Closed
Bug 1153508
Opened 9 years ago
Closed 9 years ago
set up crash-reports-xpsp2 endpoint for crash-reports
Categories
(Socorro :: Infra, task)
Socorro
Infra
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: rhelmer, Unassigned)
References
Details
Bug 1138794 created crash-reports-xpsp2 which uses weaker SSL so we can get crash reports from XP SP2 (see bug 1138794 comment 55 for details.) http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/US_SetUpASLBApp.html says "You can register multiple load balancers with a single Auto Scaling group." so hopefully we can just have two ELBs for this service with different certs.
|
||
Comment 1•9 years ago
|
||
(In reply to Robert Helmer [:rhelmer] from comment #0) > hopefully we can just have two ELBs for this service with different certs. ...and different SSL settings - IIRC, this endpoint needs to support SSLv3 as well (while others shouldn't).
|
||
Comment 2•9 years ago
|
||
AWS ELB's definitely support SSLv3, and we can set each autoscaling group up to scale into whichever ELBs we like. The one caveat is you cannot arbitrarily add/remove ELBs per AS, you have to destroy and recreate to get the group to change which ELBs it scales into.
|
Reporter | |
Updated•9 years ago
|
|
|
Reporter | |
Comment 3•9 years ago
|
||
Maybe dmajor can help test this new XP endpoint in AWS.
Flags: needinfo?(dmajor)
Softvision has a more complete set of OSes than me, so I'd recommend flagging them once you're ready. Basically you'd want the same test as in bug 1154298 comment 46.
Flags: needinfo?(dmajor)
|
||
Comment 5•9 years ago
|
||
(In reply to JP Schneider [:jp] from comment #2) > AWS ELB's definitely support SSLv3, and we can set each autoscaling group up > to scale into whichever ELBs we like. The one caveat is you cannot > arbitrarily add/remove ELBs per AS, you have to destroy and recreate to get > the group to change which ELBs it scales into. AWS ELBs have a series of "policies"[0] which group different HTTPS (read: TLS and SSL) profiles together. It is possible that the "2011-08" policy would be appropriate for this purpose (remains to be verified), otherwise we can define a custom policy that fits our needs. Unfortunately for us, these policies cannot currently be managed in Terraform[1], so this may end up be trickier than we'd first envisioned... [0] https://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-security-policy-options.html [1] https://github.com/hashicorp/terraform/issues/1226
|
|
||
Comment 6•9 years ago
|
||
(In reply to Daniel Maher [:phrawzty] from comment #5) > Unfortunately for us, these policies cannot currently be managed in > Terraform[1], so this may end up be trickier than we'd first envisioned... A viable work-around is to use local-exec to call out to the aws cli tool in order to perform the policy acrobatics. It's janky but functional, and may be the only option for now. https://github.com/mozilla/socorro-infra/pull/171
|
|
||
Comment 7•9 years ago
|
||
This is setup, and will just need its permanent cert.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Comment 8•9 years ago
|
||
Hi! We are in the process of moving the crash-reports XP endpoint, could you possibly redo the same test as bug 1154298 comment 46 but against crash-reports-xpsp2.mocotoolsprod.net ? You'll need to connect to it as crash-reports-xpsp2.mozilla.com, until the DNS change goes live later today. Thanks!
Flags: needinfo?(camelia.badau)
|
|
||
Comment 9•9 years ago
|
||
The best way to test it will be to update your /etc/hosts file or equivalent to add this line, and then remove it after testing: crash-reports.xpsp2.mozilla.com 52.25.192.241
|
|
||
Comment 10•9 years ago
|
||
ooops, make that: crash-reports-xpsp2.mozilla.com 52.25.192.241
|
||
Comment 11•9 years ago
|
||
I've added this line: crash-reports-xpsp2.mozilla.com 52.25.192.241 to my /etc/hosts file and I've tested on Windows XP SP2 (32bit and 64bit) and Windows XP SP3 (32bit) using latest Nightly 41.0a1 (buildID: 20150621030204): all works as expected - the crash-reports are correctly submitted. I will test tomorrow on Windows Server 2003 SP1 (32bit and 64bit) and Windows Server 2003 SP2 (32bit and 64bit).
|
|
Reporter | |
Comment 12•9 years ago
|
||
(In reply to Camelia Badau, QA [:cbadau] from comment #11) > I've added this line: crash-reports-xpsp2.mozilla.com 52.25.192.241 to my > /etc/hosts file and I've tested on Windows XP SP2 (32bit and 64bit) and > Windows XP SP3 (32bit) using latest Nightly 41.0a1 (buildID: > 20150621030204): all works as expected - the crash-reports are correctly > submitted. > > I will test tomorrow on Windows Server 2003 SP1 (32bit and 64bit) and > Windows Server 2003 SP2 (32bit and 64bit). Sorry but we actually pointed collection back at the old site temporarily, would you mind re-testing once bug 1176541 is closed? I can ping you when that's ready too. Thanks!
|
|
||
Comment 13•9 years ago
|
||
(In reply to Robert Helmer [:rhelmer] from comment #12) > (In reply to Camelia Badau, QA [:cbadau] from comment #11) > > I've added this line: crash-reports-xpsp2.mozilla.com 52.25.192.241 to my > > /etc/hosts file and I've tested on Windows XP SP2 (32bit and 64bit) and > > Windows XP SP3 (32bit) using latest Nightly 41.0a1 (buildID: > > 20150621030204): all works as expected - the crash-reports are correctly > > submitted. > > > > I will test tomorrow on Windows Server 2003 SP1 (32bit and 64bit) and > > Windows Server 2003 SP2 (32bit and 64bit). > > Sorry but we actually pointed collection back at the old site temporarily, > would you mind re-testing once bug 1176541 is closed? I can ping you when > that's ready too. Thanks! Ok, please ping me when that's ready so I can re-test it. Thanks!
Flags: needinfo?(camelia.badau)
You need to log in
before you can comment on or make changes to this bug.
Description
•