Page MenuHomeMiraheze

SRE AutomationTag
ActivePublic

Members (2)

Watchers

  • This project does not have any watchers.
  • View All

Details

Description

An tag for all tasks concerning automation of SRE tasks that are currently done manually (e.g. SSL, MediaWiki and extension upgrades, etc.)

Recent Activity

May 21 2024

OrangeStar removed a member for SRE Automation: OrangeStar.
May 21 2024, 10:46

May 7 2024

Reception123 renamed T11701: Allow direct download from link in ImportDump from Allow Google Drive/Dropbox links in ImportDump to Allow direct download from link in ImportDump.
May 7 2024, 18:49 · PixDeVl, SRE Automation, Technology-Team (MediaWiki), ImportDump

May 2 2024

PixDeVl added a project to T11698: Introduce "ImportImages" to ImportDump: PixDeVl.
May 2 2024, 03:13 · PixDeVl, SRE Automation, Technology-Team (MediaWiki), ImportDump
PixDeVl moved T11701: Allow direct download from link in ImportDump from Backlog to Features on the ImportDump board.
May 2 2024, 03:13 · PixDeVl, SRE Automation, Technology-Team (MediaWiki), ImportDump
PixDeVl moved T11698: Introduce "ImportImages" to ImportDump from Backlog to Features on the ImportDump board.
May 2 2024, 03:13 · PixDeVl, SRE Automation, Technology-Team (MediaWiki), ImportDump
PixDeVl added a project to T11701: Allow direct download from link in ImportDump: PixDeVl.
May 2 2024, 03:12 · PixDeVl, SRE Automation, Technology-Team (MediaWiki), ImportDump

Mar 26 2024

OrangeStar closed T11851: check_reverse_dns should contact authoritative nameservers for the TLD directly when checking if we're the authoritative nameservers of a domain as Declined.

Using RDAP (preferably) or WHOIS is a better solution for these kinds of issues.

Mar 26 2024, 17:49 · SRE Automation, Monitoring, SSL, Technology-Team (Infrastructure)

Mar 24 2024

Universal_Omega lowered the priority of T11680: Create Miraheze/python-functions github repo & python package from Normal to Low.
Mar 24 2024, 06:20 · Technology-Team (Infrastructure), SRE Automation

Mar 13 2024

Universal_Omega added a comment to T11698: Introduce "ImportImages" to ImportDump.

I think importimages will be introduced to Special:RequestImport directly not a seperate special page, ImportDump is also in the process of being renamed to better accommodate this. Also probably will add a hook or something to support RestoreManageWikiBackups with it also.

Mar 13 2024, 04:02 · PixDeVl, SRE Automation, Technology-Team (MediaWiki), ImportDump

Feb 25 2024

Universal_Omega triaged T11902: Implement auto renewals for some wildcard domains in LetsEncrypt as Normal priority.
Feb 25 2024, 18:34 · SRE Automation, Technology-Team (Infrastructure), SSL, Puppet, DNS

Feb 23 2024

Universal_Omega closed T10304: Fully automate ImportDump after ensuring security as Resolved.

This is now done!

Feb 23 2024, 04:58 · Universal Omega, SRE Automation, Technology-Team (MediaWiki), ImportDump
Universal_Omega moved T10304: Fully automate ImportDump after ensuring security from Unsorted to Goals on the Universal Omega board.
Feb 23 2024, 01:56 · Universal Omega, SRE Automation, Technology-Team (MediaWiki), ImportDump
Universal_Omega added a project to T10304: Fully automate ImportDump after ensuring security : Universal Omega.
Feb 23 2024, 01:56 · Universal Omega, SRE Automation, Technology-Team (MediaWiki), ImportDump

Feb 22 2024

Universal_Omega moved T10304: Fully automate ImportDump after ensuring security from Backlog to Features on the ImportDump board.
Feb 22 2024, 05:16 · Universal Omega, SRE Automation, Technology-Team (MediaWiki), ImportDump
Universal_Omega changed the status of T10304: Fully automate ImportDump after ensuring security from Open to In progress.

https://github.com/miraheze/ImportDump/pull/66

Feb 22 2024, 05:14 · Universal Omega, SRE Automation, Technology-Team (MediaWiki), ImportDump

Feb 16 2024

Reception123 lowered the priority of T11853: Support Translate scripts in mwscript from Normal to Low.

Moving to low as this script has only been used like once in 2023 so it's really not urgent to have at all, plus the old way can be used in the meantime.

Feb 16 2024, 06:28 · SRE Automation, Technology-Team (MediaWiki)

Feb 15 2024

Reception123 lowered the priority of T11768: Misleading messages from icinga rDNS checks regarding unregistered domains from Normal to Low.

