Closed
Bug 694300
Opened 13 years ago
Closed 13 years ago
puppet manifests for signing machine
Categories
(Release Engineering :: General, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: catlee, Assigned: bhearsum)
References
()
Details
(Whiteboard: [puppet][signing])
Attachments
(1 file)
19.91 KB,
patch
|
catlee
:
review+
bhearsum
:
checked-in+
|
Details | Diff | Splinter Review |
No description provided.
Assignee | ||
Updated•13 years ago
|
Assignee | ||
Comment 2•13 years ago
|
||
Here's what I think are the final version of the puppet manifests for the signing servers. Overview: * Creates dep and nightly signing server instances for each signing server machine * Each signing server instance has all non-secret things that it needs to run: binaries, test mars, config files, etc. Secrets need to be copied in by hand. * I changed the mozilla repositories package to use _exclusively_ internal repositories. The masters and other machines that pick up this will make this change, too. This is a good thing, IMHO. * I fixed a couple of bugs in the manifests pertaining to nrpe I did tests of this extensive on signing1 and signing2. I got to the point where no changes would be made to the existing instances on signing1 (running with --noop). On signing2, I was able to bring up new instances from scratch with the only manual intervention being copying in the secrets. I did a quick --noop test on buildbot-master08, too - the only changes being made to it were the yum repos.
Attachment #579353 -
Flags: review?(catlee)
Reporter | ||
Comment 3•13 years ago
|
||
Comment on attachment 579353 [details] [diff] [review] puppet manifests for signing server Review of attachment 579353 [details] [diff] [review]: ----------------------------------------------------------------- r+ with nits, and verification that the File/Exec clauses in instance.pp don't apply globally. ::: buildmaster-production.pp @@ +206,5 @@ > +} > + > +node "signing1" inherits "masternode" { > + include releng::master > + # use LDAP and SSH keys for user-specific logins this comment doesn't apply any more @@ +212,5 @@ > +} > + > +node "signing2" inherits "masternode" { > + include releng::master > + # use LDAP and SSH keys for user-specific logins same here ::: modules/signingserver/manifests/instance.pp @@ +46,5 @@ > + owner => $user > + } > + Exec { > + user => $user > + } are the effects of these limited to just this define? ::: modules/signingserver/templates/iptables.erb @@ +1,1 @@ > +# Generated by iptables-save v1.3.5 on Thu Oct 13 07:13:46 2011 Remove this and add our regular "#### This file is under configuration management" boilerplate @@ +13,5 @@ > +<% signing_server_ports.each do |port| -%> > +-A INPUT -p tcp -m tcp --dport <%= port %> -j ACCEPT > +<% end -%> > +COMMIT > +# Completed on Thu Oct 13 07:13:46 2011 this can go too
Attachment #579353 -
Flags: review?(catlee) → review+
Assignee | ||
Updated•13 years ago
|
Attachment #579353 -
Flags: checked-in+
Assignee | ||
Comment 4•13 years ago
|
||
This landed almost cleanly. I needed one follow-up fix to correct a duplicated definition on buildapi01: http://hg.mozilla.org/build/puppet-manifests/rev/1ebdea4cbc61 Leaving this bug open for adjustments due to daemonization of the signing server.
Assignee | ||
Comment 5•13 years ago
|
||
Turns out we didn't really need any adjustments for the daemonized version. I did land a change to adjust the max_token_age though: http://hg.mozilla.org/build/puppet-manifests/rev/ccdc32e78fed
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Updated•11 years ago
|
Product: mozilla.org → Release Engineering
You need to log in
before you can comment on or make changes to this bug.
Description
•