Open
Bug 1368961
Opened 7 years ago
Updated 1 year ago
Add support for requesting a One Click Loaner for Windows via Treeherder
Categories
(Taskcluster :: Workers, enhancement)
Taskcluster
Workers
Tracking
(Not tracked)
NEW
People
(Reporter: whimboo, Unassigned)
References
Details
Similar to the One Click Loaner for Linux we should add support to have the same for Windows. Right now the task would have to manually be setup: https://wiki.mozilla.org/ReleaseEngineering/How_To/Self_Provision_a_TaskCluster_Windows_Instance
|
||
Comment 1•7 years ago
|
||
Greg and I were toying with the idea of generating a keypair in the browser when clicking the loaner button, then having the loaner machine use the public key to create an encrypted artifact which the frontend knows how to look for. That would require the ability to write out an artifact while a task is still running, which might require taskcluserProxy support.. Still, it would nicely side-step the need for GPG and email.
|
||
Comment 2•7 years ago
|
||
Note, the newer version of generic-worker performs a Real Windows Login(TM) as a task user (i.e. a full winlogon login rather than just running a process as a different user with a different desktop under an existing login session). This means that we might be able to improve the one-click-loaner strategy once generic worker 10 is rolled out to all our platforms. For example, allow them to log into the existing running task, rather than needing to shutdown the worker and reboot etc. Not sure if this is useful or not? It would mean we wouldn't necessarily need to "clean" the machine first, since the only access the user would have to the machine would be the same access that the task user has, which is already locked down. Anything they would be able to do interactively, they would also be able to do via a task, so the loan itself shouldn't expose any more security risk than a regular task.
|
|
||
Updated•6 years ago
|
Assignee: nobody → pmoore
|
|
||
Comment 3•6 years ago
|
||
(In reply to Dustin J. Mitchell [:dustin] from comment #1) > Greg and I were toying with the idea of generating a keypair in the browser > when clicking the loaner button, then having the loaner machine use the > public key to create an encrypted artifact which the frontend knows how to > look for. > > That would require the ability to write out an artifact while a task is > still running, which might require taskcluserProxy support.. > > Still, it would nicely side-step the need for GPG and email. This is now handled by bug 1436002 (users can generate artifacts that only they (and superadmins) can view) and bug 1172273 which enables you to request that a task writes out rdp connection information to a task artifact during the task initialisation. Combining these two things, you can securely get scope-guarded rdp credentials to a running task. The remaining parts of this bug will be upgrading gecko workers to use the updated worker, and wiring the task creator and task inspector up with the new features to make treeherder and taskcluster tools integration with the generic-worker interactive feature, and updating gecko to have a similar wizard script that we have for linux mozharness tasks.
|
|
||
Comment 4•6 years ago
|
||
Note, interactive loaners are possible via: https://wiki.mozilla.org/ReleaseEngineering/How_To/Self_Provision_a_TaskCluster_Windows_Instance#For_generic-worker_10.5.0_onwards There is still some work to be done to integrate this with taskcluster/treeherder web ui to make it simpler and less manual, but for people who wish to have an interactive loaner, following these steps will achieve this.
|
||
Comment 5•6 years ago
|
||
(In reply to Pete Moore [:pmoore][:pete] from comment #4) > There is still some work to be done to integrate this with > taskcluster/treeherder web ui to make it simpler and less manual, but for > people who wish to have an interactive loaner, following these steps will > achieve this. Pete: is this work for you to do, or should it be re-assigned or a follow-up bug filed for the integration work? We've recently discussed doing this with an action task which could conceivably be written by anyone.
|
|
||
Updated•6 years ago
|
Flags: needinfo?(pmoore)
|
|
||
Comment 6•6 years ago
|
||
If this can be done via actions, great. I'm happy for someone else to take it.
Assignee: pmoore → nobody
Flags: needinfo?(pmoore) → needinfo?(coop)
|
|
||
Updated•5 years ago
|
Severity: normal → enhancement
|
Assignee | |
Updated•5 years ago
|
Component: Integration → Services
|
|
||
Comment 8•5 years ago
|
||
(In reply to Chris Cooper [:coop] pronoun: he from comment #7)
OK, I may get Hassan or Irene to tackle this in Q1.
Is this something we can prioritise? It would allow a seamless one-click-loaner experience for Windows too. The worker has supported interactive tasks for over a year, we miss only the front end integration. Thanks!
Flags: needinfo?(coop)
|
|
||
Comment 9•5 years ago
|
||
I can have Hassan look at this once he's done with third-party logins. That likely means end of September.
Flags: needinfo?(coop)
|
|
||
Updated•3 years ago
|
Component: Services → Workers
| Comment hidden (spam) |
You need to log in
before you can comment on or make changes to this bug.
Description
•