Closed
Bug 1151131
Opened 9 years ago
Closed 8 years ago
decom aus.mozillamessaging.com and aus2.mozillamessaging.com
Categories
(Infrastructure & Operations Graveyard :: WebOps: Other, task)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: Atoll, Assigned: rwatson)
References
(Depends on 1 open bug)
Details
(Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/889] )
We have a vestigial aus.mozillamessaging.com site that has a long-expired SSL cert, and Thunderbird doesn't use this domain in recent years. Verify with owners that we can shut it down, or renew the cert to fix it.
zlb8.ops.phx1: SSL Certificate: aus.mozillamessaging.com > This certificate is used by the following virtual servers: aus2-momo (Default), aus2-momo (For IP 'aus2.mozillamessaging.com') Virtual Server: aus2-momo (HTTP, port 443, SSL-decrypt) > Default Certificate: aus.mozillamessaging.com > SNI Hostname: aus2.mozillamessaging.com -> Certificate: aus.mozillamessaging.com > Pools: discard > Rules: aus-redirect-to-aus4 >> http.changeSite( "https://aus4.mozilla.org" ); > Traffic IP: aus2.mozillamessaging.com >> 63.245.217.185/24 DNS: > aus.mozillamessaging.com CNAME aus2.mozillamessaging.zlb.phx.mozilla.net > aus2.mozillamessaging.com CNAME aus2.mozillamessaging.zlb.phx.mozilla.net > aus2.mozillamessaging.zlb.phx.mozilla.net A 63.245.217.185 SSL Certificate: aus.mozillamessaging.com: > CN=aus.mozillamessaging.com > DNS:aus2.mozillamessaging.com, DNS:aus.mozillamessaging.com
Notified various interested parties that this will be decom'd no sooner than 7 days from now unless objections are made.
Comment 3•9 years ago
|
||
Hi all,
As long as this is true:
> Thunderbird doesn't use this domain in recent years
... which of course I am sure it is, I am fine with this.
John
Various quotes about this: :bhearsum, in reply to "Should we renew this SSL certificate": "Seems unlikely to me. Thunderbird has low usage, and they've been on aus3.mozilla.org for a couple of years. I'm curious if Nick or Mark have any thoughts though." -- March 30th :nthomas, on a related thread: "tl;dr I don't care about aus.mozillamessaging.com, but aus2.mozillamessaging.com may still be relevant." -- March 30th :jakem, same: "aus.mozillamessaging.com seems to just not be configured at all in apache. Not sure when it fell off, maybe a long time ago." -- February 4th :bhearsum, same: "the only clients that will point at aus.mozillamessaging.com are old Thunderbird versions that pin to the old." -- March 2nd
Comment 5•9 years ago
|
||
Gozer would probably know the history of this.
Comment 6•9 years ago
|
||
I'm fine with killing it.
I spoke with :rkent at length today and we've agreed that these are no longer necessary. aus2.mome was removed in ESR10 (bug 751679) in mid-2012, and aus.mome was removed some time prior to that, so anyone who hasn't updated by now stopped receiving updates months (years) ago when the SSL certs expired. Proceeding with decom. Our first step will be to shut off the endpoints and then wait a month or three to see what happens.
Summary: decom or redirect aus.mozillamessaging.com? → decom aus.mozillamessaging.com and aus2.mozillamessaging.com
We are on hold again, based on a complaint from bug 1246269, and having taken little or no action so far, will wait 2-4 weeks for a reply on that path. No changes made at this time.
While we wait, since there's no further value in serving updates with an invalid SSL certificate, I've turned off the virtual server 'aus2-momo' on zlb1.external.private.phx1, which serves aus. and aus2.mozillamessaging.com. We can reactivate it if we choose to move forward with continuing this service.
Reporter | ||
Comment 10•8 years ago
|
||
There has been no further action on bug 1246269 since 5 months ago, and so whether or not we intend to *someday* stand up a replacement AUS/AUS2.momo service, we are going to begin tearing down the infrastructure we have today as a ridealong with the Balrog datacenter exit. Webops, okay to proceed on this work.
Assignee | ||
Comment 11•8 years ago
|
||
Removed aus.mozillamessaging.com && aus2.mozillamessaging.com CNAME from DNS. Pausing.
Assignee | ||
Comment 12•8 years ago
|
||
Removed zeus entry and legacy cert. I think we are done here.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Updated•5 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•