Closed Bug 371816 Opened 13 years ago Closed 13 years ago

tinderbox client: make the users/keys configurable for connecting to different services (stage/symbols/AUS)

Categories

(Infrastructure & Operations :: RelOps: General, task, P3, major)

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: coop, Assigned: mrz)

References

Details

Attachments

(1 file)

The tinderbox scripts currently make some assumptions about which users/keys are used to connect to the various services, e.g. aus key used to connect to AUS server for uploading updates, connecting to stage as cltbld. etc.

As we open up these services up to community tinderboxes, we will need to add some configuration options for which keys to use for each service. In every case, it *should* be the same build key used for CVS access, but this key will be different per product, hence the need for the new config options.

The first step will be to audit the existing tinderbox code to see where these changes need to be made. Searching for 'cltbld' would be a good first step.
Blocks: 365662
Depends on: 373373
Assignee: build → ccooper
Status: NEW → ASSIGNED
Attachment #258456 - Flags: review?(preed)
Comment on attachment 258456 [details] [diff] [review]
Only use the aus key for cltbld; use $ssh_user rather than cltbld

This looks fine; should we (for now) make an entry in tinder-defualts.pl for ssh_user to be cltbld, to ease the transition here (so we don't have to modify all the tinder configs right now).
Attachment #258456 - Flags: review?(preed) → review+
(In reply to comment #2)
> This looks fine; should we (for now) make an entry in tinder-defualts.pl for
> ssh_user to be cltbld, to ease the transition here (so we don't have to modify
> all the tinder configs right now).

cltbld is already in tinder-defaults.pl as the default ssh_user.

Checking in post-mozilla-rel.pl;
/cvsroot/mozilla/tools/tinderbox/post-mozilla-rel.pl,v  <--  post-mozilla-rel.pl
new revision: 1.117; previous revision: 1.116
done
There's still one more section in post-mozilla-rel.pl that references cltbld explicitly, but it concerns talkback so we'll need resolution on bug 373373 before we can proceed here.
Priority: -- → P3
caminobld@cb-xserve01 bash$ ssh aus2-staging.mozilla.org
ssh: connect to host aus2-staging.mozilla.org port 22: Connection refused

aus2-staging.mozilla.org is not accepting connections from the new community build users: calbld, caminobld, and seabld. Can someone please add those keys to that box?
Assignee: ccooper → server-ops
Status: ASSIGNED → NEW
Component: Tinderbox Configuration → Server Operations: Tinderbox Maintenance
QA Contact: ccooper → justin
(In reply to comment #5)
> caminobld@cb-xserve01 bash$ ssh aus2-staging.mozilla.org
> ssh: connect to host aus2-staging.mozilla.org port 22: Connection refused

caminobld@cb-xserve01 bash$ ssh -v aus2-staging.mozilla.org
...
debug1: Connecting to aus2-staging.mozilla.org [63.245.209.62] port 22.
debug1: connect to address 63.245.209.62 port 22: Connection refused
ssh: connect to host aus2-staging.mozilla.org port 22: Connection refused

The above makes me think this isn't an issue of the key not being on aus2-staging, but that a firewall is blocking connections to port 22 from the network that cb-xserve01 is on. If the connection was actually making it through, you would see an error about publickey if the key really wasn't added.

Over to mrz to deal with firewall.

Please send this back to me when the firewall issue is fixed, as I do see a couple of things that need to be fixed related to aus2-staging.
Assignee: server-ops → mrz
Not sure what the goal here is but aus2-staging is fronted by the Netscaler and isn't passing ssh through.

How are other hosts doing this?
Assignee: mrz → preed
When we migrated aus2-staging we purposely disabled inbound SSH connections from anywhere outside the firewall. 

Now we've got this confusion where aus2-staging points to the netscaler and a different staging box in external DNS, but internal DNS points to dm-ausstage01.
Assignee: preed → mrz
I have this setup through the Netscaler.  63.245.209.62:22 is accessible -only- from the community build network (63.245.210.0...) and not open to the world.  If that's an incorrect assumption, re-open this.

- mz
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
For todays build no longer the "Connection refused" error is shown in logs. But access still fails:
    Pushing third-gen update info...
    ssh  calbld@aus2-staging.mozilla.org mkdir -p /opt/aus2/build/0/
         Sunbird/branch/WINNT_x86-msvc/2007080306/en-US
    Host key verification failed.
<http://tinderbox.mozilla.org/showlog.cgi?log=Sunbird-Mozilla1.8/1186146600.24514.gz>
Component: Server Operations: RelEng → RelOps
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.