Closed
Bug 1275869
Opened 9 years ago
Closed 8 years ago
Please deploy kinto-dist 0.5.0 to stage
Categories
(Cloud Services :: Operations: Deployment Requests - DEPRECATED, task)
Cloud Services
Operations: Deployment Requests - DEPRECATED
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: dmaher, Assigned: dmaher)
References
Details
+++ This bug was initially created as a clone of Bug #1273469 +++
Please deploy kinto-dist 0.5.0 to Stage.
(Previous bug got derailed.)
Updated•9 years ago
|
Assignee: nobody → dmaher
Assignee | ||
Comment 1•9 years ago
|
||
Kinto-dist 0.5.0 has been deployed to stage, including both the Writer and read-only nodes. I also fixed a long-standing bug in our deployment process that was causing DNS-related problems (and general headaches all around), so that's nice.
Kinto CDN: settings.stage.mozaws.net
Fennec CDN: d1wakkpts9xafo.cloudfront.net
Webhead ELB: kinto.stage.mozaws.net
Writer ELB: kinto-writer.stage.mozaws.net (inaccessible from the Internet, but for the sake of completeness...)
Status: NEW → ASSIGNED
Comment 2•8 years ago
|
||
Hello Chris,
Do you have any news about that?
Are you blocked on something I can help with?
Thanks,
Rémy
Flags: needinfo?(chartjes)
Comment 3•8 years ago
|
||
I had a meeting with :jvehent and :mgoodwin on Friday to discuss some issues related to the cryptographic signing functionality and determined a test that will satisfy my questions about it. I'll follow up with an email.
Flags: needinfo?(chartjes)
Comment 4•8 years ago
|
||
QA approves deployment to stage.
Comment 5•8 years ago
|
||
I guess you mean prod, thx for the tests
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Comment 6•8 years ago
|
||
According to my team, Chris has more tests to do here after all.
Chris, please follow-up here by closing the bug once you're happy with your testing, thanks!
Status: RESOLVED → REOPENED
Flags: needinfo?(chartjes)
Resolution: FIXED → ---
Comment 7•8 years ago
|
||
Not quite finished with stage testing. Here's what I did:
* used the addons.allizom.org admin to add a new certificate to staging
* noted that the new certificate was there but had the status of 'to-sign'
* with help from :natim and :phrawzty the xml2kinto script was run, and then :natim updated https://kinto-writer.dev.mozaws.net/v1/buckets/blocklists/collections/certificates so that the certificate in the dev environment was correctly signed
* the "signing trigger" needs to be done on staging so that I can verify that signing has occurred in that environment
Flags: needinfo?(chartjes) → needinfo?(dmaher)
Assignee | ||
Comment 8•8 years ago
|
||
> * the "signing trigger" needs to be done on staging so that I can verify that signing has occurred in that environment
Due to a bug in the Kinto-Writer config template, the kinto-signer wasn't getting loaded, resulting in the errant behaviour you detected. I've since fixed the error[0] and re-deployed. Natim and I have done some basic verifications and it looks like the problem is solved; however, I would encourage QA to take a more rigorous look. :)
[0] https://bugzilla.mozilla.org/show_bug.cgi?id=1285179
Flags: needinfo?(dmaher) → needinfo?(chartjes)
Comment 9•8 years ago
|
||
After fixes implemented by :phrawzty I did the following:
1. Updated an existing certificate using the blocklist tools at https://addons.allizom.org/en-US/admin/models/blocklist/blocklistissuercert/
2. Verified my changes were correctly saved
3. Got :phrawzty to manually trigger the xml2kinto tool process the blocklist XML file and insert it into Kinto
4. Verified my changes are present on staging by looking at https://kinto.stage.mozaws.net/v1/buckets/blocklists/collections/certificates/records
5. Verified that no certificates hand been flagged as needing to be signed by looking at https://kinto.stage.mozaws.net/v1/buckets/blocklists/collections/certificates
6. Ran scripts/validate_signature.py available in Kinto/kinto-signer and checked out to tag 3c323a22f09445e84f1c8618c1543d642b9bbb23 which works with the code checked out on staging
7. Script verified that the current signature is OK
QA approves this version of Kinto and gives approval for same code to be pushed into production.
Flags: needinfo?(chartjes)
Updated•8 years ago
|
Status: REOPENED → RESOLVED
Closed: 8 years ago → 8 years ago
Resolution: --- → FIXED
Updated•8 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•