Closed Bug 1056167 Opened 10 years ago Closed 10 years ago

Loop — Stage and Production wrong fxaAudience configuration

Categories

(Cloud Services :: Operations: Deployment Requests - DEPRECATED, task)

Product:
Cloud Services
Component:
Operations: Deployment Requests - DEPRECATED
Platform:
x86_64
Linux
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: rhubscher, Assigned: dwilson)

References

Details

(Whiteboard: [qa+]) 

When testing 1045966 I realized that the fxaAudience configuration for loop-server on Stage and Production is probably wrong.

It should be:

For production: 

  "fxaAudiences": [
    "https://loop.services.mozilla.com",
    "app://loop.services.mozilla.com"
  ],

For stage:

  "fxaAudiences": [
    "https://loop.stage.mozaws.net",
    "app://loop.stage.mozaws.net"
  ],
Assignee: nobody → bwong
Assignee: bwong → bobm
Using this bug as our proxy deployment bug for Loop-Server Stage and Prod...
Status: NEW → ASSIGNED
Whiteboard: [qa+]
Checking the new instance in Stage now:

/data/loop-server/config/settings.json shows the following:
    "fxaAudiences": [
        "app://loop.stage.mozaws.net",
        "https://loop.stage.mozaws.net"
    ],



/etc/puppet/yaml/app/loop_server.stage.yaml shows the following:
...etc...
    # domain of website for fxa verification
    fxaAudiences: 
        - "https://loop.stage.mozaws.net"
    fxaVerifier: "https://verifier.stage.mozaws.net/v2"
    fxaTrustedIssuers: 
        - "auth.stage.mozaws.net"
...etc...
    fxaAudiences: 
        - "https://loop.stage.mozaws.net"
        - "app://loop.stage.mozaws.net"
    fxaVerifier: "https://verifier.stage.mozaws.net/v2"
    fxaTrustedIssuers: 
        - "api-accounts.stage.mozaws.net"
        - "msisdn-dev.stage.mozaws.net"


Should their be duplicate entries in this yaml?



/etc/puppet/yaml/app/loop_server.yaml shows the following:
    # fxaAudience should be the server's url
    fxaAudiences: 
        - "http://loop.services.mozilla.com"
        - "app://loop.services.mozilla.com"

As the "default", I expected these values, but please confirm.
This configuration change has been pushed to Stage.  As long as the duplicates aren't hurting anything, I'll leave it as is, and wait for confirmation from :mostlygeek .
OK, so assuming we are good, we can push to Prod tomorrow (Thu)...
Otherwise, let's fix the dupes in Stage.
Great let me know when you are ready with it.
On stage we are also missing the fxaTrustedIssuers configuration:

  fxaTrustedIssuers: ["api.accounts.firefox.com", "msisdn.stage.mozaws.net"]
I am wondering if we don't want to put all of them on stage.

  fxaTrustedIssuers: ["api.accounts.firefox.com", "msisdn.stage.mozaws.net" , "msisdn-dev.stage.mozaws.net", "msisdn.services.mozilla.com"]
Interesting idea. Should not hurt, but let's run it by OPs...
Flags: needinfo?(bwong)
Flags: needinfo?(bobm)
I don't see why not. It should be a quick config tweak.
Flags: needinfo?(bwong)
OK, I will wait for changes before hitting Stage over again.

Also - we should address this:
bug 1057090
:bobm 
or
"mostlygeek

I need this to move forward for my testing.
Any ETA on the config changes for Stage?
(In reply to James Bonacci [:jbonacci] from comment #11)
> :bobm 
> or
> "mostlygeek

Working on it.
Flags: needinfo?(bobm)
Audiences added in Puppet.  Okay to re-roll stage instance?
:bobm yes please re-deploy Loop-Server Stage...
(In reply to James Bonacci [:jbonacci] from comment #14)
> :bobm yes please re-deploy Loop-Server Stage...

Re-deploy complete.
OK. For loop_server.yaml:
    fxaAudiences: 
        - "http://loop.services.mozilla.com"
        - "app://loop.services.mozilla.com"
    fxaVerifier: "https://verifier.accounts.firefox.com/v2"
    fxaTrustedIssuers: 
        - "api.accounts.firefox.com"
        - "msisdn.services.mozilla.com"


And for loop_server.stage.yaml
    fxaAudiences: 
        - "https://loop.stage.mozaws.net"
    fxaVerifier: "https://verifier.stage.mozaws.net/v2"
    fxaTrustedIssuers: 
        - "auth.stage.mozaws.net"

and further down:
    fxaAudiences: 
        - "https://loop.stage.mozaws.net"
        - "app://loop.stage.mozaws.net"
    fxaVerifier: "https://verifier.stage.mozaws.net/v2"
    fxaTrustedIssuers: 
        - "api-accounts.stage.mozaws.net"
        - "msisdn-dev.stage.mozaws.net"
        - "api.accounts.firefox.com"
        - "msisdn.stage.mozaws.net"
        - "msisdn.services.mozilla.com"


and, finally, for /data/loop-server/config/settings.json
    "fxaAudiences": [
        "app://loop.stage.mozaws.net",
        "https://loop.stage.mozaws.net"
    ],
    "fxaTrustedIssuers": [
        "api-accounts.stage.mozaws.net",
        "api.accounts.firefox.com",
        "msisdn-dev.stage.mozaws.net",
        "msisdn.services.mozilla.com",
        "msisdn.stage.mozaws.net"
    ],
    "fxaVerifier": "https://verifier.stage.mozaws.net/v2",



Stage looks good.
Let's get these config changes out to Production.
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
We have the same ticket for Stage and Production. So I reopened. It has been closed for Stage. Lets do it for Production.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Assignee: bobm → dwilson
Loop-Client Prod has been updated. This is our next bug to focus on.
I assume this will be Monday for EU, Tuesday for US peoples...
It appears this is already in Prod. Having OPs check.
Status: REOPENED → RESOLVED
Closed: 10 years ago10 years ago
Resolution: --- → FIXED
Not in Prod, but in puppet configs - just needs to be pushed to Prod.
Sorry about that...
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Blocks: 1063262
This has now been pushed to prod with code release 0.11.0
Status: REOPENED → RESOLVED
Closed: 10 years ago10 years ago
Resolution: --- → FIXED
I verified the changes to Prod via OPs...
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.