Closed
Bug 371816
Opened 18 years ago
Closed 18 years ago
tinderbox client: make the users/keys configurable for connecting to different services (stage/symbols/AUS)
Categories
(Infrastructure & Operations :: RelOps: General, task, P3)
Infrastructure & Operations
RelOps: General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: coop, Assigned: mrz)
References
Details
Attachments
(1 file)
|
1.31 KB,
patch
|
preed
:
review+
|
Details | Diff | Splinter Review |
The tinderbox scripts currently make some assumptions about which users/keys are used to connect to the various services, e.g. aus key used to connect to AUS server for uploading updates, connecting to stage as cltbld. etc.
As we open up these services up to community tinderboxes, we will need to add some configuration options for which keys to use for each service. In every case, it *should* be the same build key used for CVS access, but this key will be different per product, hence the need for the new config options.
The first step will be to audit the existing tinderbox code to see where these changes need to be made. Searching for 'cltbld' would be a good first step.
|
Reporter | |
Comment 1•18 years ago
|
||
|
||
Comment 2•18 years ago
|
||
Comment on attachment 258456 [details] [diff] [review]
Only use the aus key for cltbld; use $ssh_user rather than cltbld
This looks fine; should we (for now) make an entry in tinder-defualts.pl for ssh_user to be cltbld, to ease the transition here (so we don't have to modify all the tinder configs right now).
Attachment #258456 -
Flags: review?(preed) → review+
|
|
Reporter | |
Comment 3•18 years ago
|
||
(In reply to comment #2)
> This looks fine; should we (for now) make an entry in tinder-defualts.pl for
> ssh_user to be cltbld, to ease the transition here (so we don't have to modify
> all the tinder configs right now).
cltbld is already in tinder-defaults.pl as the default ssh_user.
Checking in post-mozilla-rel.pl;
/cvsroot/mozilla/tools/tinderbox/post-mozilla-rel.pl,v <-- post-mozilla-rel.pl
new revision: 1.117; previous revision: 1.116
done
|
|
Reporter | |
Comment 4•18 years ago
|
||
There's still one more section in post-mozilla-rel.pl that references cltbld explicitly, but it concerns talkback so we'll need resolution on bug 373373 before we can proceed here.
|
|
Reporter | |
Updated•18 years ago
|
Priority: -- → P3
|
|
Reporter | |
Comment 5•18 years ago
|
||
caminobld@cb-xserve01 bash$ ssh aus2-staging.mozilla.org
ssh: connect to host aus2-staging.mozilla.org port 22: Connection refused
aus2-staging.mozilla.org is not accepting connections from the new community build users: calbld, caminobld, and seabld. Can someone please add those keys to that box?
Assignee: ccooper → server-ops
Status: ASSIGNED → NEW
Component: Tinderbox Configuration → Server Operations: Tinderbox Maintenance
QA Contact: ccooper → justin
|
||
Comment 6•18 years ago
|
||
(In reply to comment #5)
> caminobld@cb-xserve01 bash$ ssh aus2-staging.mozilla.org
> ssh: connect to host aus2-staging.mozilla.org port 22: Connection refused
caminobld@cb-xserve01 bash$ ssh -v aus2-staging.mozilla.org
...
debug1: Connecting to aus2-staging.mozilla.org [63.245.209.62] port 22.
debug1: connect to address 63.245.209.62 port 22: Connection refused
ssh: connect to host aus2-staging.mozilla.org port 22: Connection refused
The above makes me think this isn't an issue of the key not being on aus2-staging, but that a firewall is blocking connections to port 22 from the network that cb-xserve01 is on. If the connection was actually making it through, you would see an error about publickey if the key really wasn't added.
Over to mrz to deal with firewall.
Please send this back to me when the firewall issue is fixed, as I do see a couple of things that need to be fixed related to aus2-staging.
Assignee: server-ops → mrz
|
Assignee | |
Comment 7•18 years ago
|
||
Not sure what the goal here is but aus2-staging is fronted by the Netscaler and isn't passing ssh through.
How are other hosts doing this?
Assignee: mrz → preed
|
||
Comment 8•18 years ago
|
||
When we migrated aus2-staging we purposely disabled inbound SSH connections from anywhere outside the firewall.
Now we've got this confusion where aus2-staging points to the netscaler and a different staging box in external DNS, but internal DNS points to dm-ausstage01.
|
|
Assignee | |
Updated•18 years ago
|
Assignee: preed → mrz
|
|
Assignee | |
Comment 9•18 years ago
|
||
I have this setup through the Netscaler. 63.245.209.62:22 is accessible -only- from the community build network (63.245.210.0...) and not open to the world. If that's an incorrect assumption, re-open this.
- mz
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
|
||
Comment 10•18 years ago
|
||
For todays build no longer the "Connection refused" error is shown in logs. But access still fails:
Pushing third-gen update info...
ssh calbld@aus2-staging.mozilla.org mkdir -p /opt/aus2/build/0/
Sunbird/branch/WINNT_x86-msvc/2007080306/en-US
Host key verification failed.
<http://tinderbox.mozilla.org/showlog.cgi?log=Sunbird-Mozilla1.8/1186146600.24514.gz>
|
||
Updated•12 years ago
|
Component: Server Operations: RelEng → RelOps
Product: mozilla.org → Infrastructure & Operations
You need to log in
before you can comment on or make changes to this bug.
Description
•