User Details
- User Since
- Aug 27 2019, 5:42 PM (255 w, 5 d)
- Availability
- Available
- LDAP User
- Dwisehaupt
- MediaWiki User
- DWisehaupt (WMF) [ Global Accounts ]
Thu, Jul 18
PFW changes added to the repo and pushed to the PFWs for application Network task tracked in T370481.
Thanks.
Iptables rules updated and applied to civicrm, payments, and payments_listener role for the API addresses. The frdev role did not have the other payment gateways rules so I'm not certain we need it on that role. Correct me if I'm wrong.
IP addresses from gr4vy.
Confirmed with cstone that nothing more is needed for this portion.
Wed, Jul 17
The private key has been configured and is in place on the civicrm, frdev, payments, and payments-listener roles. The file is available at:
- /etc/fundraising/gravy_api_cert.pem
- /etc/gravy_api_cert.pem
Ok. Looks like they are using google cloud computing for those endpoints. I'll have to check our config on the pfw, but this may necessitate moving from a strict allow list to a dns based iptables list. We have been able to avoid that for the payments role at this point.
New directory set up. All puppet instances of fundraise-up changed to fundraiseup. Files on disk on civi1002 copied to new location.
Tue, Jul 16
@Damilare I have added the key to the private repo and can add it to the hosts. What hosts/roles is this needed on? The ones I would think as possibilities are: payments, civicrm, frdev
Fri, Jul 12
Certificate revoked and change pushed.
[frack::puppet::private] 118a7ac5 Revoke aparker client cert
Civi and superset accounts disabled. Email removed from major gifts notifications in civi. Access removed from analytics archive google drive folder.
Updated the host name in the task since I hadn't bumped it up in the racking details of the parent task. Sorry about that.
Thu, Jul 11
Added estimated points (4) from today's standup but there was a call for more detail as to what is requested.
Wed, Jul 10
All the globalcollect/ingenico/worldline bits have been removed from puppet. Closing.
Mon, Jul 8
Tue, Jul 2
Mon, Jul 1
Fri, Jun 28
Old servers removed in following commit:
[frack::puppet] 5b22b90dd Remove ntp servers that are going to be deprecated (Dallas Wisehaupt:Dallas Wisehaupt)
Adding @AKanji-WMF on this to coordinate with Major Gifts for the benefactors site.
Per conversations at the offsite. icano will not currently need ssh and db access. This task can be reopened in the future if that changes.
Worked with Yamini to get the certificate installed on their machine yesterday at the offsite. Verified that access to civi was working again.
Thu, Jun 27
@SHust Thanks for letting us know. Yamini and use the existing ssl certificate and passwords on the new laptop. I've reached out to her to see if she needs me to resend the certificate and password.
Tue, Jun 25
Access approval.
Access approval.
Mon, Jun 24
Verified logins are working.
Jun 21 2024
Account setup complete. User account created and added to the proper groups. SSH pubkey added. Yubikey pubkey added. Account and config pushed out and puppet runs completed. Email sent with instructions on how to connect.
Frack config has been updated to use the new ntp-[abc].anycast.wmnet servers. The previous dnsXXXX and ntp.anycast.wmnet entries have been removed.
PFW cleanup handled in T368178
Puppet config removed.
Deployed firewall rule to civi hosts to handle output traffic to pal-live.adyen.com.
Jun 20 2024
iptables rules updated for new anycast servers. New servers added to hiera and deployed. Verified working with chronyc on frpm1002:
Access approval.
Jun 18 2024
PFW update deployed. iptables changes applied. Closing.