Closed
Bug 1361543
Opened 7 years ago
Closed 7 years ago
please set up a new partner-repack1 in new colo
Categories
(Infrastructure & Operations :: RelOps: General, task)
Infrastructure & Operations
RelOps: General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: mozilla, Assigned: dividehex)
References
Details
We have a mac, partner-repack1.srv.releng.scl3.mozilla.com, which is needed for funnelcakes and partner repacks. It is currently - mac, darwin 11.2.0 - has access to github and signing servers - non-managed I'm thinking we should set up a bare mac, whichever OS version is supported in the new colo, and try to puppetize it to where it's working for partner-repacks and funnelcakes. Once we do, we can retire the old partner-repack1. If we determine this box is important for DR, we can set up a 2nd mac in the other colo and puppetize at that point.
|
Reporter | |
Comment 1•7 years ago
|
||
https://intranet.mozilla.org/Build:Partners:Repacks:Creation has more information about the process. Other than github and signing servers, we push to S3 and download from taskcluster and archive.m.o aiui. I may be missing something.
|
||
Comment 2•7 years ago
|
||
aki: what kind of information is on this machine? I'm wondering if it should be in the test vlan (which is considered less secure because we give out loaners), or on the same network as the signing servers (which should only be machines with very sensitive information), or..? :dividehex: You want to take this opportunity to show dhouse how to deploy a mini in mdc1 and just puppetize it with the base OS X server stuff? This isn't time critical at the moment since we still have scl3, but we should make sure it's done before we move mdc1.
Flags: needinfo?(jwatkins)
|
|
Reporter | |
Comment 3•7 years ago
|
||
(In reply to Amy Rich [:arr] [:arich] from comment #2) > aki: what kind of information is on this machine? I'm wondering if it should > be in the test vlan (which is considered less secure because we give out > loaners), or on the same network as the signing servers (which should only > be machines with very sensitive information), or..? It has S3 and ssh keys that have access to push to our release buckets, and it stores release [ip-constrained, time-constrained] signing tokens on disk while we're working, so I'd say the latter makes more sense than the former.
|
Assignee | |
Comment 4•7 years ago
|
||
++ to getting partner-repack1 under puppet management! :arr, I'd be happy to show :dhouse how to get a mini imaged and puppetized with deploystudio. We will need to figure out where to get the hardware from first and have it racked in mcd1.
Flags: needinfo?(jwatkins)
|
|
Assignee | |
Updated•7 years ago
|
Assignee: relops → jwatkins
|
|
Assignee | |
Comment 5•7 years ago
|
||
I've reallocated a r5 mac mini from the old casper hosts in scl3. It has been moved to mdc1, reimaged and puppetized under toplevel::server. fqdn: partner-repack-1.srv.releng.mdc1.mozilla.com :aki, were you intending to do the puppet work get partner-repack fully under puppet management?
Flags: needinfo?(aki)
|
|
Reporter | |
Comment 6•7 years ago
|
||
Thanks! I'm able to ssh in. I can either do it or find another owner.
Flags: needinfo?(aki)
|
|
Reporter | |
Comment 7•7 years ago
|
||
I filed bug 1369572 for the puppetification; I think we can resolve this bug.
|
|
Assignee | |
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•