Maniphest T368503

Update CAS to 6.6.15.2
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	SLyngshede-WMF
	Wed, Jun 26, 7:15 AM

Tags

Referenced Files

None

Subscribers

• MoritzMuehlenhoff

Description

We need to update CAS for https://apereo.github.io/2024/06/26/oidc-vuln/

Details

	Subject	Repo	Branch	Lines +/-
	IDP: Failover to CAS 6.6.15.2 host.	operations/dns	master	+1 -1
	Point idp-test to idp-test2002	operations/dns	master	+1 -1

Customize query in gerrit

Event Timeline

SLyngshede-WMF created this task.Wed, Jun 26, 7:15 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptWed, Jun 26, 7:15 AM

Change #1049818 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/dns@master] Point idp-test to idp-test1003

https://gerrit.wikimedia.org/r/1049818

gerritbot added a project: Patch-For-Review.Wed, Jun 26, 7:33 AM

Change #1049818 merged by Muehlenhoff:

[operations/dns@master] Point idp-test to idp-test2002

https://gerrit.wikimedia.org/r/1049818

sudo cookbook sre.hosts.reimage --os bookworm -t T368503 idp-test1002

Cookbook cookbooks.sre.hosts.reimage was started by slyngshede@cumin1002 for host idp-test1002.wikimedia.org with OS bookworm

Peachey88 added a project: CAS-SSO.Wed, Jun 26, 8:26 AM

Restricted Application added a project: Infrastructure-Foundations. · View Herald TranscriptWed, Jun 26, 8:26 AM

Maintenance_bot removed a project: Patch-For-Review.Wed, Jun 26, 8:30 AM

Cookbook cookbooks.sre.hosts.reimage started by slyngshede@cumin1002 for host idp-test1002.wikimedia.org with OS bookworm completed:

idp-test1002 (PASS)
- Downtimed on Icinga/Alertmanager
- Disabled Puppet
- Removed from Puppet and PuppetDB if present and deleted any certificates
- Removed from Debmonitor if present
- Forced PXE for next reboot
- Host rebooted via gnt-instance
- Host up (Debian installer)
- Add puppet_version metadata to Debian installer
- Set boot media to disk
- Host up (new fresh bookworm OS)
- Generated Puppet certificate
- Signed new Puppet certificate
- Run Puppet in NOOP mode to populate exported resources in PuppetDB
- Found Nagios_host resource for this host in PuppetDB
- Downtimed the new host on Icinga/Alertmanager
- Removed previous downtime on Alertmanager (old OS)
- First Puppet run completed and logged in /var/log/spicerack/sre/hosts/reimage/202406260840_slyngshede_1139517_idp-test1002.out
- configmaster.wikimedia.org updated with the host new SSH public key for wmf-update-known-hosts-production
- Rebooted
- Automatic Puppet run was successful
- Forced a re-check of all Icinga services for the host
- Icinga status is optimal
- Icinga downtime removed
- Updated Netbox data from PuppetDB

Change #1049877 had a related patch set uploaded (by Slyngshede; author: Slyngshede):

[operations/dns@master] IDP: Failover to CAS 6.6.15.2 host.

https://gerrit.wikimedia.org/r/1049877

Change #1049877 merged by Slyngshede:

[operations/dns@master] IDP: Failover to CAS 6.6.15.2 host.

https://gerrit.wikimedia.org/r/1049877

Mentioned in SAL (#wikimedia-operations) [2024-06-26T09:55:04Z] <slyngs> Update idp.wikimedia.org to CAS 6.6.15.2 (T368503)

Maintenance_bot removed a project: Patch-For-Review.Wed, Jun 26, 10:30 AM

• MoritzMuehlenhoff triaged this task as High priority.Thu, Jun 27, 7:39 AM

• MoritzMuehlenhoff updated the task description. (Show Details)

• MoritzMuehlenhoff closed this task as Resolved.Thu, Jun 27, 7:44 AM