1151131 - decom aus.mozillamessaging.com and aus2.mozillamessaging.com

Status: RESOLVED FIXED

(Infrastructure & Operations Graveyard :: WebOps: Other, task)

Description

[:Atoll]

We have a vestigial aus.mozillamessaging.com site that has a long-expired SSL cert, and Thunderbird doesn't use this domain in recent years. Verify with owners that we can shut it down, or renew the cert to fix it.

Comment 1

[:Atoll]

zlb8.ops.phx1:

SSL Certificate: aus.mozillamessaging.com
> This certificate is used by the following virtual servers: aus2-momo (Default), aus2-momo (For IP 'aus2.mozillamessaging.com')

Virtual Server: aus2-momo (HTTP, port 443, SSL-decrypt)
> Default Certificate: aus.mozillamessaging.com
> SNI Hostname: aus2.mozillamessaging.com -> Certificate: aus.mozillamessaging.com
> Pools: discard
> Rules: aus-redirect-to-aus4
>> http.changeSite( "https://aus4.mozilla.org" );
> Traffic IP: aus2.mozillamessaging.com
>> 63.245.217.185/24

DNS:
> aus.mozillamessaging.com CNAME aus2.mozillamessaging.zlb.phx.mozilla.net
> aus2.mozillamessaging.com CNAME aus2.mozillamessaging.zlb.phx.mozilla.net
> aus2.mozillamessaging.zlb.phx.mozilla.net A 63.245.217.185

SSL Certificate: aus.mozillamessaging.com:
> CN=aus.mozillamessaging.com
> DNS:aus2.mozillamessaging.com, DNS:aus.mozillamessaging.com

Comment 2

[:Atoll]

Notified various interested parties that this will be decom'd no sooner than 7 days from now unless objections are made.

Comment 3

[John Jensen]

Hi all,

As long as this is true:

> Thunderbird doesn't use this domain in recent years

... which of course I am sure it is, I am fine with this.

John

Comment 4

[:Atoll]

Various quotes about this:

:bhearsum, in reply to "Should we renew this SSL certificate": "Seems unlikely to me. Thunderbird has low usage, and they've been on aus3.mozilla.org for a couple of years. I'm curious if Nick or Mark have any thoughts though."  -- March 30th

:nthomas, on a related thread: "tl;dr I don't care about aus.mozillamessaging.com, but aus2.mozillamessaging.com may still be relevant." -- March 30th

:jakem, same: "aus.mozillamessaging.com seems to just not be configured at all in apache. Not sure when it fell off, maybe a long time ago." -- February 4th

:bhearsum, same: "the only clients that will point at aus.mozillamessaging.com are old Thunderbird versions that pin to the old." -- March 2nd

Comment 5

[Kent James (:rkent)]

Gozer would probably know the history of this.

Comment 6

[bhearsum@mozilla.com (:bhearsum)]

I'm fine with killing it.

Comment 7

[:Atoll]

I spoke with :rkent at length today and we've agreed that these are no longer necessary.

aus2.mome was removed in ESR10 (bug 751679) in mid-2012, and aus.mome was removed some time prior to that, so anyone who hasn't updated by now stopped receiving updates months (years) ago when the SSL certs expired.

Proceeding with decom. Our first step will be to shut off the endpoints and then wait a month or three to see what happens.

Comment 8

[:Atoll]

We are on hold again, based on a complaint from bug 1246269, and having taken little or no action so far, will wait 2-4 weeks for a reply on that path. No changes made at this time.

Comment 9

[:Atoll]

While we wait, since there's no further value in serving updates with an invalid SSL certificate, I've turned off the virtual server 'aus2-momo' on zlb1.external.private.phx1, which serves aus. and aus2.mozillamessaging.com.

We can reactivate it if we choose to move forward with continuing this service.

Comment 10

[:Atoll]

There has been no further action on bug 1246269 since 5 months ago, and so whether or not we intend to *someday* stand up a replacement AUS/AUS2.momo service, we are going to begin tearing down the infrastructure we have today as a ridealong with the Balrog datacenter exit.

Webops, okay to proceed on this work.

Comment 11

[Ryan Watson [:w0ts0n]]

Removed
aus.mozillamessaging.com && aus2.mozillamessaging.com CNAME from DNS. Pausing.

Comment 12

[Ryan Watson [:w0ts0n]]

Removed zeus entry and legacy cert.

I think we are done here.