Closed Bug 1595338 Opened 6 years ago Closed 4 years ago

Make sure all generic-worker workers have scope auth:sentry:<some-project>

Categories

(Release Engineering :: Firefox-CI Administration, defect)

Product:
Release Engineering
Component:
Firefox-CI Administration
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INACTIVE

People

(Reporter: pmoore, Unassigned)

Details

Generic-worker has a setting for reporting crashes to sentry:

          sentryProject                     The project name used in https://sentry.io for
                                            reporting worker crashes. Permission to publish
                                            crash reports is granted via the scope
                                            auth:sentry:<sentryProject>. If the taskcluster
                                            client (see clientId property above) does not
                                            posses this scope, no crash reports will be sent.
                                            Similarly, if this property is not specified or
                                            is the empty string, no reports will be sent.

In order for this to work:

  • The client that runs the worker needs to have scope auth:sentry:<sentryProject>
  • The generic-worker config file needs to have the correct sentryProject setting

I would propose that firefox-ci cluster uses its own sentryProject for all generic-worker workers. Perhaps "firefox-ci-generic-worker" or similar.

Please note, not only worker pools need to have the scope, clients for manually configured workers (e.g. NSS mac workers) should also have the scope. NSS mac workers are not the only manually configured workers, just an example. So a thorough audit of the clients should highlight others that will need it.

So to summarise, this is potentially a two part change:

  1. Update worker configs either via ci-admin/ci-configuration changes to worker pool definitions for provisioned workers, or editing generic-worker.config files on manually provisioned / puppet provisioned workers etc, to have sentryProject correctly set
  2. Update roles/clients in firefox ci using ci-admin/ci-configuration to ensure all generic-worker workers, dynamically provisioned or not, get the required scope to report to the sentry project(s) that is/are to be used.

Many thanks!

Found in triaging.
@pete: is this request still valid?

Flags: needinfo?(pmoore)

The scope is still needed for workers to be able to report to sentry, but Tom may have a better idea if that scope is granted in the firefox cluster to all workers, and whether sentry reporting is desired in production and whether there are people actively monitoring it to track crashes and failures.

Flags: needinfo?(pmoore) → needinfo?(mozilla)

Not actively working on this at the moment.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → INACTIVE
Flags: needinfo?(mozilla)
QA Contact: mtabara
You need to log in before you can comment on or make changes to this bug.