Wikimedia Bugzilla is closed!

We'd like to get this going as soon as possible as the work is proving to be fruitful. Setting to High accordingly.

Redirecting traffic based on a cookie in varnish can be subtle, although I expect beta to be much simpler than production, it's still something that will probably need some non-trivial effort.

Giving this a go.

Change 158016 had a related patch set uploaded by Dduvall:
Labs: Varnish backend/director for isolated security audits

https://gerrit.wikimedia.org/r/158016

The new deployment-mediawiki03 instance is fully provisioned, and I've cherry picked the varnish patch on deployment-salt. I've verified that the instance receives traffic [only] if a "security_audit=1" cookie is set, but I'd appreciate a second set of eyes on it.

Thanks Dan, will take a look tomorrow and test it, what is the url and domain I should hit?

The host should be the same (en.wikipedia.beta.wmflabs.org). You just need to make sure the requests contain a "security_audit=1" cookie.

To be on the safe side, you might want to ping the #wikimedia-qa IRC channel when you're ready to start, just so we can keep an eye on things.

Will do

13:57 <     bd808> mediawiki03 isn't in the scap pool yet I just noticed.
13:58 <     bd808> so it has stale code

Change 159520 had a related patch set uploaded by BryanDavis:
beta: add deployment-mediawiki03 to scap targets

https://gerrit.wikimedia.org/r/159520

I've cherry-picked the patch to deployment-salt.eqiad.wmflabs and the last scap deployment seems to have synced to deployment-mediawiki03.

dduvall@deployment-mediawiki03:~$ ls -ld /srv/mediawiki/
drwxr-xr-x 12 mwdeploy mwdeploy 4096 Sep 11 21:35 /srv/mediawiki/

Change 159520 merged by Dzahn:
beta: add deployment-mediawiki03 to scap targets

https://gerrit.wikimedia.org/r/159520

Are we all good here, then?

Still waiting for https://gerrit.wikimedia.org/r/#/c/158016/ to be merged.