Uploaded image for project: 'Data Management'
  1. Data Management
  2. DM-11373

redirect sw.lsstcorp.org -> eups.lsst.codes

    Details

      Description

      So as to not 'orphan' pre-existing newinstall.sh installs that have an EUPS_PKGROOT pointed at sw.lsstcorp.org, an http redirect should be put in place to the new URL.

      Iain Goodenow has agreed to change the sw.lsstcorp.org CNAME when we are ready. Bill Glick has provided a copies of the tls private key/cert.

        Attachments

          Issue Links

            Activity

            Hide
            jhoblitt Joshua Hoblitt added a comment - - edited

            Jira doesn't seem to have picked up the GH PR for the deployment. https://github.com/lsst-sqre/deploy-eups-redirect/pull/1

            Show
            jhoblitt Joshua Hoblitt added a comment - - edited Jira doesn't seem to have picked up the GH PR for the deployment. https://github.com/lsst-sqre/deploy-eups-redirect/pull/1
            Hide
            jhoblitt Joshua Hoblitt added a comment -

            Could one of (Adam Thornton, Jonathan Sick, Angelo Fausti) give this a quick review? I don't think there is much of interest other than the way puppet is used in the docker image build.

            Show
            jhoblitt Joshua Hoblitt added a comment - Could one of ( Adam Thornton , Jonathan Sick , Angelo Fausti ) give this a quick review? I don't think there is much of interest other than the way puppet is used in the docker image build.
            Hide
            jhoblitt Joshua Hoblitt added a comment -

            The site is live as https://eups-redirect.lsst.codes/ but that will give you a cert error as the CN is for sw.lsstcorp.org.

            Show
            jhoblitt Joshua Hoblitt added a comment - The site is live as https://eups-redirect.lsst.codes/ but that will give you a cert error as the CN is for sw.lsstcorp.org .
            Hide
            jhoblitt Joshua Hoblitt added a comment -

            I discovered yesterday that all release of packer, up to and including 1.0.3, are broken with current docker releases (at least 1.12.6 & 1.13.1). After wasting a lot of time wrestling with this, I "resorted" to installing/uninstall puppet within a single docker layer in order to be able to use puppet to configure nginx while keeping the layer size down.

            Show
            jhoblitt Joshua Hoblitt added a comment - I discovered yesterday that all release of packer, up to and including 1.0.3 , are broken with current docker releases (at least 1.12.6 & 1.13.1 ). After wasting a lot of time wrestling with this, I "resorted" to installing/uninstall puppet within a single docker layer in order to be able to use puppet to configure nginx while keeping the layer size down.
            Hide
            jhoblitt Joshua Hoblitt added a comment -

            IainAdmin GoodenowAdmin has changed the sw.lsstcorp.org CNAME to point to eups-redirect.lsst.codes:

            $ curl -I https://sw.lsstcorp.org/eupspkg/
            HTTP/1.1 302 Moved Temporarily
            Server: nginx/1.9.8
            Date: Tue, 25 Jul 2017 23:45:24 GMT
            Content-Type: text/html
            Content-Length: 161
            Connection: keep-alive
            Location: https://eups.lsst.codes/stack/src/
            Strict-Transport-Security: max-age=15638400
            X-Frame-Options: DENY
            X-Content-Type-Options: nosniff
            
            

            Show
            jhoblitt Joshua Hoblitt added a comment - IainAdmin GoodenowAdmin has changed the sw.lsstcorp.org CNAME to point to eups-redirect.lsst.codes : $ curl -I https: //sw.lsstcorp.org/eupspkg/ HTTP/ 1.1 302 Moved Temporarily Server: nginx/ 1.9 . 8 Date: Tue, 25 Jul 2017 23 : 45 : 24 GMT Content-Type: text/html Content-Length: 161 Connection: keep-alive Location: https: //eups.lsst.codes/stack/src/ Strict-Transport-Security: max-age= 15638400 X-Frame-Options: DENY X-Content-Type-Options: nosniff
            Hide
            jhoblitt Joshua Hoblitt added a comment -

            HTTP (non-TLS) sanity check:

            $ curl -LI http://sw.lsstcorp.org/eupspkg/
            HTTP/1.1 301 Moved Permanently
            Server: nginx/1.9.8
            Date: Tue, 25 Jul 2017 23:48:36 GMT
            Content-Type: text/html
            Content-Length: 184
            Connection: keep-alive
            Location: https://sw.lsstcorp.org/eupspkg/
             
            HTTP/1.1 302 Moved Temporarily
            Server: nginx/1.9.8
            Date: Tue, 25 Jul 2017 23:48:36 GMT
            Content-Type: text/html
            Content-Length: 161
            Connection: keep-alive
            Location: https://eups.lsst.codes/stack/src/
            Strict-Transport-Security: max-age=15638400
            X-Frame-Options: DENY
            X-Content-Type-Options: nosniff
             
            HTTP/1.1 200 OK
            Server: nginx/1.9.8
            Date: Tue, 25 Jul 2017 23:48:37 GMT
            Content-Type: text/html;charset=UTF-8
            Connection: keep-alive
            Strict-Transport-Security: max-age=15638400
            X-Frame-Options: DENY
            X-Content-Type-Options: nosniff
            
            

