Closed Bug 581030 Opened 14 years ago Closed 14 years ago

sync ~/.ssh/config and ~/.ssh/known_hosts on build slaves

Categories

(Release Engineering :: General, defect, P5)

Product:
Release Engineering
Component:
General
Platform:
x86
All
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: lsblakk, Unassigned)

References

Details

(Whiteboard: [puppet][buildslaves][opsi])

Attachments

(1 file)

sync ssh config and known_hosts for 32-bit linux
1.12 KB, patch
coop
: review+
bhearsum
: checked-in+
Details | Diff | Splinter Review 
Because of the shadow-central repo, we need:

Host hgpvt.mozilla.org
IdentityFile /home/cltbld/.ssh/ffxbld_dsa
User ffxbld

to be added (or created) in ~/.ssh/config for our build slave pool.

At the moment I have manually updated most of the linux moz2 slaves (some of them don't allow for the creation of ~/.ssh/config)

We'll need to make sure that all current and future build slaves have this.
Let's find out what the correct contents of this file should be on each platform and sync the entire file with Puppet/OPSI. Appending to an existing file is asking for trouble. Ref platforms will be updated by this as well, we'll just need IT to take new images.
(In reply to comment #0)
> At the moment I have manually updated most of the linux moz2 slaves (some of
> them don't allow for the creation of ~/.ssh/config)

Which slaves have been updated? Which haven't?

What do you mean by "some don't allow for the creation of ~/.ssh/config"?
Updated linux moz2 slaves (01-50) and ix (01-23) except:
    moz2-linux-slave18,19,41,42,44,45,46,47,48,49,50 had no ~/.ssh/config -- can't create one (won't write the file even though .ssh is cltbld owned)
I don't think the directory is owned by cltbld:
[cltbld@moz2-linux-slave18 ~]$ ls -ld /home/cltbld/.ssh
drwxr-xr-x 2 root root 4096 Mar 27  2009 /home/cltbld/.ssh


Please update the rest of these slaves; consistency within the pool is important.
I updated the slaves mentioned in comment 3 with:

IdentityFile /home/cltbld/.ssh/id_dsa
Host cvs.mozilla.org
IdentityFile /home/cltbld/.ssh/cvs
User stgbld
Host hgpvt.mozilla.org
IdentityFile /home/cltbld/.ssh/ffxbld_dsa
User ffxbld

in /home/cltbld/.ssh/config to match the other linux slaves
Summary: Puppet/OPSI/Ref image updates for ~/.ssh/config on moz2 build slaves → sync ~/.ssh/config and ~/.ssh/known_hosts to build slaves
Assignee: nobody → bhearsum
A few things of note:
* This patch will update try machines too, which currently have no ssh config and a different known_hosts. I've tested by hand on a try machine and it causes no ill effects.
* Staging will get an ~/.ssh/config that tries to use the stage-ffxbld key on hgpvt.mozilla.org. This will fail, but I suspect that we'll need to enable it. known_hosts here knows about hgpvt.mozilla.org as well.
Attachment #459829 - Flags: review?(ccooper)
Attachment #459829 - Flags: review?(ccooper) → review+
Comment on attachment 459829 [details] [diff] [review]
sync ssh config and known_hosts for 32-bit linux

changeset:   221:f08b27b060a1

production and staging puppet have been updated.
Attachment #459829 - Flags: checked-in+
Back to the pool
Assignee: bhearsum → nobody
Priority: P2 → --
Looks like related to this bug. known_hosts file has gone from at least moz2-linux-slave03 (staging build slave). FYI.
(In reply to comment #9)
> Looks like related to this bug. known_hosts file has gone from at least
> moz2-linux-slave03 (staging build slave). FYI.

Weird. When I logged on and ran "puppetd --test --server staging-puppet.build.mozilla.org --noop" it told me it was going to sync out a copy of known_hosts -- one which had staging-stage in it, so I presume it would be correct.

Puppet isn't set to run at boot right now, which I'm guessing is John's doing.
(In reply to comment #10) 
> Puppet isn't set to run at boot right now, which I'm guessing is John's doing.

if that is me, I am almost certain that I didn't do that.
What is left to be done in here?
(In reply to comment #12)
> What is left to be done in here?

Everything except 32bit linux, preferably via puppet/OPSI. That's the only platform that's been touched so far.

Probably want to audit existing configs and known_hosts to make sure we're not relying on anything unexpected anywhere.
Mac (10.5 + 10.6), Windows, and Linux 64-bit machines all need similar changes done.
Priority: -- → P5
(In reply to comment #12)
> What is left to be done in here?

(In reply to comment #13)
> (In reply to comment #12)
> > What is left to be done in here?
> 
> Everything except 32bit linux, preferably via puppet/OPSI. That's the only
> platform that's been touched so far.
> 
> Probably want to audit existing configs and known_hosts to make sure we're not
> relying on anything unexpected anywhere.

(In reply to comment #14)
> Mac (10.5 + 10.6), Windows, and Linux 64-bit machines all need similar changes
> done.

Is this accurate summary of what is handled by puppet?

done: linux32
todo: linux64, mac32, mac64, win32, win64


Morphing summary to match.
Summary: sync ~/.ssh/config and ~/.ssh/known_hosts to build slaves → write puppet package to sync ~/.ssh/config and ~/.ssh/known_hosts to build slaves
I'm actually getting some of this work done in bug 463113
Depends on: 463113
Summary: write puppet package to sync ~/.ssh/config and ~/.ssh/known_hosts to build slaves → sync ~/.ssh/config and ~/.ssh/known_hosts on build slaves
just a heads up that the build.mozilla.org host should be in the try slave's known_hosts file.
afaict this is now fixed thanks to the work in bug 463113. closing.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Product: mozilla.org → Release Engineering
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: