Closed Bug 1007976 Opened 11 years ago Closed 11 years ago

Switch in house try builds from ceph to reverse-proxied S3

Categories

(Release Engineering :: General, defect)

Product:
Release Engineering
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: glandium, Assigned: glandium)

References

Details

Attachments

(1 file, 2 obsolete files)

Switch in house try builds from ceph to reverse-proxied S3
2.25 KB, patch
Callek
: review+
Details | Diff | Splinter Review
No description provided.
Attachment #8419776 - Flags: review?(bugspam.Callek)
I'd need to give you the corresponding secrets to push in eyaml somehow.
Blocks: 1006954
Blocks: 1008015
Now, I'm wondering if this really ensures the secrets are going to be scraped when a slave is loaned.
Maybe this should be using slave_trustlevel instead of adding is_releng_try?
Comment on attachment 8419776 [details] [diff] [review] Switch in house try builds from ceph to reverse-proxied S3 Review of attachment 8419776 [details] [diff] [review]: ----------------------------------------------------------------- ::: manifests/moco-config.pp @@ +47,5 @@ > } > + $is_releng_try = $fqdn? { > + /.*\.try\.releng\..*\.mozilla\.com/ => true, > + default => false, > + } This is not really a "config" thing imo, so I don't like it here. (it also isn't completely accurate given Perhaps you can use "$slave_trustlevel"[1] instead? [1]- http://mxr.mozilla.org/build/search?string=slave_trustlevel
Attachment #8419776 - Flags: review?(bugspam.Callek) → review-
Attachment #8421428 - Flags: review?(bugspam.Callek)
Attachment #8419776 - Attachment is obsolete: true
Comment on attachment 8421428 [details] [diff] [review] Switch in house try builds from ceph to reverse-proxied S3 Review of attachment 8421428 [details] [diff] [review]: ----------------------------------------------------------------- ::: modules/slave_secrets/templates/try_dot_boto.erb @@ +1,3 @@ > [Credentials] > +aws_access_key_id = <%=scope.function_secret(["releng_try_s3_access_key_id"])%> > +aws_secret_access_key = <%=scope.function_secret(["releng_try_s3_secret_access_key"])%> Per IRC convo we're changing the secret name to: "sccache_s3_storage_access_key_<trustlevel>" /// "sccache_s3_storage_access_id_<trustlevel>" ----> so thatd be, for example: "sccache_s3_storage_access_key_try" // "sccache_s3_storage_access_id_try"
Attachment #8421428 - Flags: review?(bugspam.Callek) → review+
Mike will be e-mailing me the secrets with gpg encryption, I plan to get them added tonight, so he can land this to `default` overnight, and can go live tomorrow with a production puppet push
<glandium> Callek: note, access_key/access_id is kind of confusing <Callek> glandium: better idea? <glandium> Callek: keeping the s3 terminology of access_key_id/secret_access_key ? <Callek> glandium: that works for me, please just comment in bug re: changed agreement (since I already commented there)
Attachment #8421452 - Flags: review?(bugspam.Callek)
Attachment #8421428 - Attachment is obsolete: true
Comment on attachment 8421452 [details] [diff] [review] Switch in house try builds from ceph to reverse-proxied S3 Review of attachment 8421452 [details] [diff] [review]: ----------------------------------------------------------------- sounds good. As of now I added: sccache_s3_storage_access_key_id_try: >... sccache_s3_storage_secret_access_key_try: >... to heira secrets on the distinguished puppetmaster. feel free to land this on `default` puppet branch. I'm also filing a followup bug for me to remove the now defunct secret from the puppetmaster after a while (e.g. when this bug is done)
Attachment #8421452 - Flags: review?(bugspam.Callek) → review+
Blocks: 1009348
In production.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Blocks: 1009981
Depends on: 1010316
Depends on: 1024651
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: