Closed Bug 572408 Opened 14 years ago Closed 13 years ago

Allow developers to use staging environment

Categories

(Release Engineering :: General, defect, P5)

Product:
Release Engineering
Component:
General
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: rail, Assigned: rail)

References

Details

We should allow developers to use releng staging environment (master and slaves). 

Some thoughts.

* SSH access may be managed by authorozed_keys file. Not sure if we can use 2 files (one for releng, one for others), we can pre-process 2 files and dump them to authorized_keys

* VNC server may be set up with disabled auth (passwordless). Only hosts from staging should be allowed to access VNC. Developers should use SSH tunnel or a  jump host.

* Production SSH private keys should be removed from the slaves.

* Public SSH keys of the developers requested for staging access may be managed by Puppet for the slaves (requires reboot), or by crontab entry which dumps ssh public keys from LDAP for users listed somewhere (HTTP? HG?).

Ideas are welcome.
If we do this I think it would be prudent to put these hosts in a different network. We often have cases where production keys are on staging slaves, and giving various people the ability to hit production systems would be very bad.
Some notes regarding Windows VNC password management.

VNC password on Windows may be managed using the following scenario:

1. On a Linux machine ("centralized password storage"):
 1.1 Generate a temporary file with encrypted VNC password using vncpasswd(1):
  ----
  #!/bin/bash
  # Usage: $0 password file
  echo -e "$1\n$1" | ./vncpasswd $2
  ----

  (We may want to rewrite vncpasswd(1) in Python (requires pycrypto) and avoid this step)

 1.2 Use the temporary file and generate a registry file:
  ----
  #!/usr/bin/env python
  import sys
  line = open(sys.argv[1]).readline().strip()
  print "Windows Registry Editor Version 5.00"
  print
  print "[HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4]"
  print '"Password"=hex:' + ','.join([hex(ord(x))[2:] for x in line])
 ----
 
 1.3 The target windows host downloads the registry file (using scheduled tasks) and imports it (no service restart required):
  regedit /s vncpassword.reg
Another approach which can be implemented very soon.

0. We should use a separate network for staging. It may be accessed from any VPN (MV, MPT, Build).

1. Mac/Linux staging slaves authorize people using public SSH keys. staging/authorized_keys2 will be generated using production/authorized_keys2+dev's ssh key. Generated staging/authorized_keys2 will be put on Puppet file server and distributed among the staging slaves running Puppet client as a daemon. IIRC, daemonized puppetd syncs every 30 minutes.

2. Staging master(s) should be also managed by Puppet and use the same generated authorized_keys2 files.

3. Windows VNC should avoid using passwords and use IP based authorization. In this case we don't need any password tracking system (or bug). We will allow all IP addresses of staging build network and Build VPN to connect here. Devs should use SSH tunneling for accessing VNC.

If this scenario works, the only tool need to be develop is a very simple script which concatenates 2 files and puts them to the right places plus some changes to Puppet manifests.
Depends on: 569567
OS: Linux → All
Priority: P2 → P4
Hardware: x86 → All
Whiteboard: [buildslaves] → [buildslaves][q3goal]
Priority: P4 → P5
Whiteboard: [buildslaves][q3goal] → [triagefollowup]
We can loan slaves out pretty trivially now to developers. Is that sufficient to close this bug as WONTFIX?
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WONTFIX
Whiteboard: [triagefollowup]
Seems like a dup of bug 547908, which is more than just slaves (developers were considering helping with buildbot configs/custom patches but would need to test).
Product: mozilla.org → Release Engineering
You need to log in before you can comment on or make changes to this bug.