Closed Bug 734389 Opened 12 years ago Closed 12 years ago

Deploy Thunderbird keys to build machines

Categories

(Infrastructure & Operations Graveyard :: CIDuty, task, P1)

Product:
Infrastructure & Operations Graveyard
Component:
CIDuty
Platform:
x86
Linux
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jhopkins, Assigned: jhopkins)

References

Details

Attachments

(3 files, 4 obsolete files)

print list of production machines to receive thunderbird keys
4.12 KB, text/plain
Details
updated list of build slaves to copy production thunderbird keys to
5.42 KB, text/plain
bhearsum
: review+
Details
list of staging build slaves to copy tbirdbld staging key to
504 bytes, text/plain
bhearsum
: review+
Details 
We need to deploy Thunderbird SSH keys to build machines (in the Firefox pool) so we can upload completed builds.
found during triage.
Component: Release Engineering → Release Engineering: Machine Management
QA Contact: release → armenzg
Priority: -- → P1
We need to manually scp the Thunderbird key onto all the build slaves and update the ref images.
I copy/pasted the mozilla/production_config.py and mozilla-tests/production_config.py code to generate lists of build machines in the attached script.  I noticed there are only 72 matches on 'darwin' which seems low.  Can you have a look and see if I missed anything?
Assignee: nobody → jhopkins
Status: NEW → ASSIGNED
Attachment #615708 - Flags: feedback?(catlee)
Comment on attachment 615708 [details]
print list of production build machines

looks ok to me...what slaves does it output?

when you're running this, can you verify the .ssh/ffxbld_dsa exists and that .ssh/trybld_dsa does NOT exist before copying the thunderbird keys over?
Attachment #615708 - Flags: feedback?(catlee) → feedback+
Attached file print list of production machines (obsolete) — 
updated: no tegras, no talos
Attachment #615708 - Attachment is obsolete: true

        Attachment #615733 -
        Flags: review?(bhearsum)

    
    

    
  
Comment on attachment 615733 [details]
list of build slave to copy thunderbird key to

I'm told that the bld-centos6* machines don't even have Firefox keys on them, as they only do b2g builds. No need to deploy tbirdbld keys to them.

moz2-darwin9-slave01 and w64-ix-slave22 are dev/pp machines according to slavealloc, please don't deploy the production keys to them.

moz2-darwin9-slave17 is dead, apparently (bug 714812)

w64-ix-slave02 isn't in slavealloc, I'm not sure if it still exists.

Do you have a staging tbirdbld key yet? We'll need one to deploy to the dev/pp build machines & dev-stage01. That list of machines is:
linux-ix-slave03, 04, 05
linux64-ix-slave01, 02
moz2-darwin10-slave02, 03, 04, 10
moz2-darwin9-slave01, 08, 68
moz2-linux-slave03, 04, 10, 17, 51
moz2-linux64-slave07, 10
mv-moz2-linux-ix-slave01
mw32-ix-slave01, 19, 21
w32-ix-slave01
w64-ix-slave04, 05, 22, 41

        Attachment #615733 -
        Flags: review?(bhearsum)

    
    

    
  
From IRC, we need the tbirdbld staging key on all of the staging build machines, too. I think the complete list is:
linux-ix-slave03, 04, 05
linux64-ix-slave01, 02
moz2-darwin10-slave02, 03, 04, 10
moz2-darwin9-slave01, 08, 68
moz2-linux-slave03, 04, 10, 17, 51
moz2-linux64-slave07, 10
mv-moz2-linux-ix-slave01
mw32-ix-slave01, 19, 21
w32-ix-slave01
w64-ix-slave04, 05, 22, 41

    
    

    
  


  
added exceptions

        Attachment #615730 -
        Attachment is obsolete: true

    
    

    
  


  

        Attachment #615733 -
        Attachment is obsolete: true

        Attachment #615766 -
        Flags: review?(bhearsum)

    
    

    
  


  

        Attachment #615766 -
        Attachment is obsolete: true

        Attachment #615768 -
        Flags: review?(bhearsum)

        Attachment #615766 -
        Flags: review?(bhearsum)

        Attachment #615775 -
        Flags: review?(bhearsum) → review+

    
    

    
  
Comment on attachment 615768 [details]
updated list of build slaves to copy production thunderbird keys to

Almost forgot about ref images! No need to update this attachment, but the following need the keys too:
linux-ix-ref
linux64-ix-ref
moz2-darwin10-ref
win32-ix-ref

...and file a bug to get IT to take new images of them. Similar to bug 733865.

I don't know what the deal is with windows 64-bit ix machines.

        Attachment #615768 -
        Flags: review?(bhearsum) → review+

    
    

    
  
(In reply to Ben Hearsum [:bhearsum] from comment #13)
> Comment on attachment 615768 [details]
> Almost forgot about ref images! No need to update this attachment, but the
> following need the keys too:

Turns out we handle keys in different ways depending on the platform

> linux-ix-ref
> linux64-ix-ref
> moz2-darwin10-ref

These puppet-based boxes have staging keys on the ref images, presumably so they go to staging masters for proving before going into production.

> win32-ix-ref

This has production keys (except for the old cvs/cvs.pub which is staging). I don't know why win32 is treated differently. Ben ?

    
    

    
  
(In reply to Nick Thomas [:nthomas] from comment #14)
> (In reply to Ben Hearsum [:bhearsum] from comment #13)
> > Comment on attachment 615768 [details]
> > Almost forgot about ref images! No need to update this attachment, but the
> > following need the keys too:
> 
> Turns out we handle keys in different ways depending on the platform
> 
> > linux-ix-ref
> > linux64-ix-ref
> > moz2-darwin10-ref
> 
> These puppet-based boxes have staging keys on the ref images, presumably so
> they go to staging masters for proving before going into production.
> 
> > win32-ix-ref
> 
> This has production keys (except for the old cvs/cvs.pub which is staging).
> I don't know why win32 is treated differently. Ben ?

Probably no good reason. We should follow this pattern for Thunderbird though, lest we end up even more confused.

    
    

    
  
Key installation for staging, production, and win32-ix-ref is done.  briar-patch (https://github.com/mozilla/briar-patch/) and paramiko were used to automate this process.

Filed bug 747020 to track creation of a new win32-ix-ref image.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Blocks: 747915

    
    

    
  
I removed the staging copy of tbirdbld_dsa.pub from bld-lion-r5-041..80 (non-try prod), because it was causing errors connecting to stage. I also removed trybld_dsa*, which were also staging but not necessarily from this bug.
Product: mozilla.org → Release Engineering

    
  
Product: Release Engineering → Infrastructure & Operations

    
  
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: