiki is an alias for _4d04201606df3b885ead3923bbc22562.tjxrvlrcqj.acm-validations.aws.
vgutierrez@carrot:~/wikimedia.org/operations/dns/templates$ host -t CNAME       _b12a640fb8ea864c63c53fbfaded67d9.preview.learn.wiki.
_b12a640fb8ea864c63c53fbfaded67d9.preview.learn.wiki is an alias for _dfcb2ce82ae8cde2fe4c1619ba3a98bd.tjxrvlrcqj.acm-validations.aws.
vgutierrez@carrot:~/wikimedia.org/operations/dns/templates$ host -t CNAME learn.wiki.
learn.wiki has no CNAME record
vgutierrez@carrot:~/wikimedia.org/operations/dns/templates$ host -t CNAME studio.learn.wiki.
studio.learn.wiki is an alias for wkm-prod-alb-30644061.us-east-1.elb.amazonaws.com.
vgutierrez@carrot:~/wikimedia.org/operations/dns/templates$ host -t CNAME preview.learn.wiki.
preview.learn.wiki is an alias for wkm-prod-alb-30644061.us-east-1.elb.amazonaws.com.
vgutierrez@carrot:~/wikimedia.org/operations/dns/templates$ host -t TXT _amazonses.learn.wiki.
_amazonses.learn.wiki descriptive text "VDUH3otBclfADNvl3b7igVUZk39fOGFCXTCbhOAOEtE"
vgutierrez@carrot:~/wikimedia.org/operations/dns/templates$ host -t CNAME k2w5gqxlbqljncvwtmljsgjszb4i4yzx._domainkey.learn.wiki.
k2w5gqxlbqljncvwtmljsgjszb4i4yzx._domainkey.learn.wiki is an alias for k2w5gqxlbqljncvwtmljsgjszb4i4yzx.dkim.amazonses.com.
vgutierrez@carrot:~/wikimedia.org/operations/dns/templates$ host -t CNAME nhosmjwhmrc45ccjktnxm2k6dleook7v._domainkey.learn.wiki.
nhosmjwhmrc45ccjktnxm2k6dleook7v._domainkey.learn.wiki is an alias for nhosmjwhmrc45ccjktnxm2k6dleook7v.dkim.amazonses.com.
vgutierrez@carrot:~/wikimedia.org/operations/dns/templates$ host -t CNAME tulpi7swkxlvoep2v4xdmenctf7zojbw._domainkey.learn.wiki.
tulpi7swkxlvoep2v4xdmenctf7zojbw._domainkey.learn.wiki is an alias for tulpi7swkxlvoep2v4xdmenctf7zojbw.dkim.amazonses.com.
vgutierrez@carrot:~/wikimedia.org/operations/dns/templates$ host -t MX learn.wiki.
learn.wiki mail is handled by 10 inbound-smtp.us-east-1.amazonaws.com.
Sep 14 2021, 3:17 PM · Traffic, SRE, DNS
Vgutierrez added a comment to T290974: Additional DNS config for WikiLearn (urgent, AWS gives us 48 hours for verification).

we cannot provide a CNAME record on the apex of a zone, so we cannot fulfill:

learn.wiki	CNAME	wkm-prod-alb-30644061.us-east-1.elb.amazonaws.com.
Sep 14 2021, 2:52 PM · Traffic, SRE, DNS
Vgutierrez claimed T290974: Additional DNS config for WikiLearn (urgent, AWS gives us 48 hours for verification).
Sep 14 2021, 2:47 PM · Traffic, SRE, DNS

Sep 13 2021

Vgutierrez committed rOSACf704f190ba7c: debian: Add release 0.31 to the changelog (authored by Vgutierrez).
debian: Add release 0.31 to the changelog
Sep 13 2021, 2:30 PM
Vgutierrez committed rOSAC6117f4ad4748: api: Fix destination on symlinks to files (authored by Vgutierrez).
api: Fix destination on symlinks to files
Sep 13 2021, 2:30 PM
Vgutierrez committed rOSACc96816967ae9: Release 0.31 (authored by Vgutierrez).
Release 0.31
Sep 13 2021, 2:30 PM
Vgutierrez committed rOSAC9ed9c2a03980: Release 0.31 (authored by Vgutierrez).
Release 0.31
Sep 13 2021, 2:15 PM
Vgutierrez committed rOSAC4cc1c3bb5c66: api: Fix destination on symlinks to files (authored by Vgutierrez).
api: Fix destination on symlinks to files
Sep 13 2021, 2:13 PM
Vgutierrez committed rOSACdb150e421371: embrace latest pylint recommendations (authored by Vgutierrez).
embrace latest pylint recommendations
Sep 13 2021, 12:31 PM
Vgutierrez committed rOSAC9c96f733e012: acme_chief,api: Provide .chained.crt.key.ocsp (authored by Vgutierrez).
acme_chief,api: Provide .chained.crt.key.ocsp
Sep 13 2021, 12:31 PM
Vgutierrez committed rOSAC5897768d4fde: debian: Add release 0.30 to the changelog (authored by Vgutierrez).
debian: Add release 0.30 to the changelog
Sep 13 2021, 12:31 PM
Vgutierrez committed rOSACb3d719811dfb: Release 0.30 (authored by Vgutierrez).
Release 0.30
Sep 13 2021, 12:31 PM
Vgutierrez committed rOSAC1586e43118a0: embrace latest pylint recommendations (authored by Vgutierrez).
embrace latest pylint recommendations
Sep 13 2021, 11:18 AM
Vgutierrez committed rOSAC50244744c10b: acme_chief,api: Provide .chained.crt.key.ocsp (authored by Vgutierrez).
acme_chief,api: Provide .chained.crt.key.ocsp
Sep 13 2021, 11:18 AM
Vgutierrez committed rOSAC09c6903a0e97: Release 0.30 (authored by Vgutierrez).
Release 0.30
Sep 13 2021, 11:18 AM

Sep 10 2021

Vgutierrez updated the task description for T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic.
Sep 10 2021, 2:59 PM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic

Sep 9 2021

Vgutierrez updated the task description for T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic.
Sep 9 2021, 2:00 PM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic
Vgutierrez updated the task description for T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic.
Sep 9 2021, 10:40 AM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic

Sep 8 2021

Vgutierrez updated the task description for T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic.
Sep 8 2021, 10:57 AM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic

Sep 6 2021

Vgutierrez updated the task description for T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic.
Sep 6 2021, 10:13 AM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic
Vgutierrez updated the task description for T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic.
Sep 6 2021, 9:03 AM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic

Sep 2 2021

Vgutierrez triaged T290249: Support OCSP stapling from prefetched responses in HAProxy as Medium priority.
Sep 2 2021, 12:52 PM · Patch-For-Review, Acme-chief, SRE, Traffic
Vgutierrez created T290249: Support OCSP stapling from prefetched responses in HAProxy.
Sep 2 2021, 12:51 PM · Patch-For-Review, Acme-chief, SRE, Traffic
Vgutierrez updated the task description for T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic.
Sep 2 2021, 10:56 AM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic

Sep 1 2021

Vgutierrez updated the task description for T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic.
Sep 1 2021, 5:38 PM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic
Vgutierrez updated the task description for T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic.
Sep 1 2021, 10:25 AM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic

Aug 31 2021

Vgutierrez closed T290025: More DNS entries for WikiLearn servers as Resolved.
vgutierrez@carrot:~$ host -t CAA learn.wiki
learn.wiki has CAA record 0 issue "letsencrypt.org"
learn.wiki has CAA record 0 issue "amazonaws.com"
learn.wiki has CAA record 0 iodef "mailto:dns-admin@wikimedia.org"
vgutierrez@carrot:~$ host -t CNAME stage.learn.wiki
stage.learn.wiki is an alias for wkm-stage-alb-1830818829.us-east-1.elb.amazonaws.com.
vgutierrez@carrot:~$ host -t CNAME studio.stage.learn.wiki
studio.stage.learn.wiki is an alias for wkm-stage-alb-1830818829.us-east-1.elb.amazonaws.com.
vgutierrez@carrot:~$ host -t CNAME preview.stage.learn.wiki
preview.stage.learn.wiki is an alias for wkm-stage-alb-1830818829.us-east-1.elb.amazonaws.com.
vgutierrez@carrot:~$ host -t CNAME _61ef234b53f9d1df78fddb5179f70155.stage.learn.wiki.
_61ef234b53f9d1df78fddb5179f70155.stage.learn.wiki is an alias for _390499340809cea809dcad753d3c57cd.gxwgcdsjsl.acm-validations.aws.
vgutierrez@carrot:~$ host -t CNAME _bfdf84f9d4a23b8756ee575712ddd473.preview.stage.learn.wiki.
_bfdf84f9d4a23b8756ee575712ddd473.preview.stage.learn.wiki is an alias for _501a2342f529a473e3d6b269b80141a3.gxwgcdsjsl.acm-validations.aws.
vgutierrez@carrot:~$ host -t CNAME _3ea1d33ff340b6ba4eae76b25cbb5258.studio.stage.learn.wiki.
_3ea1d33ff340b6ba4eae76b25cbb5258.studio.stage.learn.wiki is an alias for _6b229449d1e21a3e386e0ecb8269fdce.gxwgcdsjsl.acm-validations.aws.
Aug 31 2021, 10:16 AM · Traffic, SRE, DNS
Vgutierrez added a comment to T290025: More DNS entries for WikiLearn servers.

From https://docs.aws.amazon.com/acm/latest/userguide/setup-caa.html it looks like any of amazon.com, amazontrust.com, awstrust.com or amazonaws.com would do it as a CAA value, so I've added an amazonaws.com CAA record on https://gerrit.wikimedia.org/r/715706

Aug 31 2021, 9:50 AM · Traffic, SRE, DNS
Vgutierrez added a comment to T290025: More DNS entries for WikiLearn servers.

I guess you also need a proper CAA record to authorize AWS CA to issue certs for learn.wiki

Aug 31 2021, 9:33 AM · Traffic, SRE, DNS
Vgutierrez moved T290025: More DNS entries for WikiLearn servers from Triage to DNS Names on the Traffic board.
Aug 31 2021, 9:32 AM · Traffic, SRE, DNS

Aug 30 2021

Vgutierrez updated the task description for T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic.
Aug 30 2021, 2:45 PM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic
Vgutierrez updated the task description for T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic.
Aug 30 2021, 2:39 PM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic
Vgutierrez updated the task description for T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic.
Aug 30 2021, 1:45 PM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic
Vgutierrez moved T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic from Triage to TLS on the Traffic board.
Aug 30 2021, 1:42 PM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic
Vgutierrez triaged T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic as Medium priority.
Aug 30 2021, 1:41 PM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic
Vgutierrez created T290005: Test haproxy as a WMF's CDN TLS terminator with real traffic.
Aug 30 2021, 1:41 PM · Performance-Team (Radar), Patch-For-Review, SRE, Traffic