Closed
Bug 1254749
Opened 9 years ago
Closed 9 years ago
buildbot-bridge - update taskcluster client id
Categories
(Release Engineering :: Release Automation, defect)
Release Engineering
Release Automation
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: jlund, Assigned: jlund)
References
Details
it's current creds are dyying
Comment 1•9 years ago
|
||
You should be able to create new clientIds with the prefix "project/releng/". The pattern is "project/releng/<tool>/<environment>" so something like "project/releng/buildbot-bridge/production". Once that's set up and the scopes match, you should be able to just swap the credentials out with no impact. Once the old creds are unused, let me know and I can delete them.
Comment 2•9 years ago
|
||
Oh, I actually already created these, so you'll just need to reset the accessToken to get a new one.
Assignee | ||
Comment 4•9 years ago
|
||
/me stumbling around...
stumble 1:
13:07:50 <jlund> dustin: re: updating tc token for buildbot-bridge. I just went on to do this. I rotated the dev instance but as I am looking at prod, it seems like these tokens were rotated only 5 days ago.
13:07:55 <jlund> dustin: was that you? https://tools.taskcluster.net/auth/clients/#project%252freleng%252fbuildbot-bridge%252fproduction
13:08:14 <jlund> I would have thought this would break bbb unless we updated puppet and the bbb.ini
stumble 2:
13:27:28 <jlund> how come secrets(buildbot_bridge_dev_taskcluster_client_id) shows something more like a random str id instead of project/releng/buildbot-bridge/dev
13:27:34 <jlund> do we support aliases?
13:28:35 <jlund> or are they different and project/releng/buildbot-bridge/dev was created after but never added to buildbotbridge. and bbb uses some old clientid?
stumble 3:
13:32:14 <jlund> well, tclistener seems to have restarted cleanly (according to logs) and the new tc token is in config.json so they must be the same client id
so if I were to guess, the client id: project/releng/buildbot-bridge/dev and client id in buildbot_bridge_dev_taskcluster_client_id in puppet were not related. but then in part 3 above, it appears like updating buildbot_bridge_dev_taskcluster_access_token via puppet with new rotated keys, didn't break dev bbb. Now I'm confused..
Comment 5•9 years ago
|
||
Assignee | ||
Comment 6•9 years ago
|
||
thanks.
it turned out I we ran into auth errors on the dev instance after all. This was due to the clientid not being updated
so I've updated the dev instance with the correct clientid along with its respective newly rotated access token. I then restarted the bbb services.
Since it took some time to show cred errors on the dev instance, I'm going to give it a day before updating prod.
Comment 7•9 years ago
|
||
https://tools.taskcluster.net/auth/clients/#5Svq_nEQSFCDnNNcPHj2sQ shows a recent usage - is it used somewhere else?
Comment 8•9 years ago
|
||
(In reply to Dustin J. Mitchell [:dustin] from comment #7)
> https://tools.taskcluster.net/auth/clients/#5Svq_nEQSFCDnNNcPHj2sQ shows a
> recent usage - is it used somewhere else?
I suspect production bbb:
https://tools.taskcluster.net/auth/clients/#project%252freleng%252fbuildbot-bridge%252fproduction shows 11 days ago.
Assignee | ||
Comment 9•9 years ago
|
||
yeah. I'll update prod now.
Assignee | ||
Comment 10•9 years ago
|
||
bbb prod has been updated and checking back on the logs show that it likely was updated without issue. closing this for now
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•