Closed Bug 911309 Opened 11 years ago Closed 11 years ago

Set up SSL endpoint + load balancer for incoming.telemetry.mozilla.org

Categories

(Infrastructure & Operations Graveyard :: WebOps: Other, task)

Product:
Infrastructure & Operations Graveyard
Component:
WebOps: Other
Platform:
x86_64
Linux
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: mreid, Assigned: bburton)

References

Details

Telemetry submissions currently go to data.mozilla.com. This is the same name used by Firefox Health Report and Test Pilot (and others).

We want to change Telemetry to use a new name since it will be served by a new backend system.

The preferred name is telemetry.mozilla.org.  This url should accept HTTPS connections, then relay them to server(s) hosted in AWS as plain HTTP connections, similar to how requests are currently relayed from data.mozilla.com to the Bagheera servers.

Please let me know if I should file separate bugs for the name / ssl cert / load balancer.
Blocks: 911300
Assignee: server-ops → server-ops-webops
Component: Server Operations → Server Operations: Web Operations
QA Contact: shyam → nmaul
We should set this up right away. For now telemetry.mozilla.org should point at data.mozilla.org
(In reply to Mark Reid [:mreid] from comment #0)
> Telemetry submissions currently go to data.mozilla.com. This is the same
> name used by Firefox Health Report and Test Pilot (and others).
> 
> We want to change Telemetry to use a new name since it will be served by a
> new backend system.
> 
> The preferred name is telemetry.mozilla.org.  This url should accept HTTPS
> connections, then relay them to server(s) hosted in AWS as plain HTTP
> connections, similar to how requests are currently relayed from
> data.mozilla.com to the Bagheera servers.
> 
> Please let me know if I should file separate bugs for the name / ssl cert /
> load balancer.

Can you provide some additional details on what "then relay them to server(s) hosted in AWS as plain HTTP connections" entails? 

Are these AWS servers reachable via VPN from a Mozilla data center?
Assignee: server-ops-webops → bburton
Discussion in IRC, #telemetry.

Background: The existing cluster (served by data.mozilla.com) needs to be broken out into multiple things. The Telemetry piece is actually moving to AWS, not a new cluster in SCL3.


Here's what we're going to do:

1) Set up a new temporary VIP (traffic IP + vserver, port 443) and DNS record "incoming.telemetry.mozilla.org", in SCL3.

2) Purchase and install an SSL cert for said domain name.

3) Pool should be same as data.mozilla.com.

4) On or around Oct 1, mmayo's team will take over management of this service... we will provide them with the SSL cert and key, and change DNS to point to a name or IP of their choosing.

5) Delete this temp vserver, reclaim the IP, remove the SSL cert from Zeus. (aka: clean up)
Blocks: 915796
(In reply to Brandon Burton [:solarce] from comment #2)
> Can you provide some additional details on what "then relay them to
> server(s) hosted in AWS as plain HTTP connections" entails? 
> 
> Are these AWS servers reachable via VPN from a Mozilla data center?

This will be handled separately per item #4 in comment #3.
Summary: Set up SSL endpoint + load balancer for telemetry.mozilla.org → Set up SSL endpoint + load balancer for incoming.telemetry.mozilla.org
* DNS created
* Load Balancing work underway (:solarce)
* SSL certificate order underway (:cturra)
i now have the signed ssl certificate and have uploaded it to the zlb cluster for :solarce to configure with his load balancer work o/


-----BEGIN CERTIFICATE-----
MIIHhjCCBm6gAwIBAgIQCw81nNP2xmBGt3NMrO8uADANBgkqhkiG9w0BAQUFADBp
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSgwJgYDVQQDEx9EaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBDQS0xMB4XDTEzMDkxMjAwMDAwMFoXDTE1MDkxNzEyMDAwMFowggEEMR0w
GwYDVQQPDBRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJV
UzEbMBkGCysGAQQBgjc8AgECEwpDYWxpZm9ybmlhMREwDwYDVQQFEwhDMjc1OTIw
ODEeMBwGA1UECRMVNjUwIENhc3RybyBTdCBTdGUgMzAwMQ4wDAYDVQQREwU5NDA0
MTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBW
aWV3MRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMR4wHAYDVQQDExV0ZWxl
bWV0cnkubW96aWxsYS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDdNfMY39abFwkHEgeey8TTbhk4KQkKNCrahALQ+2S+6RnJtDLV5HwvMQp8BJpO
BmW9IbB9+NWpV743VTpTpDKHeibP8miM3CtvOZYnmFIIZgljxWj8l36+UobAg/J6
oUKKBESa8yJu/csx4SuwgxlPoeIvELe0VrCosqt4F95ndG0m9tgykBJC/DeoO9+p
6jLvGihnVox8T/ZL8MDds0a3UAujSnI+XB2MfSDHmomL+ycec/E9wzT3QPXFfdIl
5lfjpx5obi3j5ZuAvO7nPhbxAec8drG0ujCpK48TlereUT4DEw8BRIzVUkdHzCov
f6bM6ObXKwFT1sNTY0ey9XXJAgMBAAGjggOLMIIDhzAfBgNVHSMEGDAWgBRMWMsl
8EFPUvQoyIFDm6aooOaS5TAdBgNVHQ4EFgQUwIE/6bvPHxu/cklCfKVkR35Edbow
XAYDVR0RBFUwU4IVdGVsZW1ldHJ5Lm1vemlsbGEub3Jngh5pbmNvbWluZy50ZWxl
bWV0cnkubW96aWxsYS5vcmeCGnRlbGVtZXRyeS1kYXNoLm1vemlsbGEub3JnMA4G
A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYwYD
VR0fBFwwWjAroCmgJ4YlaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL2V2Y2ExLWcz
LmNybDAroCmgJ4YlaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL2V2Y2ExLWczLmNy
bDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAIBMIIBpDA6BggrBgEFBQcC
ARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1yZXBvc2l0b3J5Lmh0
bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMAZQAgAG8AZgAgAHQA
aABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8AbgBzAHQAaQB0AHUA
dABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAAdABoAGUAIABEAGkA
ZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAAdABoAGUAIABSAGUA
bAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0AZQBuAHQAIAB3AGgA
aQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQAeQAgAGEAbgBkACAA
YQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgAZQByAGUAaQBuACAA
YgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjB9BggrBgEFBQcBAQRxMG8wJAYIKwYB
BQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBHBggrBgEFBQcwAoY7aHR0
cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVW
Q0EtMS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQUFAAOCAQEA62E1RQ4z
m+f50fn/ZxJzFiCyg4Fp7sN+Cy2KhiWsn/BvYZBpQQi8bx2+S52AuuAmG/DqpfHH
/tqC5yMVj81sdVQccx414NV55+otC3s23Z/HAjzvz6fxdPx5zhes08U5m06PhYLr
JXomtE77p64qf6RBmdmyuYs5o7JRs9Gkzff+ajfpgbHNCaH6nhFml1Yjh3u6RRAm
TsyPrF5+ibhV1ixjaYmshvOoZWMkx6jCsScWzXh7MDWOyZ90KhPM/FjstagEsjsZ
GdBMcRruQpe86kOtSDRSPltzPWGd1loA/9T6zKeRQcVBvqd3dIaZu6kNkPmDAj5b
7FROtuH9Rr82CQ==
-----END CERTIFICATE-----
DNS has propogated and load balancer configs are done.

https://incoming.telemetry.mozilla.org/ lives!
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
See Also: → 921167
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.