            Show
            jhoblitt Joshua Hoblitt added a comment - HTTP (non-TLS) sanity check: $ curl -LI http: //sw.lsstcorp.org/eupspkg/ HTTP/ 1.1 301 Moved Permanently Server: nginx/ 1.9 . 8 Date: Tue, 25 Jul 2017 23 : 48 : 36 GMT Content-Type: text/html Content-Length: 184 Connection: keep-alive Location: https: //sw.lsstcorp.org/eupspkg/   HTTP/ 1.1 302 Moved Temporarily Server: nginx/ 1.9 . 8 Date: Tue, 25 Jul 2017 23 : 48 : 36 GMT Content-Type: text/html Content-Length: 161 Connection: keep-alive Location: https: //eups.lsst.codes/stack/src/ Strict-Transport-Security: max-age= 15638400 X-Frame-Options: DENY X-Content-Type-Options: nosniff   HTTP/ 1.1 200 OK Server: nginx/ 1.9 . 8 Date: Tue, 25 Jul 2017 23 : 48 : 37 GMT Content-Type: text/html;charset=UTF- 8 Connection: keep-alive Strict-Transport-Security: max-age= 15638400 X-Frame-Options: DENY X-Content-Type-Options: nosniff
            Hide
            jhoblitt Joshua Hoblitt added a comment -
            Show
            jhoblitt Joshua Hoblitt added a comment - ping Adam Thornton , Jonathan Sick , Angelo Fausti
            Hide
            jsick Jonathan Sick added a comment -

            Looks good. I left a few comments on the PR.

            Show
            jsick Jonathan Sick added a comment - Looks good. I left a few comments on the PR.
            Hide
            jhoblitt Joshua Hoblitt added a comment -

            Adam Thornton I would like to add the sensu-plugins-http gem to the status host in order to use a check plugin that supports testing http redirects. Eg.

            [root@1c20c333e9ed /]# check-http.rb -h sw.lsstcorp.org -u https://sw.lsstcorp.org/eupspkg/ --redirect-to https://eups.lsst.codes/stack/src/
            CheckHttp OK: 302 found redirect to https://eups.lsst.codes/stack/src/
            

            Do you have any objection(s)?

            Show
            jhoblitt Joshua Hoblitt added a comment - Adam Thornton I would like to add the sensu-plugins-http gem to the status host in order to use a check plugin that supports testing http redirects. Eg. [root @1c20c333e9ed /]# check-http.rb -h sw.lsstcorp.org -u https: //sw.lsstcorp.org/eupspkg/ --redirect-to https://eups.lsst.codes/stack/src/ CheckHttp OK: 302 found redirect to https: //eups.lsst.codes/stack/src/ Do you have any objection(s)?
            Hide
            athornton Adam Thornton added a comment -

            What is the advantage of pulling Ruby in versus adding the -f follow option to the existing check_http check?

            https://www.monitoring-plugins.org/doc/man/check_http.html

            Show
            athornton Adam Thornton added a comment - What is the advantage of pulling Ruby in versus adding the -f follow option to the existing check_http check? https://www.monitoring-plugins.org/doc/man/check_http.html
            Hide
            jhoblitt Joshua Hoblitt added a comment -

            The `-f` flag only states checks that there is a redirect, not what url is redirected to.

            Show
            jhoblitt Joshua Hoblitt added a comment - The `-f` flag only states checks that there is a redirect, not what url is redirected to.
            Hide
            jhoblitt Joshua Hoblitt added a comment -

            The motivation here is that the redirect url already got broken once by accident.

            Show
            jhoblitt Joshua Hoblitt added a comment - The motivation here is that the redirect url already got broken once by accident.
            Hide
            athornton Adam Thornton added a comment -

            I guess that's a good reason to do this. Please document what the package requirements are for Ruby although since creation of status is not in fact automated it's less of a priority than it would be if the thing were properly put together in the first place.

            This would be a good example of the prototype sticking around, I guess.

            Show
            athornton Adam Thornton added a comment - I guess that's a good reason to do this. Please document what the package requirements are for Ruby although since creation of status is not in fact automated it's less of a priority than it would be if the thing were properly put together in the first place. This would be a good example of the prototype sticking around, I guess.
            Hide
            jhoblitt Joshua Hoblitt added a comment -

            Adam Thornton The gem turned out to be a bit of a pita on el7 due to the old system ruby but I think I've come up with a reasonable solution by using an SCL. I've opened a PR that adds cut'n'pastable install instructions for sensu-plugins-http, checks for sw.lsstcorp.org, and additional checks for eups.lsst.codes. Needless to say, the nagios configs are untested as there is no automated deployment to test with.

            Show
            jhoblitt Joshua Hoblitt added a comment - Adam Thornton The gem turned out to be a bit of a pita on el7 due to the old system ruby but I think I've come up with a reasonable solution by using an SCL. I've opened a PR that adds cut'n'pastable install instructions for sensu-plugins-http , checks for sw.lsstcorp.org, and additional checks for eups.lsst.codes. Needless to say, the nagios configs are untested as there is no automated deployment to test with.

              People

              • Assignee:
                jhoblitt Joshua Hoblitt
                Reporter:
                jhoblitt Joshua Hoblitt
                Reviewers:
                Adam Thornton
                Watchers:
                Adam Thornton, Angelo Fausti, Bill Glick, John Swinbank, Jonathan Sick, Joshua Hoblitt, Kian-Tat Lim, Tim Jenness
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Summary Panel