Closed
Bug 678804
Opened 13 years ago
Closed 11 years ago
Audit ssh keys on slaves
Categories
(Infrastructure & Operations Graveyard :: CIDuty, task, P3)
Infrastructure & Operations Graveyard
CIDuty
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 792836
People
(Reporter: rail, Unassigned)
Details
(Whiteboard: [buildslaves])
During 6.0 build I hit a problem when xrbld key was missing on the slave. We need: 1) make sure that every slave has the same keys 2) audit chmod and chown of keys (some of the keys are owned by cltbl:games) 3) manage the keys by puppet or slavealloc (so we can easily move slaves from production to staging) Ideas are welcome.
Comment 1•13 years ago
|
||
(In reply to Rail Aliiev [:rail] from comment #0) > During 6.0 build I hit a problem when xrbld key was missing on the slave. We > need: > > 1) make sure that every slave has the same keys > 2) audit chmod and chown of keys (some of the keys are owned by cltbl:games) > 3) manage the keys by puppet or slavealloc (so we can easily move slaves > from production to staging) > > Ideas are welcome. I think using the same system that understands where the slave should go is a great choice for deciding which keys to install. I am not sure how much of a security risk it is, since slavealloc is essentially serving up a python script which gets run on the slave, which has access to the upload keys. If we don't want to actually serve the keys through slavealloc, we could have it run a script to validate that the keys have the correct permissions and do a checksum to make sure its the right key.
Priority: -- → P3
Comment 2•13 years ago
|
||
Bug 624622 is about using puppet to make sure slaves have the correct keys installed.
Assignee | ||
Updated•11 years ago
|
Product: mozilla.org → Release Engineering
Comment 3•11 years ago
|
||
Found in triage. As this is about multiple machines, I *think* this belongs in PlatformSupport.
Component: Other → Platform Support
Comment 4•11 years ago
|
||
bug 792836 is in progress and addressing this.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Assignee | ||
Updated•6 years ago
|
Component: Platform Support → Buildduty
Product: Release Engineering → Infrastructure & Operations
Updated•4 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•