All users were logged out of Bugzilla on October 13th, 2018

Please switch treeherder.mozilla.org to the SNI based Heroku SSL

RESOLVED FIXED

Status

RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: emorley, Assigned: ericz)

Tracking

Details

(Reporter)

Description

2 years ago
Stage was switched in bug 1320303. Everything is looking good so we can now do the same for production.

Please could someone:
1) Install/update the Heroku CLI & log in as an admin of the mozilla org (I can give access if needed)
2) Re-upload the treeherder.mozilla.org cert/key (with intermediates included in the cert bundle) to the SNI ELB using:
  $ `heroku certs:add example.crt example.key -app treeherder-prod --type sni`
3) Run `heroku domains -a treeherder-prod` to find out the new DNS CNAME target (it should be something like `treeherder.mozilla.org.herokudns.com`)
4) Update the treeherder.mozilla.org CNAME to point to the `<...>.herokudns.com` target instead of the existing `tokyo-43605.herokussl.com` one.

Once 24 hours have passed allowing the DNS to propagate, I'll remove the legacy non-SNI addon.

Many thanks :-)

Updated

2 years ago
Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/3920]
(Reporter)

Comment 1

2 years ago
Would someone be able to take a look at this soon?
(Assignee)

Updated

2 years ago
Assignee: server-ops-webops → eziegenhorn
(Assignee)

Comment 2

2 years ago
Cert uploaded to new SNI endpoint, DNS switched and verified working for me.
(Reporter)

Comment 3

2 years ago
Many thanks!

Enough time has passed for the DNS changes to have propagated - so I've now removed the legacy SSL endpoint addon:

$ heroku addons:destroy ssl -a treeherder-prod
 !    WARNING: Destructive Action
 !    This command will affect the app treeherder-prod
 !    To proceed, type treeherder-prod or re-run this command with --confirm
 !    treeherder-prod

treeherder-prod
Destroying th-prod-ssl on treeherder-prod... done
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED

Updated

2 years ago
Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/3920] → [kanban:https://webops.kanbanize.com/ctrl_board/2/4052]

Updated

2 years ago
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
(Reporter)

Comment 4

2 years ago
Not sure why Kanban reopened this?
Status: REOPENED → RESOLVED
Last Resolved: 2 years ago2 years ago
Resolution: --- → FIXED
It's a bug. Two-way syncing with years-old code and no test suite is adventurous. We'll be mass re-closing them.

Updated

2 years ago
Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/4052] → [kanban:https://webops.kanbanize.com/ctrl_board/2/4124]

Updated

2 years ago
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
(Reporter)

Updated

2 years ago
Status: REOPENED → RESOLVED
Last Resolved: 2 years ago2 years ago
Resolution: --- → FIXED
Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/4124]
You need to log in before you can comment on or make changes to this bug.