bking closed this task as "Resolved".
bking moved this task from Incoming to Needs review on the Discovery-Search
(Current work) board.
bking claimed this task.
bking added a comment.
Upon further review, it looks like beta cluster changed how it handles TLS
certificates. Nginx TLS config on
`deployment-elastic09.deployment-prep.eqiad1.wikimedia.cloud`:
ssl_certificate
/etc/cfssl/ssl/discovery__deployment-elastic09_deployment-prep_eqiad1_wikimedia_cloud/discovery__deployment-elastic09_deployment-prep_eqiad1_wikimedia_cloud.chained.pem;
ssl_certificate_key
/etc/cfssl/ssl/discovery__deployment-elastic09_deployment-prep_eqiad1_wikimedia_cloud/discovery__deployment-elastic09_deployment-prep_eqiad1_wikimedia_cloud-key.pem;
Contrast with production elastic host:
ssl_certificate /etc/ssl/localcerts/search.discovery.wmnet.chained.crt;
ssl_certificate_key /etc/ssl/private/search.discovery.wmnet.key;
It looks like whenever this changed on the beta hosts, nginx was not
reloaded. I reloaded nginx on all 3 instances and it appears that nginx is
serving a validate certificate now.
before reload:
bking@deployment-mwmaint02:~$ curl
https://deployment-elastic10.deployment-prep.eqiad1.wikimedia.cloud:9643
curl: (60) SSL certificate problem: certificate has expired
after reload:
bking@deployment-mwmaint02:~$ curl
https://deployment-elastic10.deployment-prep.eqiad1.wikimedia.cloud:9643
{
"name" : "deployment-elastic10-beta-search-psi",
"cluster_name" : "beta-search-psi",
"cluster_uuid" : "3qgHSCOrSZeGVeurqL6fGA",
"version" : {
"number" : "7.10.2",
"build_flavor" : "oss",
"build_type" : "deb",
"build_hash" : "747e1cc71def077253878a59143c1f785afa92b9",
"build_date" : "2021-01-13T00:42:12.435326Z",
"build_snapshot" : false,
"lucene_version" : "8.7.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
Thus, I believe the issue is resolved. Please feel free to reopen this ticket
if you do not agree.
TASK DETAIL
https://phabricator.wikimedia.org/T333952
WORKBOARD
https://phabricator.wikimedia.org/project/board/1227/
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: bking
Cc: MSantos, dcausse, bking, Jgiannelos, Michael, LucasWerkmeister, Aklapper,
Stang, Ericliu1912, Xqt, pywikibot-bugs-list, gonzalez.actor, PotsdamLamb,
MPhamWMF, Jyoo1011, Wilmanbeno, JohnsonLee01, SHEKH, Dijkstra, CBogen, Khutuck,
Zkhalido, CptViraj, Viztor, DannyS712, Wenyi, Bsandipan, EBjune, Tbscho, MayS,
Framawiki, Mdupont, JJMC89, Dvorapa, Altostratus, TheresNoTime, binbot,
Avicennasis, mys_721tx, jayvdb, Masti, Alchimista, Jay8g, Krenair, jeremyb
_______________________________________________
pywikibot-bugs mailing list -- pywikibot-bugs@lists.wikimedia.org
To unsubscribe send an email to pywikibot-bugs-le...@lists.wikimedia.org
