Closed
Bug 581030
Opened 14 years ago
Closed 14 years ago
sync ~/.ssh/config and ~/.ssh/known_hosts on build slaves
Categories
(Release Engineering :: General, defect, P5)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: lsblakk, Unassigned)
References
Details
(Whiteboard: [puppet][buildslaves][opsi])
Attachments
(1 file)
1.12 KB,
patch
|
coop
:
review+
bhearsum
:
checked-in+
|
Details | Diff | Splinter Review |
Because of the shadow-central repo, we need: Host hgpvt.mozilla.org IdentityFile /home/cltbld/.ssh/ffxbld_dsa User ffxbld to be added (or created) in ~/.ssh/config for our build slave pool. At the moment I have manually updated most of the linux moz2 slaves (some of them don't allow for the creation of ~/.ssh/config) We'll need to make sure that all current and future build slaves have this.
Comment 1•14 years ago
|
||
Let's find out what the correct contents of this file should be on each platform and sync the entire file with Puppet/OPSI. Appending to an existing file is asking for trouble. Ref platforms will be updated by this as well, we'll just need IT to take new images.
Comment 2•14 years ago
|
||
(In reply to comment #0) > At the moment I have manually updated most of the linux moz2 slaves (some of > them don't allow for the creation of ~/.ssh/config) Which slaves have been updated? Which haven't? What do you mean by "some don't allow for the creation of ~/.ssh/config"?
Reporter | ||
Comment 3•14 years ago
|
||
Updated linux moz2 slaves (01-50) and ix (01-23) except: moz2-linux-slave18,19,41,42,44,45,46,47,48,49,50 had no ~/.ssh/config -- can't create one (won't write the file even though .ssh is cltbld owned)
Comment 4•14 years ago
|
||
I don't think the directory is owned by cltbld: [cltbld@moz2-linux-slave18 ~]$ ls -ld /home/cltbld/.ssh drwxr-xr-x 2 root root 4096 Mar 27 2009 /home/cltbld/.ssh Please update the rest of these slaves; consistency within the pool is important.
Reporter | ||
Comment 5•14 years ago
|
||
I updated the slaves mentioned in comment 3 with: IdentityFile /home/cltbld/.ssh/id_dsa Host cvs.mozilla.org IdentityFile /home/cltbld/.ssh/cvs User stgbld Host hgpvt.mozilla.org IdentityFile /home/cltbld/.ssh/ffxbld_dsa User ffxbld in /home/cltbld/.ssh/config to match the other linux slaves
Updated•14 years ago
|
Summary: Puppet/OPSI/Ref image updates for ~/.ssh/config on moz2 build slaves → sync ~/.ssh/config and ~/.ssh/known_hosts to build slaves
Updated•14 years ago
|
Assignee: nobody → bhearsum
Comment 6•14 years ago
|
||
A few things of note: * This patch will update try machines too, which currently have no ssh config and a different known_hosts. I've tested by hand on a try machine and it causes no ill effects. * Staging will get an ~/.ssh/config that tries to use the stage-ffxbld key on hgpvt.mozilla.org. This will fail, but I suspect that we'll need to enable it. known_hosts here knows about hgpvt.mozilla.org as well.
Attachment #459829 -
Flags: review?(ccooper)
Updated•14 years ago
|
Attachment #459829 -
Flags: review?(ccooper) → review+
Comment 7•14 years ago
|
||
Comment on attachment 459829 [details] [diff] [review] sync ssh config and known_hosts for 32-bit linux changeset: 221:f08b27b060a1 production and staging puppet have been updated.
Attachment #459829 -
Flags: checked-in+
Comment 9•14 years ago
|
||
Looks like related to this bug. known_hosts file has gone from at least moz2-linux-slave03 (staging build slave). FYI.
Comment 10•14 years ago
|
||
(In reply to comment #9) > Looks like related to this bug. known_hosts file has gone from at least > moz2-linux-slave03 (staging build slave). FYI. Weird. When I logged on and ran "puppetd --test --server staging-puppet.build.mozilla.org --noop" it told me it was going to sync out a copy of known_hosts -- one which had staging-stage in it, so I presume it would be correct. Puppet isn't set to run at boot right now, which I'm guessing is John's doing.
Comment 11•14 years ago
|
||
(In reply to comment #10) > Puppet isn't set to run at boot right now, which I'm guessing is John's doing. if that is me, I am almost certain that I didn't do that.
Comment 12•14 years ago
|
||
What is left to be done in here?
Comment 13•14 years ago
|
||
(In reply to comment #12) > What is left to be done in here? Everything except 32bit linux, preferably via puppet/OPSI. That's the only platform that's been touched so far. Probably want to audit existing configs and known_hosts to make sure we're not relying on anything unexpected anywhere.
Comment 14•14 years ago
|
||
Mac (10.5 + 10.6), Windows, and Linux 64-bit machines all need similar changes done.
Updated•14 years ago
|
Priority: -- → P5
Comment 15•14 years ago
|
||
(In reply to comment #12) > What is left to be done in here? (In reply to comment #13) > (In reply to comment #12) > > What is left to be done in here? > > Everything except 32bit linux, preferably via puppet/OPSI. That's the only > platform that's been touched so far. > > Probably want to audit existing configs and known_hosts to make sure we're not > relying on anything unexpected anywhere. (In reply to comment #14) > Mac (10.5 + 10.6), Windows, and Linux 64-bit machines all need similar changes > done. Is this accurate summary of what is handled by puppet? done: linux32 todo: linux64, mac32, mac64, win32, win64 Morphing summary to match.
Summary: sync ~/.ssh/config and ~/.ssh/known_hosts to build slaves → write puppet package to sync ~/.ssh/config and ~/.ssh/known_hosts to build slaves
Comment 16•14 years ago
|
||
I'm actually getting some of this work done in bug 463113
Reporter | ||
Updated•14 years ago
|
Depends on: 463113
Summary: write puppet package to sync ~/.ssh/config and ~/.ssh/known_hosts to build slaves → sync ~/.ssh/config and ~/.ssh/known_hosts on build slaves
Comment 17•14 years ago
|
||
just a heads up that the build.mozilla.org host should be in the try slave's known_hosts file.
Reporter | ||
Comment 18•14 years ago
|
||
afaict this is now fixed thanks to the work in bug 463113. closing.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•11 years ago
|
Product: mozilla.org → Release Engineering
You need to log in
before you can comment on or make changes to this bug.
Description
•