Triaging as low as domains that are not pointed aren't usually even removed on sight

Feb 15 2024, 16:29 · SRE Automation, Technology-Team (Infrastructure)

Feb 14 2024

RhinosF1 claimed T11853: Support Translate scripts in mwscript.
Feb 14 2024, 11:23 · SRE Automation, Technology-Team (MediaWiki)
Reception123 added a comment to T7582: Create automated system for managing SSL requests.

I can now confirm that since notifications are fixed (thanks @Universal_Omega !) RequestSSL is operational.
What remains to be done is to add a check on-wiki for whether CNAME or NS is pointed (@Universal_Omega has an idea for how to do that easily) and then for the puppet API

Feb 14 2024, 07:00 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, Technology-Team (MediaWiki)
Reception123 added a comment to T11853: Support Translate scripts in mwscript.

This sounds like a task for @RhinosF1 !

Feb 14 2024, 06:50 · SRE Automation, Technology-Team (MediaWiki)
Universal_Omega triaged T11853: Support Translate scripts in mwscript as Normal priority.
Feb 14 2024, 06:40 · SRE Automation, Technology-Team (MediaWiki)

Feb 13 2024

OrangeStar renamed T11851: check_reverse_dns should contact authoritative nameservers for the TLD directly when checking if we're the authoritative nameservers of a domain from check_reverse_dns should contact authoritative nameservers for the TLD directly on DNS checks to check_reverse_dns should contact authoritative nameservers for the TLD directly when checking if we're the authoritative nameservers of a domain.
Feb 13 2024, 20:37 · SRE Automation, Monitoring, SSL, Technology-Team (Infrastructure)
RhinosF1 added projects to T11851: check_reverse_dns should contact authoritative nameservers for the TLD directly when checking if we're the authoritative nameservers of a domain: Monitoring, SRE Automation.
Feb 13 2024, 20:32 · SRE Automation, Monitoring, SSL, Technology-Team (Infrastructure)

Feb 10 2024

Reception123 added a comment to T7582: Create automated system for managing SSL requests.

@Reception123 If you want to get RequestSSL working right now, we could look at sending emails the way core does with Special:EmailUser

Feb 10 2024, 15:03 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, Technology-Team (MediaWiki)
OrangeStar added a comment to T7582: Create automated system for managing SSL requests.

@Reception123 If you want to get RequestSSL working right now, we could look at sending emails the way core does with Special:EmailUser

Feb 10 2024, 11:01 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, Technology-Team (MediaWiki)

Feb 3 2024

OrangeStar renamed T11768: Misleading messages from icinga rDNS checks regarding unregistered domains from Misleading messages from icinga rDNS checks regarding domains not pointed correctly to Misleading messages from icinga rDNS checks regarding unregistered domains.
Feb 3 2024, 10:40 · SRE Automation, Technology-Team (Infrastructure)

Feb 2 2024

OrangeStar updated the task description for T11768: Misleading messages from icinga rDNS checks regarding unregistered domains.
Feb 2 2024, 23:13 · SRE Automation, Technology-Team (Infrastructure)
OrangeStar updated the task description for T11768: Misleading messages from icinga rDNS checks regarding unregistered domains.
Feb 2 2024, 23:12 · SRE Automation, Technology-Team (Infrastructure)
RhinosF1 triaged T11768: Misleading messages from icinga rDNS checks regarding unregistered domains as Normal priority.
Feb 2 2024, 20:01 · SRE Automation, Technology-Team (Infrastructure)

Jan 31 2024

Universal_Omega moved T11680: Create Miraheze/python-functions github repo & python package from Incoming to Short Term on the Technology-Team (Infrastructure) board.
Jan 31 2024, 01:02 · Technology-Team (Infrastructure), SRE Automation
Universal_Omega added a project to T11680: Create Miraheze/python-functions github repo & python package: Technology-Team (Infrastructure).
Jan 31 2024, 01:02 · Technology-Team (Infrastructure), SRE Automation

Jan 30 2024

Reception123 added a project to T11698: Introduce "ImportImages" to ImportDump: SRE Automation.
Jan 30 2024, 17:58 · PixDeVl, SRE Automation, Technology-Team (MediaWiki), ImportDump
OrangeStar added a member for SRE Automation: OrangeStar.
Jan 30 2024, 16:12
Reception123 triaged T11753: Create Special:ManageWiki/redirects to handle wiki redirects as Low priority.
Jan 30 2024, 07:24 · SRE Automation, Technology-Team (MediaWiki), SSL

Jan 21 2024

Reception123 added a member for SRE Automation: Reception123.
Jan 21 2024, 18:58
Reception123 added a project to T11701: Allow direct download from link in ImportDump: SRE Automation.
Jan 21 2024, 18:58 · PixDeVl, SRE Automation, Technology-Team (MediaWiki), ImportDump
OrangeStar added a comment to T7582: Create automated system for managing SSL requests.

