Guilhem Moulin Guilhem Moulin
Minutes from the Tue Nov 21 infra call

 1. guilhem
 2. cloph
 3. Brett
 4. Norbert

   + [rdm#2312] Avoid serving web content over http:// when possible
     - website (vm168): TODO: s,http://,https:// in the templates and pages,
       plus add 30x redirect at the top level
     - dev-www and other dev tools: support https:// since the beginning of the
       year, but no redirect as it'd break scripts otherwise.  Hence scripts
       are still mostly using http://.  TODO: Poke devs to upgrade their
     - downloads: http:// and https:// both work (without redirect)
   + [rdm#1987] Please use HTTPS for downloads to protect users
     - adding a redirect http://download.tdf → https://download.tdf is not
       enough, because mirrorbrain doesn't have a separate baseurl for secure
       links hence can further redirect from https://download.tdf to
       http://mirror .  
       . cloph: the redirect could also cause problem with protocol downgrade
         on handing out http mirror in the redirect
     - mirrorbrain can't serve https://-only mirrors to https:// connections;
       and that would be mostly useless without the above redirect anyway, as
       most users would otherwise stick to http://
       . https://github.com/poeml/mirrorbrain/issues/143 (consistent https
       . https://github.com/poeml/mirrorbrain/issues/167 (configure https urls
         in mirrorbrain itself for a given mirror)
     - Stats: 113 active HTTP mirrors, of which 6 have an https:// baseURL.
       Of the 106 http:// URLs, 35 can safely (valid X.509 chain) be upgraded
       to https:// based on a quick curl(1) scan.
       . AI guilhem: ask mirror operators if the https:// URLs will remain
         stable, and upgrade when possible.
       . Norbert: reach out to other mirror operators and ask them (with a
         link to the Let's Encrypt tutorials) if they can add https://
         support.  When we have enough https://-capable mirrors, we can
         perhaps disable the rest and serve https://-only content.
   + [rdm#2340] LibreOffice download page - please change torrent file to be
     downloaded using https instead of current http link
     - same as before, but maybe we could enable SSL/TLS on the torrent
       . no problem for .torrent files - those (and other small files like the
         .asc signatures) are served by download.tdf directly, and not passed
         on to mirrors
       . enabling ssl support for tracker (hefur) would be possible, but would
         require external let's encrypt-handling (AI guilhem) (https tracker
         would listen on port 6970 by default) - but would need http / non-ssl
         version anyway.
       . ssl not so much a problem with torrents, since individual downloaded
         hunks have sha-checksum anyway/the connection to the peer you
         download from is not covered by the tracker's ssl-connection
   + [rdm#2090] gerrit: anonymous VCS URI scheme should be https:// not the
     insecure git://
     - https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#download
       (not part of default gerrit)
   + [rdm#2026] scan sites with observatory.mozilla.org
 * Norbert: would be nice to have a superset of sudo in salt, which we can map
   to sudo on specific machines, eg build slaves.
 * Monitoring
   + [rdm#2211] greylog/log parsing
     - Norbert: when we have a problem, add filter patterns to detect future
       similar problems
   + [rdm#2210] monitoring notifications
     - really need to improve the situation here, cf.
       . SMS is the way to go, but we need to the ability to specify schedules
         so not everyone is waken up in the middle of the night
       . cloph: want to revive the telegram notifications that we had in the
         past (TDF Monitoring bot)
       . Norbert: need the ability to temporarily disable the rules when doing
         manual maintenance
       . Norbert: it's crucial to avoid false positives (cf. infra ML…)
   + [rdm#2208] add missing hosts to monitoring
     - we need to run salt on the monitoring (and backup) host after each new
       host/VM deployment
     - salt only adds basic ping/web-check - specific services need to be
       added manually/separately
   + [rdm#1079] Status page
     - cloph: don't want to make everything public, but we can basic info like
       web check for public services
     - admins need to be able to tell the world the problem is known and being
       worked on
 * Backups
   + [rdm#2082] provide a way to set per-vm backup time (e.g. only do gerrit
     during nighttime)
   + [rdm#2209]
   + TODO: add a flag in pillar to specify backup run time or disable it
     (comment out the entry)
   + [rdm#2141] Replacing reCAPTCHA with self-hosted version
     - Demote to low prio as SSO should deprecate reCAPTCHA on the frontends
   + [rdm#2396] reCAPTCHA v1 API shutdown on March 31, 2018
     - wiki.tdf, ask.lo, extensions.lo, and www.lo all use v2, anything else
       still on v1?  Not that we know of
 * WebSSO
   + [rdm#1585] single sign-on (SSO)
     - 467 accounts created in LDAP so far
     - WebSSO deployed on pad.tdf, tdf.io, and survey.tdf.  Unauthenticated
       users are redirected to the central auth portal, and then back to the
     - LDAP auth partly deployed (dual auth) on nextcloud.tdf, www.tdf and
     - TODO: poke recent wiki contributors?  last time I checked 350/400
       didn't have an LDAP account yet.  cloph: start by showing a banner with
       a link to user.tdf to logged in users
 * Next call: *Mon* Dec. 18, 17:30 UTC


