Bug #12833: Implement our masterplan about fallback DNS round-robin pool & HTTPS

Bug #12833

Implement our masterplan about fallback DNS round-robin pool & HTTPS

Added by Anonymous 2017-06-21 17:10:23 . Updated 2019-04-07 08:56:08 .

Status:

In Progress

Priority:

Normal

Assignee:

Category:

Infrastructure

Target version:

Start date:

2017-06-21

Due date:

% Done:

Feature Branch:

451f/mirror-pool-dispatcher.git/master and 451f:tails.git/feature/12833+use_wikimedia_mirror

Type of work:

Research

Blueprint:

https://tails.boum.org/blueprint/HTTP_mirror_pool/#HTTPS

Starter:

Affected tool:

Deliverable for:

Description

see https://labs.riseup.net/code/issues/9796#note-25

Subtasks

Related issues

Related to Tails - ~~Feature #9796~~: HTTPS mirrors	Resolved	2017-06-21
Blocked by Tails - Feature #15908: Update blueprints, design docs and manual test instructions WRT Wikimedia fallback mirror	Confirmed	2018-09-03

History

#1 Updated by Anonymous 2017-06-21 17:13:55

Status changed from New to Confirmed

#2 Updated by intrigeri 2017-06-22 08:03:34

Category set to Infrastructure
Target version set to 2017

(Like the parent ticket.)

#3 Updated by intrigeri 2017-11-18 08:55:50

Assignee deleted (~~intrigeri~~)
QA Check set to Info Needed

Hi u! At the summit this year we thought we would be able to do this by the end of 2017. I’m still confident this can happen! How about we schedule two 2-3h Mumble working sessions in December about it? I’m confident one such session could be sufficient to come up with a good idea of how to solve the problem, and the second session could be about documenting it properly and starting the implementation work. If you agree, let’s schedule this over private email.

#4 Updated by Anonymous 2017-11-20 12:58:30

intrigeri wrote:
> Hi u! At the summit this year we thought we would be able to do this by the end of 2017. I’m still confident this can happen! How about we schedule two 2-3h Mumble working sessions in December about it? I’m confident one such session could be sufficient to come up with a good idea of how to solve the problem, and the second session could be about documenting it properly and starting the implementation work. If you agree, let’s schedule this over private email.

yes please!! Sending you an email to find a suitable date.

#5 Updated by intrigeri 2017-11-27 10:44:31

Target version changed from 2017 to Tails_3.5
QA Check deleted (~~Info Needed~~)

We have a date!

#6 Updated by intrigeri 2017-12-06 10:58:53

Assignee set to intrigeri

Postponed, I’ll coordinate the process to find a new date.

#7 Updated by intrigeri 2017-12-08 18:11:43

Assignee deleted (~~intrigeri~~)

Proposed a date over email.

#8 Updated by intrigeri 2017-12-09 12:16:12

We have a (new) date!

#9 Updated by intrigeri 2017-12-09 12:16:40

Target version changed from Tails_3.5 to Tails_3.6

#10 Updated by Anonymous 2018-01-24 14:23:24

Status changed from Confirmed to In Progress

#11 Updated by Anonymous 2018-01-24 14:35:27

Blueprint set to https://tails.boum.org/blueprint/HTTP_mirror_pool/

#12 Updated by Anonymous 2018-01-24 14:35:59

We added our new plan to the blueprint in 658348e5917017c010abe240623ef20fe019ae80.

#13 Updated by Anonymous 2018-01-24 14:39:01

Subject changed from Think about fallback DNS round-robin pool & HTTPS to Implement our masterplan about fallback DNS round-robin pool & HTTPS

#14 Updated by Anonymous 2018-01-24 14:41:32

Target version changed from Tails_3.6 to Tails_3.7

#15 Updated by geb 2018-02-10 19:41:34

Hello,

I was reading https://tails.boum.org/blueprint/HTTP_mirror_pool/#index6h2 following the january monthly report. Great plan !

However, I feel a bit concern by adding a strong dependancy to a mirror we don’t control and hardcoding it. What would happen for example for upgrades if this mirror become inaccessible / have to remove tails / … ? Could you please clarify its role for upgrades ? Would other mirrors be checked if it become unaccessible ?

#16 Updated by intrigeri 2018-02-11 06:34:24

Blueprint changed from https://tails.boum.org/blueprint/HTTP_mirror_pool/ to https://tails.boum.org/blueprint/HTTP_mirror_pool/#HTTPS

> However, I feel a bit concerned by adding a strong dependance to one mirror we don’t control and hardcoding it. What would append for example for upgrades if this mirror become inaccessible / have to remove tails / … ?

Tails Upgrader does not use the fallback mirror but the regular mirror pool.

#17 Updated by geb 2018-02-11 10:59:19

Hi,

intrigeri wrote:
> Tails Upgrader does not use the fallback mirror but the regular mirror pool.

Thanks for the clarification ! I was missleading by the mention of the tails upgrader in the blueprint.

