To support the automated BYOB signing process I'm creating I will need a linux server to run an install of the RelEng signing service. This is not going to be living in the Build network but in whatever network the current BYOB processes live. We have puppet scripts to install the signing service on a RelEng server so that information can be used as a starting point in creating the puppet manifest for this instance. This server will need to be reachable via https by a set of servers that will be running the byob-repack-signing daemons that I'm also creating.
This will look like the signingN servers in the build network, which are on KVM: Hardware: - VCPUs: 2 - memory: 4096MiB Disks: - disk/0: drbd8, size 200.0G However, this should be a "regular" VMWare VM with RHEL on it, run by infra puppet. Once the base system is in, I can work with Bear to build the puppet manifests. Hostname will be byob-linux-signing1, in the dmz VLAN (for now - we can move if necessary) in scl3. Since bugs like this often get confused: * NOT on the build network * NOT on KVM * NOT a Server Ops: Release bug
Component: Server Operations → Server Operations: Virtualization
QA Contact: phong → dparsons
Dan, let's plan to have this in place a bit in advance of April 9? We'll be moving byob-keymaster1 at the same time (bug 726707), and I'll have a bug for that process shortly.
Does this VM really need 4GB RAM, 2 CPUs and 200GB disk?
It's signing a lot of big binaries - it's very resource-intensive. In fact, these specs are based on one of the machines that thrashed the heck out of the scl1 Ganeti cluster earlier this week.
The VM has been created. It's being puppetized right now and should be done within 15 minutes. byob-linux-signing1.dmz.scl3.mozilla.com
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Bear, let me know when you want to put heads together to work on the puppet manifests for this.
Assignee: dparsons → bear
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.