Closed Bug 1275869 Opened 9 years ago Closed 8 years ago

Please deploy kinto-dist 0.5.0 to stage

Categories

(Cloud Services :: Operations: Deployment Requests - DEPRECATED, task)

task
Not set
normal

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: dmaher, Assigned: dmaher)

References

Details

+++ This bug was initially created as a clone of Bug #1273469 +++ Please deploy kinto-dist 0.5.0 to Stage. (Previous bug got derailed.)
Assignee: nobody → dmaher
Kinto-dist 0.5.0 has been deployed to stage, including both the Writer and read-only nodes. I also fixed a long-standing bug in our deployment process that was causing DNS-related problems (and general headaches all around), so that's nice. Kinto CDN: settings.stage.mozaws.net Fennec CDN: d1wakkpts9xafo.cloudfront.net Webhead ELB: kinto.stage.mozaws.net Writer ELB: kinto-writer.stage.mozaws.net (inaccessible from the Internet, but for the sake of completeness...)
Status: NEW → ASSIGNED
Hello Chris, Do you have any news about that? Are you blocked on something I can help with? Thanks, Rémy
Flags: needinfo?(chartjes)
I had a meeting with :jvehent and :mgoodwin on Friday to discuss some issues related to the cryptographic signing functionality and determined a test that will satisfy my questions about it. I'll follow up with an email.
Flags: needinfo?(chartjes)
QA approves deployment to stage.
I guess you mean prod, thx for the tests
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
According to my team, Chris has more tests to do here after all. Chris, please follow-up here by closing the bug once you're happy with your testing, thanks!
Status: RESOLVED → REOPENED
Flags: needinfo?(chartjes)
Resolution: FIXED → ---
Not quite finished with stage testing. Here's what I did: * used the addons.allizom.org admin to add a new certificate to staging * noted that the new certificate was there but had the status of 'to-sign' * with help from :natim and :phrawzty the xml2kinto script was run, and then :natim updated https://kinto-writer.dev.mozaws.net/v1/buckets/blocklists/collections/certificates so that the certificate in the dev environment was correctly signed * the "signing trigger" needs to be done on staging so that I can verify that signing has occurred in that environment
Flags: needinfo?(chartjes) → needinfo?(dmaher)
Depends on: 1285179
> * the "signing trigger" needs to be done on staging so that I can verify that signing has occurred in that environment Due to a bug in the Kinto-Writer config template, the kinto-signer wasn't getting loaded, resulting in the errant behaviour you detected. I've since fixed the error[0] and re-deployed. Natim and I have done some basic verifications and it looks like the problem is solved; however, I would encourage QA to take a more rigorous look. :) [0] https://bugzilla.mozilla.org/show_bug.cgi?id=1285179
Flags: needinfo?(dmaher) → needinfo?(chartjes)
After fixes implemented by :phrawzty I did the following: 1. Updated an existing certificate using the blocklist tools at https://addons.allizom.org/en-US/admin/models/blocklist/blocklistissuercert/ 2. Verified my changes were correctly saved 3. Got :phrawzty to manually trigger the xml2kinto tool process the blocklist XML file and insert it into Kinto 4. Verified my changes are present on staging by looking at https://kinto.stage.mozaws.net/v1/buckets/blocklists/collections/certificates/records 5. Verified that no certificates hand been flagged as needing to be signed by looking at https://kinto.stage.mozaws.net/v1/buckets/blocklists/collections/certificates 6. Ran scripts/validate_signature.py available in Kinto/kinto-signer and checked out to tag 3c323a22f09445e84f1c8618c1543d642b9bbb23 which works with the code checked out on staging 7. Script verified that the current signature is OK QA approves this version of Kinto and gives approval for same code to be pushed into production.
Flags: needinfo?(chartjes)
Status: REOPENED → RESOLVED
Closed: 8 years ago8 years ago
Resolution: --- → FIXED
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.