Closed
Bug 795441
Opened 12 years ago
Closed 12 years ago
Links to firefox-stubinstaller in the admin UI of Bouncer should start with https://
Categories
(Release Engineering :: General, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: melissa, Assigned: catlee)
References
Details
This is an action item from the stub installer meeting.
|
Assignee | |
Comment 1•12 years ago
|
||
Not sure how we can do this since the locations in bouncer have no schema, e.g.
firefox-latest currently has /firefox/releases/15.0.1/win32/:lang/Firefox%20Setup%2015.0.1.exe as the location.
|
||
Comment 2•12 years ago
|
||
To clarify:
The stub installer itself (not firefox-latest, which is what the stub installer downloads and verifies on its own) needs to be over SSL.
The trick here will be to make sure the stub installer product (yet to be created) is available only on an SSL mirror. That means spinning up such a mirror, and then making sure the stub installer *cannot* be reached by the existing non-SSL mirror.
Summary: Links to firefox-latest in the admin UI of Bouncer should start with https:// → Links to firefox-stubinstaller in the admin UI of Bouncer should start with https://
|
||
Comment 3•12 years ago
|
||
Sounds like in Bounceradmin we need to add new mirrors starting with https:// and use only these mirrors for stub installer products. This may require changes in bouncer afaik. CCing fwenzel, he may know more.
|
|
||
Comment 4•12 years ago
|
||
We won't need to change bouncer to do that necessarily... we just need to make the relevant files available only on the right mirrors.
So an SSL mirror could have all the files, and a non-SSL mirror can have everything except stub installer. Then Sentry will take care of making sure bouncer sends people to the right mirrors.
Having said that, it would be seriously awesome if Bouncer had a simple flag on each product indicating if it has to be delivered over SSL or non-SSL (or if either is allowed), and that this flag would automatically dis-allow the wrong 'types' of mirrors from ever being used for that product.
We can get by without that, but that would be seriously awesome.
|
|
||
Comment 5•12 years ago
|
||
(In reply to Jake Maul [:jakem] from comment #4)
> We won't need to change bouncer to do that necessarily... we just need to
> make the relevant files available only on the right mirrors.
>
> So an SSL mirror could have all the files, and a non-SSL mirror can have
> everything except stub installer. Then Sentry will take care of making sure
> bouncer sends people to the right mirrors.
Does this mean that we would need a separate rsyncd excludes file to allow rsync from SSL enabled mirrors only? Otherwise sentry may find stub installer files on non-SSL mirrors and put them into the pool.
|
|
||
Comment 6•12 years ago
|
||
Maybe, but that's not particularly relevant anymore IMO... we're not sending any significant traffic to community mirrors that use rsync, and by the time we launch to prod I'm hoping for that number to be not just minimal but "zero". Instead all the traffic is going to Mozilla-controlled CDN accounts.
We'll set up a separate SSL CDN property which uses a different origin. The non-SSL origin will get some Apache logic to disallow access to the stub installers, whereas the SSL one will have complete access.
|
||
Comment 7•12 years ago
|
||
Easy enough to add an exclude for the stub to the rsync modules until we get to the point of disabling rsync access. That's blocked on AMO moving to CDN (sorta bug 626564), but we can drop the product delivery earlier if we teach sentry to not disable the CDN when it has transient issues. Jake has been working on improving sentry to debug that.
|
||
Comment 8•12 years ago
|
||
(In reply to Jake Maul [:jakem] from comment #4)
> We won't need to change bouncer to do that necessarily... we just need to
> make the relevant files available only on the right mirrors.
>
> So an SSL mirror could have all the files, and a non-SSL mirror can have
> everything except stub installer. Then Sentry will take care of making sure
> bouncer sends people to the right mirrors.
>
>
> Having said that, it would be seriously awesome if Bouncer had a simple flag
> on each product indicating if it has to be delivered over SSL or non-SSL (or
> if either is allowed), and that this flag would automatically dis-allow the
> wrong 'types' of mirrors from ever being used for that product.
>
> We can get by without that, but that would be seriously awesome.
Let's get a separate bug on file for that; but we should aim to work around it for now. (ccing Brandon)
|
||
Comment 9•12 years ago
|
||
(In reply to Jake Maul [:jakem] from comment #6)
> Maybe, but that's not particularly relevant anymore IMO... we're not sending
> any significant traffic to community mirrors that use rsync, and by the time
> we launch to prod I'm hoping for that number to be not just minimal but
> "zero". Instead all the traffic is going to Mozilla-controlled CDN accounts.
Recall that we're explicitly staying with community mirrors for Thunderbird/SeaMonkey. Its unclear if those products expect to use same stubinstaller code in later releases. If we're planning to do anything here that *breaks* using community mirrors, we should check with the TB/SM teams.
|
|
||
Comment 10•12 years ago
|
||
This bug is itself a tracker bug (of sorts) for 2 others... one to make an SSL CDN "mirror" in bouncer, and one to update bouncer to support an "SSL-only" flag on a product that will exclude non-SSL mirrors from delivery consideration.
|
|
||
Comment 11•12 years ago
|
||
... not to mention actually having a "firefox-stubinstaller" product in bouncer in the first place! Adding that dependency as well.
Depends on: 796180
|
|
Assignee | |
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
||
Updated•12 years ago
|
Product: mozilla.org → Release Engineering
You need to log in
before you can comment on or make changes to this bug.
Description
•