Closed Bug 747116 Opened 13 years ago Closed 13 years ago

[pto] pto-dev.allizom.org to set secure environment variable

Categories

(Infrastructure & Operations Graveyard :: WebOps: Other, task)

Product:
Infrastructure & Operations Graveyard
Component:
WebOps: Other
Platform:
x86
macOS
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: peterbe, Assigned: dmaher)

Details

The pto-dev.allizom.org doesn't know it's running on HTTPS. Django needs to know this so it can manufacture URLs. Eg. the calendar (pto-calendar.ics) link at the bottom of the home page doesn't work because it starts with http and not https. Django picks up that the client is using HTTPS but looking for the 'HTTPS' environment variable. I don't know the exact preferred syntax but for Sheriffs I think we're using this:: SetEnvIf SSLSessionID .+ HTTPS=on
As it happens, we're actually in a bit of a weird state with this cluster right now. It's in the process of transitioning into the Hyper-Critical-Infrastructure (HCI) network. The net effect is that puppet is kinda broken for these nodes right now. Note that the same migration gets you much better dev/stage nodes as well. :) We're hoping to have the new cluster up by Wednesday of next week. Is that soon enough for this? If not we can come up with a workaround.
(In reply to Jake Maul [:jakem] from comment #1) > As it happens, we're actually in a bit of a weird state with this cluster > right now. It's in the process of transitioning into the > Hyper-Critical-Infrastructure (HCI) network. The net effect is that puppet > is kinda broken for these nodes right now. > > Note that the same migration gets you much better dev/stage nodes as well. :) > > We're hoping to have the new cluster up by Wednesday of next week. Is that > soon enough for this? If not we can come up with a workaround. By Wednesday is fine. There are lots of other things to test first.
I've got the new cluster mostly up. I'm still waiting on one network flow and I need a set of memcached servers, which I forgot to plan for, but I hope to get both of these tomorrow, and then just need to migrate the data from the old cluster to the new, which should just take a few minutes. Sorry for the delay on this.
re: intranetadm.seamicro.phx1.mozilla.com
Assignee: server-ops → dmaher
I just spoke with :jabba on IRC, and the upshot is that the PTO application should be moved in its entirety (dev/stage/prod) to the "Generic" cluster. Therefore I'm not entirely sure how relevant this particular bug currently is - is there still an actionable item regarding the configuration of a secure environment variable, or are we on to other subjects entirely? Some feedback would be extraordinarily helpful. :)
(In reply to Daniel Maher [:phrawzty] from comment #5) > I just spoke with :jabba on IRC, and the upshot is that the PTO application > should be moved in its entirety (dev/stage/prod) to the "Generic" cluster. > Therefore I'm not entirely sure how relevant this particular bug currently > is - is there still an actionable item regarding the configuration of a > secure environment variable, or are we on to other subjects entirely? > > Some feedback would be extraordinarily helpful. :) "feedback would be extraordinarily helpful." hehe! I'm actually talking to :cturra about the set up of the app on the new generic cluster. I'll bring it up with him. Perhaps I can just tell him over a chat instead of having to file a bug.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
added this to the pto-dev apache config on generic cluster. $ svn diff Index: pto-dev.allizom.org.conf =================================================================== --- pto-dev.allizom.org.conf (revision 41143) +++ pto-dev.allizom.org.conf (working copy) @@ -19,6 +19,8 @@ Require valid-user </Location> + SetEnvIf SSLSessionID .+ HTTPS=on + WSGIDaemonProcess pto-app processes=8 threads=1 maximum-requests=200 display-name=pto-app WSGIProcessGroup pto-app WSGIScriptAlias / /data/www/pto-dev.allizom.org/pto/wsgi/playdoh.wsgi process-group=pto-app application-group=pto-app $ svn ci -m "added setenvif for pto-dev. bug 747116." Sending domains/pto-dev.allizom.org.conf Transmitting file data . Committed revision 41144.
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.