#18 Updated by bertagaz 2018-05-10 11:09:03

Target version changed from Tails_3.7 to Tails_3.8

#19 Updated by Anonymous 2018-05-28 12:30:54

@intrigeri: do we agree that I should start working on these points:

deploy in lockstep on our live website:

- change fallback_download_url_prefix in mirror-pool-dispatcher [u]
- change all instances of http://dl.a.b.o → https://mirrors.wikimedia on our website [u]
- except in UDFs

#20 Updated by intrigeri 2018-05-28 16:49:14

> @intrigeri: do we agree that I should start working on these points:

> deploy in lockstep on our live website:

> - change fallback_download_url_prefix in mirror-pool-dispatcher [u]
> - change all instances of http://dl.a.b.o → https://mirrors.wikimedia on our website [u]
> - except in UDFs

Yes. Make sure you prepare this on a topic branch: some other bits need to be ready before we merge this (just added one we had forgotten to the blueprint). I’ll gladly review it :)

Next thing will be to update the plan and sanity check the deployment timeline: things got postponed so the version numbers and RM names are now wrong. Our plan was crafted in a way that I was the RM for the release that’s going to be tricky (initially 3.8 but that’s not going to happen like this since we did not release any of the needed changes in 3.7). I don’t think that shifting numbers will give us this property so we probably need to rethink our deployment timeline a little bit, or at least check that the RM for the tricky release is in a position to avoid messing it up :)

#21 Updated by intrigeri 2018-06-26 16:27:39

Target version changed from Tails_3.8 to Tails_3.9

#22 Updated by Anonymous 2018-08-02 07:40:42

u wrote:
> - change fallback_download_url_prefix in mirror-pool-dispatcher [u]
> - change all instances of http://dl.a.b.o → https://mirrors.wikimedia on our website [u]

I’ve asked the operator of this mirror in person if that works out for them and they said “By all means, go for it!”

#23 Updated by intrigeri 2018-08-02 14:52:28

> I’ve asked the operator of this mirror in person if that works out for them and they said “By all means, go for it!”

:)))

#24 Updated by Anonymous 2018-08-17 19:25:49

Target version changed from Tails_3.9 to Tails_3.10.1

I’ll do that asap, but likely it’ll be for 3.10.

#25 Updated by Anonymous 2018-09-03 09:42:08

u wrote:
> u wrote:
> > - change fallback_download_url_prefix in mirror-pool-dispatcher [u]

Done in 8886e9625f621f7eb6bde39333a85a707c2692ea on 451f/mirror-pool-dispatcher.git/master.
I did not push this to mirror-pool-dispatcher.git/master because the rest of the URLs needs to be adjusted for this to work.

#26 Updated by Anonymous 2018-09-03 09:46:24

We need to update contribute/how/mirror.mdwn accordingly.

#27 Updated by Anonymous 2018-09-03 09:47:28

We need to update contribute/design/mirrors.mdwn accordingly.

#28 Updated by Anonymous 2018-09-03 09:54:11

Feature Branch set to 451f/mirror-pool-dispatcher.git/master and 451f:tails.git/feature/12833+use_wikimedia_mirror

#29 Updated by Anonymous 2018-09-03 10:02:59

blocked by Feature #15908: Update blueprints, design docs and manual test instructions WRT Wikimedia fallback mirror added

#30 Updated by Anonymous 2018-09-03 10:03:44

Also see 451f:tails/feature/12833+use_wikimedia_mirror

6f6064f2115b28cb18144ffcc9a891d5a26aec11
a362d1bc5894aa9772461363632d0cd17494578c

#31 Updated by Anonymous 2018-09-03 10:04:02

Assignee set to intrigeri

I believe that’s all I can do to help.

#32 Updated by intrigeri 2018-09-06 13:28:53

Target version changed from Tails_3.10.1 to Tails_3.12

The next steps (https://tails.boum.org/blueprint/HTTP_mirror_pool/#HTTPS) require lots of coordination with the RMs and a good understanding from them of what’s at stake and how it works. Our initial plan for 3.7 & 3.8 took this into account. I don’t want to do this while we’re onboarding a new RM for 3.10 and have no clue yet who’ll RM the next releases so I’ll come back to it in a few months. Besides, as discussed at the summit, the most important part of ~~Feature #9796~~ was done already so I’ll take it easy here for the next steps.

#33 Updated by intrigeri 2018-12-30 10:26:59

Target version deleted (~~Tails_3.12~~)

It’s unclear who’ll be the RM for 3.12 and given the current state of our group of RMs, I don’t know when I’ll feel confident adding this to our plate.

#34 Updated by intrigeri 2019-03-07 15:27:31

Parent task deleted (~~~~Feature #9796~~~~)

(I want to close ~~Feature #9796~~.)

#35 Updated by intrigeri 2019-03-07 15:27:55

related to ~~Feature #9796~~: HTTPS mirrors added

#36 Updated by intrigeri 2019-04-07 08:56:08

Assignee deleted (~~intrigeri~~)

I don’t see when I’ll have time to work on this.