[pto] pto-dev.allizom.org to set secure environment variable

RESOLVED INVALID

Status

Infrastructure & Operations
WebOps: Other
RESOLVED INVALID
6 years ago
5 years ago

People

(Reporter: peterbe, Assigned: phrawzty)

Tracking

Details

(Reporter)

Description

6 years ago
The pto-dev.allizom.org doesn't know it's running on HTTPS. Django needs to know this so it can manufacture URLs. Eg. the calendar (pto-calendar.ics) link at the bottom of the home page doesn't work because it starts with http and not https.

Django picks up that the client is using HTTPS but looking for the 'HTTPS' environment variable. 

I don't know the exact preferred syntax but for Sheriffs I think we're using this::

 SetEnvIf SSLSessionID .+ HTTPS=on

Comment 1

6 years ago
As it happens, we're actually in a bit of a weird state with this cluster right now. It's in the process of transitioning into the Hyper-Critical-Infrastructure (HCI) network. The net effect is that puppet is kinda broken for these nodes right now.

Note that the same migration gets you much better dev/stage nodes as well. :)

We're hoping to have the new cluster up by Wednesday of next week. Is that soon enough for this? If not we can come up with a workaround.
(Reporter)

Comment 2

6 years ago
(In reply to Jake Maul [:jakem] from comment #1)
> As it happens, we're actually in a bit of a weird state with this cluster
> right now. It's in the process of transitioning into the
> Hyper-Critical-Infrastructure (HCI) network. The net effect is that puppet
> is kinda broken for these nodes right now.
> 
> Note that the same migration gets you much better dev/stage nodes as well. :)
> 
> We're hoping to have the new cluster up by Wednesday of next week. Is that
> soon enough for this? If not we can come up with a workaround.

By Wednesday is fine. There are lots of other things to test first.

Comment 3

6 years ago
I've got the new cluster mostly up. I'm still waiting on one network flow and I need a set of memcached servers, which I forgot to plan for, but I hope to get both of these tomorrow, and then just need to migrate the data from the old cluster to the new, which should just take a few minutes. Sorry for the delay on this.

Updated

6 years ago
Depends on: 749439
re: intranetadm.seamicro.phx1.mozilla.com
Assignee: server-ops → dmaher
(Assignee)

Comment 5

6 years ago
I just spoke with :jabba on IRC, and the upshot is that the PTO application should be moved in its entirety (dev/stage/prod) to the "Generic" cluster. Therefore I'm not entirely sure how relevant this particular bug currently is - is there still an actionable item regarding the configuration of a secure environment variable, or are we on to other subjects entirely?

Some feedback would be extraordinarily helpful. :)
(Reporter)

Comment 6

6 years ago
(In reply to Daniel Maher [:phrawzty] from comment #5)
> I just spoke with :jabba on IRC, and the upshot is that the PTO application
> should be moved in its entirety (dev/stage/prod) to the "Generic" cluster.
> Therefore I'm not entirely sure how relevant this particular bug currently
> is - is there still an actionable item regarding the configuration of a
> secure environment variable, or are we on to other subjects entirely?
> 
> Some feedback would be extraordinarily helpful. :)

"feedback would be extraordinarily helpful." hehe!

I'm actually talking to :cturra about the set up of the app on the new generic cluster. I'll bring it up with him. Perhaps I can just tell him over a chat instead of having to file a bug.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → INVALID
added this to the pto-dev apache config on generic cluster.

$ svn diff
Index: pto-dev.allizom.org.conf
===================================================================
--- pto-dev.allizom.org.conf	(revision 41143)
+++ pto-dev.allizom.org.conf	(working copy)
@@ -19,6 +19,8 @@
         Require valid-user
     </Location>
 
+    SetEnvIf SSLSessionID .+ HTTPS=on
+
     WSGIDaemonProcess pto-app processes=8 threads=1 maximum-requests=200 display-name=pto-app
     WSGIProcessGroup pto-app
     WSGIScriptAlias / /data/www/pto-dev.allizom.org/pto/wsgi/playdoh.wsgi process-group=pto-app application-group=pto-app

$ svn ci -m "added setenvif for pto-dev. bug 747116."
Sending        domains/pto-dev.allizom.org.conf
Transmitting file data .
Committed revision 41144.
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.