Closed Bug 1352268 Opened 7 years ago Closed 4 years ago

Autoscale scriptworkers

Categories

(Release Engineering :: General, enhancement, P3)

enhancement

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: coop, Assigned: rail)

References

Details

Taken from https://trello.com/c/so9pit0P/10-scriptworker-provisioner: 

With mac and windows signing, aiui we have tests that require signed packages. This implies dep signing, which is good for robustness.

However, with the added load, we'll likely need a much larger pool of signing scriptworkers. When idle, it would be nice to shut down some of the idle ones. Most likely these will be on-demand instances that we just shut down and spin back up when we need, rather than spot instances we spin up on the fly.

If we are shutting these down for any real length of time, we may want to block spinning up scriptworker until puppet has run once since boot.
Priority: -- → P3
Currently discussing docker images, and a pool of scriptworkers that know how to cot-verify and run those docker images. We can pass in the subset of required secrets via a mount or env vars - sops may work here, or just writing a custom script_config.json or passwords.{yml,json} or something.

For gecko, there would be a prod pool, which would have stricter checks and real secrets, and a dep pool for dep signing, staging runs, and *script tests. Releng should be able to spin up dev instances for scriptworker testing.

For the various mobile projects and Thunderbird, we'd need to determine whether we want to use the same prod pool or spin up separate pools.
Component: General Automation → General
Summary: Scriptworker provisioner → Autoscale scriptworkers
Assignee: nobody → aki

-> rail, reso fixed

Assignee: aki → rail
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.