Regarding step 4:

This is too Miraheze-specific for inclusion in the RequestSSL codebase in my opinion. It is better suited as part of T11710. In the Miraheze-specific setup of this extension, once RequestSSL sends the request to puppet, the server program receiving the request should take care of determining if we should add new DNS zones. So I think steps 4 and 5 should be merged together.

Just to be clear, what you propose is the following? In my example, the domain is pointed via NS.
1: User requests SSL
2: RequestSSL checks (with puppet181's help) whether domain is pointed or not
3: RequestSSL submitted
4: ssl-certificate script once again checks whether domain is pointed and if it's pointed via NS, adds zone to GitHub
5: RequestSSL marked as completed

EDIT: in the fully automated version, steps 2 and 4 would probably be repetitive and would need merging

Jan 21 2024, 18:33 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, Technology-Team (MediaWiki)
Reception123 added a comment to T7582: Create automated system for managing SSL requests.

Regarding step 4:

This is too Miraheze-specific for inclusion in the RequestSSL codebase in my opinion. It is better suited as part of T11710. In the Miraheze-specific setup of this extension, once RequestSSL sends the request to puppet, the server program receiving the request should take care of determining if we should add new DNS zones. So I think steps 4 and 5 should be merged together.

Jan 21 2024, 18:01 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, Technology-Team (MediaWiki)
OrangeStar added a comment to T7582: Create automated system for managing SSL requests.

Regarding step 4:

Jan 21 2024, 15:45 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, Technology-Team (MediaWiki)
Reception123 added a comment to T7582: Create automated system for managing SSL requests.

I’m not sure that ssl-admins should be decommissioned, as cert removals would still be done manually, and this would allow us to investigate should something go wrong, and also somebody might not want letsencrypt.

Jan 21 2024, 14:46 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, Technology-Team (MediaWiki)
MacFan4000 added a comment to T7582: Create automated system for managing SSL requests.

I’m not sure that ssl-admins should be decommissioned, as cert removals would still be done manually, and this would allow us to investigate should something go wrong, and also somebody might not want letsencrypt.

Jan 21 2024, 14:44 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, Technology-Team (MediaWiki)
OrangeStar moved T7582: Create automated system for managing SSL requests from Backlog to Currently blocked on the RequestSSL board.
Jan 21 2024, 12:11 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, Technology-Team (MediaWiki)
OrangeStar added a subtask for T7582: Create automated system for managing SSL requests: T11710: Automate certificate generation.
Jan 21 2024, 12:00 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, Technology-Team (MediaWiki)
OrangeStar added a parent task for T7582: Create automated system for managing SSL requests: T11709: Write mediawiki.org page for RequestSSL.
Jan 21 2024, 11:50 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, Technology-Team (MediaWiki)

Jan 19 2024

Reception123 added a project to T7582: Create automated system for managing SSL requests: RequestSSL.
Jan 19 2024, 16:39 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, Technology-Team (MediaWiki)
OrangeStar added a comment to T7582: Create automated system for managing SSL requests.

@Reception123 I think it's about time we get a RequestSSL project and workboard on Phab. Also, add me as a member of the project if it will not have an open join policy please.

Jan 19 2024, 12:18 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, Technology-Team (MediaWiki)

Jan 18 2024

Reception123 added a comment to T7582: Create automated system for managing SSL requests.

Thinking about it, it would still definitely be useful to check whether the domain is pointing before the request is submitting but the python script running on puppet141 would still be needed in the end in order to be able to create the DNS zone for wikis pointing NS. The script already exists but needs some adjustments.

Jan 18 2024, 16:24 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, Technology-Team (MediaWiki)
Reception123 updated the task description for T7582: Create automated system for managing SSL requests.
Jan 18 2024, 16:23 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, Technology-Team (MediaWiki)
Reception123 added a comment to T7582: Create automated system for managing SSL requests.

@OrangeStar Thanks for the ideas. Indeed, it might be better to check whether the domain is pointed via PHP rather than having that in the python script and then having to contact the user afterwards and tell them it isn't. I guess what could be done then if it is not pointed is have an error display that clearly directs users to somewhere where they can get help pointing their domain.

Jan 18 2024, 16:15 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, Technology-Team (MediaWiki)
OrangeStar added a comment to T7582: Create automated system for managing SSL requests.

Functional but not yet over! Can't do much right now since I'm waiting for T11680 which will introduce some utility functions (To avoid reinventing the wheel) that the server program that automates cert generation would need, but I want to cleanup some of my PRs (the ones yesterday were just to make stuff work), move strings into i18n, change existing i18n strings too, remove some ID leftovers I saw while skimming the code, and automate checking that the domain is pointed correctly at least.

Jan 18 2024, 16:00 · RequestSSL, Goal-2023-Jan-Jun, SRE Automation, Goal-2021-Jul-Dec, SSL, Technology-Team (MediaWiki)