Update SSL cert for user-content.gitlab-static.net
Production Change - Criticality 2 C2
| Change Objective | Describe the objective of the change |
|---|---|
| Change Type | Operation |
| Services Impacted | Camoproxy - user-content.gitlab-static.net
|
| Change Team Members | @bjk-gitlab, @ggillies |
| Change Criticality | C2 |
| Change Reviewer | @igorwwwwwwwwwwwwwwwwwwww |
| Tested in staging | #2189 (closed) |
| Dry-run output | |
| Due Date | 2020-08-27 |
| Time tracking | To estimate and record times associated with changes ( including a possible rollback ) |
Detailed steps for the change
-
Target apply the certificate gprd-camo-proxywithtf apply -target=module.camoproxy-lb.google_compute_managed_ssl_certificate.default. -
Manually associate gprd-camo-proxywith the GCP load-balancer frontend. -
Wait 30 minutes for GCP to provision and rollout additional certificate. -
Target apply the certificate list swap with tf apply -target=module.camoproxy-lb. -
Verify Terraform Plan NOOP.
Rollback steps
- Rollback https://ops.gitlab.net/gitlab-com/gitlab-com-infrastructure/-/merge_requests/1771
- Apply TF to return to manually managed cert.
Changes checklist
-
Detailed steps and rollback steps have been filled prior to commencing work -
SRE on-call has been informed prior to change being rolled out -
There are currently no open issues labeled as ServiceMonitoring with severities of ~S1 or ~S2
Edited by Ben Kochie