Closed Bug 1186302 Opened 10 years ago Closed 10 years ago

Add host keys for new upload hosts in GPO

Categories

(Infrastructure & Operations :: RelOps: General, task)

Product:
Infrastructure & Operations
Component:
RelOps: General
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: nthomas, Assigned: q)

References

Details

(Whiteboard: [windows])

Attachments

(1 file, 2 obsolete files)

known_hosts v3
18.81 KB, text/plain
Details
Similar to bug 1186300 but for GPO. I'll attach the new known_hosts we'd like to use. This would be for the windows build slaves, although bug 1185873 implies that we use the same GPO for testers too.
Attached file known_hosts (obsolete) —
This is the same file we have on linux, after bug 1186300 modifies it. FTR, this removes aus3-staging.m.o, bm-remote-talos-webhost-0{1,2,3}.build.mozilla.org, several old buildbot masters, cvs.m.o, preproduction-stage, a scl1 puppet host, servo-puppet1, and update.boot2gecko.org. It adds 6 new hosts upload.{trybld,ffxbld,tbirdbld}.productdelivery.{stage,prod}.mozaws.net Q, would it be possible to roll this out in the next few days ?
Assignee: relops → q
Test GPOs look good should we go for a Monday rollout?
Flags: needinfo?(nthomas)
Sounds good, I'll be around from about 2pm Pacific, or go earlier if buildduty is game. Partial rollout first, or go the whole hog ?
Flags: needinfo?(nthomas)
From Q in bug 1186300: updating ix-0060 - ix-0089 updating confirmed that 082 got the update. Unfortunately we're going to need to redo this, the server side got changed on us.
Attached file known_hosts v2 (obsolete) —
With apologies for needing to repackage this.
Attachment #8636965 - Attachment is obsolete: true
On it now.
Emergency pushing to replace this file should be out in the next 15 minutes to any host who got the v1 file.
Nick: just to double check, have you also added this to puppet for the puppetized windows machines?
Flags: needinfo?(nthomas)
Yes, that's being done in bug 1186300.
Flags: needinfo?(nthomas)
See Also: → 1186300
Nick, I think we are good for site wide rollout. What do you think ?
Flags: needinfo?(nthomas)
Yes, lets go ahead. I can't see any problems on the slaves that already got the updated file.
Flags: needinfo?(nthomas)
Last update didn't take. This is out in the wild and looking good so far.
Everything is updated except for a windows puppet hosts, which I'll take to bug 1186300.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Attached file known_hosts v3
We needed to fix a couple of issues in puppet, described over at https://bugzilla.mozilla.org/show_bug.cgi?id=1186300#c18, so I'm reopening this bug to fix them in GPO too. The true deadline is a few days before Oct 13, but there's no reason to wait that long as the diff (with truncated lines) looks like this: 45,48c45,48 < upload.tbirdbld.productdelivery.stage.mozaws.net ssh-rsa AAAAB3NzaC1yc2EAAAADA < upload.trybld.productdelivery.prod.mozaws.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQAB < upload.ffxbld.productdelivery.prod.mozaws.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQAB < upload.tbirdbld.productdelivery.prod.mozaws.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQ \ No newline at end of file --- > upload.tbirdbld.productdelivery.stage.mozaws.net,52.3.217.123 ssh-rsa AAAAB3Nz > upload.trybld.productdelivery.prod.mozaws.net,52.27.28.242 ssh-rsa AAAAB3NzaC1 > upload.ffxbld.productdelivery.prod.mozaws.net,52.11.216.122 ssh-rsa AAAAB3NzaC > upload.tbirdbld.productdelivery.prod.mozaws.net,52.88.134.149 ssh-rsa AAAAB3Nz ie only changes to not hosts not in use yet, and adding a newline at the end of the file.
Attachment #8639674 - Attachment is obsolete: true
I thought we verified GPO independently? Is it actually broken?
When we first verified only two of the staging hosts had been created, so we checked just those (we could add the others because they have the same host sig). It turns out that if you do something like ssh -i ~/.ssh/ffxbld_rsa upload.ffxbld.productdelivery.prod.mozaws.net then ssh will add a line to known_hosts with the actual IP address and host sig (harmless). The lack of newline (at the end of the currently deployed file) means it appends to the line for upload.tbirdbld.productdelivery.prod.mozaws.net and busts it. So I'm adding the newline, and while I'm here adding the IPs now we have them.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Added the new line but my updated was eaten. I think we should be good here.
I checked b-2008-ix-0067, which had rebooted about 5 hours ago, and it didn't have a trailing newline or attachment 8665635 [details]. Could we deploy that attachment, with CRLF line endings added if you prefer ?
Whiteboard: [windows]
Hi, what's the the state here ? We'll need to use this from Oct 13. If I can help by modifying the file on the share directly then just let me know.
Let me jump on the share and take a look. I also need to check that the replace is taking
Apologies, it looks like there was a file mismatch. That has been corrected I spotted checked five systems I forced pushed to and the lines looked correct and the new line is at that bottom of the file. I will keep an eye on it.
Spot checks look good to me too.
All done here ? The migration is tomorrow, 1pm Pacific.
Yes Sir, everything should be set.
Awesome, thanks for all your patience with the multiple deploys.
Status: REOPENED → RESOLVED
Closed: 10 years ago10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: