Status

P3
normal
2 years ago
3 months ago

People

(Reporter: coop, Assigned: aki)

Tracking

(Blocks: 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

Taken from https://trello.com/c/so9pit0P/10-scriptworker-provisioner: 

With mac and windows signing, aiui we have tests that require signed packages. This implies dep signing, which is good for robustness.

However, with the added load, we'll likely need a much larger pool of signing scriptworkers. When idle, it would be nice to shut down some of the idle ones. Most likely these will be on-demand instances that we just shut down and spin back up when we need, rather than spot instances we spin up on the fly.

If we are shutting these down for any real length of time, we may want to block spinning up scriptworker until puppet has run once since boot.
Priority: -- → P3
(Assignee)

Comment 1

10 months ago
Currently discussing docker images, and a pool of scriptworkers that know how to cot-verify and run those docker images. We can pass in the subset of required secrets via a mount or env vars - sops may work here, or just writing a custom script_config.json or passwords.{yml,json} or something.

For gecko, there would be a prod pool, which would have stricter checks and real secrets, and a dep pool for dep signing, staging runs, and *script tests. Releng should be able to spin up dev instances for scriptworker testing.

For the various mobile projects and Thunderbird, we'd need to determine whether we want to use the same prod pool or spin up separate pools.
Component: General Automation → General
Product: Release Engineering → Release Engineering
(Assignee)

Updated

3 months ago
Summary: Scriptworker provisioner → Autoscale scriptworkers
(Assignee)

Updated

3 months ago
Assignee: nobody → aki
You need to log in before you can comment on or make changes to this bug.