Subdomain does not resolve for apps deployed to paas.mozilla.org

RESOLVED INVALID

Status

Infrastructure & Operations
WebOps: Other
RESOLVED INVALID
3 years ago
3 years ago

People

(Reporter: emorley, Unassigned)

Tracking

Details

(Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/1411] )

Bugherder is currently successfully deployed to bugherder.paas.**allizom**.org (https://bugherder.paas.allizom.org/), however when I deploy to paas.**mozilla**.org, I get DNS resolution errors:

[~/src/bugherder]$ stackato target api.paas.mozilla.org
Successfully targeted to [https://api.paas.mozilla.org]

[~/src/bugherder]$ stackato group bugherder
Successfully set current group to [bugherder]

[~/src/bugherder]$ stackato push --no-prompt
Pushing application 'bugherder'...
Framework:       buildpack
Runtime:         <framework-specific default>
Application Url: bugherder.paas.mozilla.org
Creating Application [bugherder] ... OK
  Adding Environment Variable [BUILDPACK_URL=git://github.com/edmorley/staticfile-buildpack.git]
  Adding Environment Variable [FORCE_HTTPS=true]
Updating environment: OK
Uploading Application [bugherder] ...
  Checking for bad links:  OK
  Copying to temp space:  OK
  Checking for available resources:  OK
  Packing application: OK
  Uploading (1K):  OK
Push Status: OK
stackato.stager: Staging application 'bugherder'
staging:
staging: -----> git clone --depth 1 https://github.com/mozilla/bugherder.git src
staging:        Cloning into 'src'...
staging: -----> Stackato receiving staging request
staging: -----> Static file app detected
staging: -----> Root folder src
staging: -----> Copying project files into public/
staging: -----> Setting up nginx
staging: -----> Discovering process types
staging:        Procfile declares types -> web
staging: -----> rm -rf public/.git
staging: -----> echo "Cron not yet run on this instance!" > public/deploy.txt
staging: end of staging
stackato.stager: Completed staging application 'bugherder'
http://bugherder.paas.mozilla.org/ deployed

[~/src/bugherder]$ stackato logs
2015-07-14T00:17:03+0100 stackato.stager: Staging application 'bugherder'
2015-07-14T00:17:04+0100 staging:
2015-07-14T00:17:04+0100 staging: -----> git clone --depth 1 https://github.com/mozilla/bugherder.git src
2015-07-14T00:17:04+0100 staging:        Cloning into 'src'...
2015-07-14T00:17:06+0100 staging: -----> Stackato receiving staging request
2015-07-14T00:17:11+0100 staging: -----> Static file app detected
2015-07-14T00:17:11+0100 staging: -----> Root folder src
2015-07-14T00:17:11+0100 staging: -----> Copying project files into public/
2015-07-14T00:17:11+0100 staging: -----> Setting up nginx
2015-07-14T00:17:11+0100 staging: -----> Discovering process types
2015-07-14T00:17:11+0100 staging:        Procfile declares types -> web
2015-07-14T00:17:11+0100 staging: -----> rm -rf public/.git
2015-07-14T00:17:11+0100 staging: -----> echo "Cron not yet run on this instance!" > public/deploy.txt
2015-07-14T00:17:11+0100 staging: end of staging
2015-07-14T00:17:14+0100 stackato.stager: Completed staging application 'bugherder'
2015-07-14T00:17:15+0100 stackato.dea.0: Starting application 'bugherder' on DEA 6415be
2015-07-14T00:17:16+0100 app.0: crontab /app/crontab
2015-07-14T00:17:16+0100 app.0: ==> /app/app/nginx/logs/access.log <==
2015-07-14T00:17:16+0100 app.0:
2015-07-14T00:17:16+0100 app.0: ==> /app/app/nginx/logs/error.log <==
2015-07-14T00:17:16+0100 stackato.dea.0: Application 'bugherder' is now running on DEA 6415be

[~/src/bugherder]$ curl http://bugherder.paas.mozilla.org/
curl: (6) Couldn't resolve host 'bugherder.paas.mozilla.org'

Any ideas?
I can see the app listed here fwiw:
https://api.paas.mozilla.org/console/groups/bugherder/

Updated

3 years ago
Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/1411]

Comment 2

3 years ago
Quick stupid question: was bugherder.paas.mozilla.org working before today?

My understanding was that DNS entries had to be specifically added for hosts on the production PaaS to help make sure that apps there have been security-reviewed.  It doesn't look like there's a DNS entry for bugherder.paas.mozilla.org and I can't seem to find a sec-review bug for the app.
This is the first time I've tried to deploy it.

In which case that explains what I'm seeing. It's just somewhat unfortunate this wasn't documented on https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=30081453 since I could have saved a bit of time trying different things/trying to debug our Stackato manifest. It's also slightly surprising, since the docs make an explicit point that Paas apps are on an isolated VLAN and so can't have any flows to internal services - so the security review requirement is a bit strange, seeing as it only applies to mozilla.o and not allizom.o. 

Who should I speak to about setting the DNS up?

Bugherder is just a static files app that doesn't store any data itself.

Comment 4

3 years ago
I can morph this bug into being a DNS request bug or start a new bug (whichever is your preference).

The security review requirement for mozilla.org isn't strange as I believe that is one of the criteria that opens up sites for the bug bounty.   You can file a sec-review bug in mozilla.org::Operations Security (OpSec): Review

Poking about at the bugherder repo, it looks like we'll also need an SSL certificate (since the app requests Bugzilla credentials).  Pending sec-review results, I can handle getting the cert as well.
(In reply to C. Liang [:cyliang] from comment #4)
> Poking about at the bugherder repo, it looks like we'll also need an SSL
> certificate (since the app requests Bugzilla credentials).  Pending
> sec-review results, I can handle getting the cert as well.

Yep, that's the next step mentioned in bug 1145836#c20.
Filed bug 1185320 for the sec review.
Are we good to add a DNS entry here? or?
I think given the comments towards the end of bug 1185320, perhaps we should wait until the final hosting solution is chosen?

Either way, I'll mark this invalid, since as filed that's the resolution (we can open a new bug later for DNS). There is a documentation issue though which led to the filing of this bug, but I've added a note for that to bug 1183414.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.