Closed
Bug 1106577
Opened 11 years ago
Closed 10 years ago
remove ssh access from cruncher to all masters (releng.{use1,usw2})
Categories
(Infrastructure & Operations :: RelOps: General, task)
Infrastructure & Operations
RelOps: General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dustin, Assigned: dustin)
References
Details
(Whiteboard: [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/4207] )
Attachments
(2 files)
|
35.03 KB,
patch
|
Callek
:
review+
dustin
:
checked-in+
|
Details | Diff | Splinter Review |
|
52 bytes,
text/x-github-pull-request
|
Callek
:
review+
|
Details | Review |
Cruncher is a general-use, low-security host, which has active connections to users' SSH agents and probably a few ssh private keys. It shouldn't have access via SSH to all of the masters.
This is a pretty simple change to the buildbot-master SG.
|
||
Comment 1•11 years ago
|
||
Let's talk about this during this week before this bug gets closed, there are more than just me doing reconfigs from Fincher
|
Assignee | |
Comment 2•11 years ago
|
||
Callek couldn't remember what he meant when I went to talk to him .. so, please comment :)
Flags: needinfo?(bugspam.Callek)
|
||
Updated•11 years ago
|
Whiteboard: [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/4207]
|
|
||
Comment 3•11 years ago
|
||
Ok, I still can't remember, so I'm no longer blocking --
as long as Bug 1092871 c#7 gets addressed before the flow is cut.
Flags: needinfo?(bugspam.Callek)
|
|
Assignee | |
Comment 4•11 years ago
|
||
Attachment #8534409 -
Flags: review?(bugspam.Callek)
|
|
||
Comment 5•11 years ago
|
||
Comment on attachment 8534409 [details] [diff] [review]
bug1106577-known_hosts.patch
Review of attachment 8534409 [details] [diff] [review]:
-----------------------------------------------------------------
was under the impression you had some way to do this automatically, (e.g. if we ever reimage a master, or add new ones, I suspect we'll miss this) but that said, r+
Attachment #8534409 -
Flags: review?(bugspam.Callek) → review+
|
|
Assignee | |
Comment 6•11 years ago
|
||
Comment on attachment 8534409 [details] [diff] [review]
bug1106577-known_hosts.patch
https://hg.mozilla.org/build/puppet/rev/f87db0c03ce1
Attachment #8534409 -
Flags: checked-in+
|
|
Assignee | |
Comment 7•10 years ago
|
||
Attachment #8557323 -
Flags: review?(bugspam.Callek)
|
|
||
Updated•10 years ago
|
Attachment #8557323 -
Flags: review?(bugspam.Callek) → review+
|
|
Assignee | |
Comment 8•10 years ago
|
||
OK, deployed
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•