Closed Bug 455567 Opened 16 years ago Closed 16 years ago

please create staging-ffxbld account on hg.m.o

Categories

(mozilla.org Graveyard :: Server Operations, task)

Product:
mozilla.org Graveyard
Component:
Server Operations
Platform:
x86
macOS
Type:
task
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: bhearsum, Assigned: aravind)

References

Details

Attachments

(1 file)

staging ffxbld public key
639 bytes, text/plain
Details 
Originally I thought we could use the regular 'ffxbld' account to do staging runs of releases but as I ramped up to do that I realized that requires putting production keys on staging machines. This is bad because it increases the chance of accidentally pushing to a production repository or pushing something to stage.m.o.

Because of this, can we get a 'staging-ffxbld' account created? I've attached a public key for it...
Blocks: hg-auto-stage
Severity: normal → critical
So... sorry to be asking questions here, but do these staging accounts also need r/w access to production mercurial?  I was under the impression that all that would come through the ffxbld user.  Can you just use https for this stuff?
Assignee: server-ops → aravind
Sorry:
This staging account should only have r/w access to its user directory. This account is for doing test runs of release where we set-up and teardown clones of mozilla-central and locales.

the existing 'ffxbld' account should have r/w access to the real repositories for doing things such as version bumps during releases.

Does that help?
Okay, so this is a regular account with no access to mozilla-central, etc.  It will just have r/w access to hg.m.o/users/stage.

Oh, and can we make it a generic stage account (instead of stage-ffxbld), so other builds can use it as well?  Since it will not have r/w to any of the code repos, I don't mind making this a generic account.
I'm not sure what you mean by a generic account. Certain Build VMs are the only ones with the private key so I'm not sure how generic it can be.
(In reply to comment #3)
> Oh, and can we make it a generic stage account (instead of stage-ffxbld), so
> other builds can use it as well?  Since it will not have r/w to any of the code
> repos, I don't mind making this a generic account.

Accounts with access to hg_mozilla stuff have access to code repos, including comm-central and tamarin-central, so that's not true. I'd prefer we not give r/w access to Hg to anything/anybody more than we have to.
stage-ffxbld is the new uid, sorry I saw that you wanted staging-ffxbld after I had created everything.  I can change it if you want me to.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
no worries about the name - it's fine.
Can we make stage-ffxbld repositories accessible via http?
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Done.
Status: REOPENED → RESOLVED
Closed: 16 years ago16 years ago
Resolution: --- → FIXED
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: