bugzilla.mozilla.org has resumed normal operation. Attachments prior to 2014 will be unavailable for a few days. This is tracked in Bug 1475801.
Please report any other irregularities here.

set up crash-reports-xpsp2 endpoint for crash-reports

RESOLVED FIXED

Status

Socorro
Infra
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: rhelmer, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

3 years ago
Bug 1138794 created crash-reports-xpsp2 which uses weaker SSL so we can get crash reports from XP SP2 (see bug 1138794 comment 55 for details.)

http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/US_SetUpASLBApp.html says "You can register multiple load balancers with a single Auto Scaling group." so hopefully we can just have two ELBs for this service with different certs.

Comment 1

3 years ago
(In reply to Robert Helmer [:rhelmer] from comment #0)
> hopefully we can just have two ELBs for this service with different certs.

...and different SSL settings - IIRC, this endpoint needs to support SSLv3 as well (while others shouldn't).

Comment 2

3 years ago
AWS ELB's definitely support SSLv3, and we can set each autoscaling group up to scale into whichever ELBs we like.  The one caveat is you cannot arbitrarily add/remove ELBs per AS, you have to destroy and recreate to get the group to change which ELBs it scales into.
(Reporter)

Updated

3 years ago
Blocks: 1118288
No longer blocks: 1123833
(Reporter)

Comment 3

3 years ago
Maybe dmajor can help test this new XP endpoint in AWS.
Flags: needinfo?(dmajor)
Softvision has a more complete set of OSes than me, so I'd recommend flagging them once you're ready. Basically you'd want the same test as in bug 1154298 comment 46.
Flags: needinfo?(dmajor)
(In reply to JP Schneider [:jp] from comment #2)
> AWS ELB's definitely support SSLv3, and we can set each autoscaling group up
> to scale into whichever ELBs we like.  The one caveat is you cannot
> arbitrarily add/remove ELBs per AS, you have to destroy and recreate to get
> the group to change which ELBs it scales into.

AWS ELBs have a series of "policies"[0] which group different HTTPS (read: TLS and SSL) profiles together. It is possible that the "2011-08" policy would be appropriate for this purpose (remains to be verified), otherwise we can define a custom policy that fits our needs.

Unfortunately for us, these policies cannot currently be managed in Terraform[1], so this may end up be trickier than we'd first envisioned...


[0] https://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-security-policy-options.html
[1] https://github.com/hashicorp/terraform/issues/1226
(In reply to Daniel Maher [:phrawzty] from comment #5)
> Unfortunately for us, these policies cannot currently be managed in
> Terraform[1], so this may end up be trickier than we'd first envisioned...

A viable work-around is to use local-exec to call out to the aws cli tool in order to perform the policy acrobatics. It's janky but functional, and may be the only option for now.

https://github.com/mozilla/socorro-infra/pull/171

Comment 7

3 years ago
This is setup, and will just need its permanent cert.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
(Reporter)

Comment 8

3 years ago
Hi! We are in the process of moving the crash-reports XP endpoint, could you possibly redo the same test as bug 1154298 comment 46 but against crash-reports-xpsp2.mocotoolsprod.net ?

You'll need to connect to it as crash-reports-xpsp2.mozilla.com, until the DNS change goes live later today.

Thanks!
Flags: needinfo?(camelia.badau)

Comment 9

3 years ago
The best way to test it will be to update your /etc/hosts file or equivalent to add this line, and then remove it after testing:

crash-reports.xpsp2.mozilla.com 52.25.192.241

Comment 10

3 years ago
ooops, make that:
crash-reports-xpsp2.mozilla.com 52.25.192.241
I've added this line: crash-reports-xpsp2.mozilla.com 52.25.192.241 to my /etc/hosts file and I've tested on Windows XP SP2 (32bit and 64bit) and Windows XP SP3 (32bit) using latest Nightly 41.0a1 (buildID: 20150621030204): all works as expected - the crash-reports are correctly submitted. 

I will test tomorrow on Windows Server 2003 SP1 (32bit and 64bit) and Windows Server 2003 SP2 (32bit and 64bit).
(Reporter)

Comment 12

3 years ago
(In reply to Camelia Badau, QA [:cbadau] from comment #11)
> I've added this line: crash-reports-xpsp2.mozilla.com 52.25.192.241 to my
> /etc/hosts file and I've tested on Windows XP SP2 (32bit and 64bit) and
> Windows XP SP3 (32bit) using latest Nightly 41.0a1 (buildID:
> 20150621030204): all works as expected - the crash-reports are correctly
> submitted. 
> 
> I will test tomorrow on Windows Server 2003 SP1 (32bit and 64bit) and
> Windows Server 2003 SP2 (32bit and 64bit).

Sorry but we actually pointed collection back at the old site temporarily, would you mind re-testing once bug 1176541 is closed? I can ping you when that's ready too. Thanks!
(In reply to Robert Helmer [:rhelmer] from comment #12)
> (In reply to Camelia Badau, QA [:cbadau] from comment #11)
> > I've added this line: crash-reports-xpsp2.mozilla.com 52.25.192.241 to my
> > /etc/hosts file and I've tested on Windows XP SP2 (32bit and 64bit) and
> > Windows XP SP3 (32bit) using latest Nightly 41.0a1 (buildID:
> > 20150621030204): all works as expected - the crash-reports are correctly
> > submitted. 
> > 
> > I will test tomorrow on Windows Server 2003 SP1 (32bit and 64bit) and
> > Windows Server 2003 SP2 (32bit and 64bit).
> 
> Sorry but we actually pointed collection back at the old site temporarily,
> would you mind re-testing once bug 1176541 is closed? I can ping you when
> that's ready too. Thanks!

Ok, please ping me when that's ready so I can re-test it. Thanks!
Flags: needinfo?(camelia.badau)
You need to log in before you can comment on or make changes to this bug.