Need an LDAP account that can push to hg.mozilla.org/addon-sdk

RESOLVED FIXED

Status

mozilla.org
Repository Account Requests
--
critical
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: mossop, Assigned: fox2mike)

Tracking

Details

Attachments

(1 attachment)

(Reporter)

Description

6 years ago
We're working on mirroring the add-on SDK repo in github to mercurial and we have an automated tools set up that will push changes from github into the mercurial repositories at http://hg.mozilla.org/projects/addon-sdk, http://hg.mozilla.org/projects/addon-sdk-beta and http://hg.mozilla.org/projects/addon-sdk-release.

For testing we've just been using a user's ldap account but now we'd like to get a custom ldap account set up for this. It's private key would live on a machine hosted by IT (see bug 753527). We only care about writing to those three repositories.

How do we go about getting this created?
Dave: We have done this before for releng but I cannot find the bug currently. In the meantime perhaps Reed can chime in with some suggestions.
Bug 658673 has a similar request from the releng side - so I think we pretty much would have to mirror what they have done in that bug. So we would need a user name, which repos to access, SSH key, etc.
(Reporter)

Comment 3

6 years ago
Created attachment 652486 [details]
Public key

So the username I guess "addonsdk", the repos to access:

addon-sdk
addon-sdk-beta
addon-sdk-jetperf-tests
addon-sdk-release

Attached is a new public key.
Over to server-ops to create this account. I assume server-ops can give Dave the LDAP password once these have been created for user addonsdk.
Assignee: mozillamarcia.knous → server-ops
The LDAP password shouldn't be needed if they're just going to use SSH auth to push.
Assignee: server-ops → mburns
User has been created. Let me know if access doesn't work.
(Reporter)

Comment 7

6 years ago
Getting access denied running "ssh -v addonsdk@hg.mozilla.org whoami":

OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /c/Users/Dave Townsend/.ssh/config
debug1: Applying options for hg.mozilla.org
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to hg.mozilla.org [63.245.215.25] port 22.
debug1: Connection established.
debug1: identity file /c/Users/Dave Townsend/.ssh/identity type -1
debug1: identity file /c/Users/Dave Townsend/.ssh/id_rsa type -1
debug1: identity file /c/Users/Dave Townsend/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.4
debug1: match: OpenSSH_5.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'hg.mozilla.org' is known and matches the RSA host key.
debug1: Found key in /c/Users/Dave Townsend/.ssh/known_hosts:10
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /c/Users/Dave Townsend/.ssh/id_dsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /c/Users/Dave Townsend/.ssh/identity
debug1: Trying private key: /c/Users/Dave Townsend/.ssh/id_rsa
debug1: Trying private key: /c/Users/Dave Townsend/.ssh/id_dsa
debug1: read PEM private key done: type DSA
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).
(Reporter)

Comment 8

6 years ago
ping?
Sorry Dave.

I've reset :addonsdk's permissions. Within about 20 minutes, if this doesn't start working for you, please let me know.
(Reporter)

Comment 10

6 years ago
(In reply to Michael Burns [:mburns] from comment #9)
> Sorry Dave.
> 
> I've reset :addonsdk's permissions. Within about 20 minutes, if this doesn't
> start working for you, please let me know.

Still getting the same result
(Reporter)

Comment 11

6 years ago
Bumping the priority here as we've been waiting for basically a month here
Severity: normal → critical
(Reporter)

Comment 12

6 years ago
What is the ETA on getting a response here? Last I heard from Michael was 11 days ago via email where he said that he was getting help from someone else with more experience with our repo setup.
(Assignee)

Comment 13

6 years ago
Dave, tried getting in touch with you on IRC, no response.

I'd like you to try this simple change :

ssh -v addonsdk@mozilla.com@hg.mozilla.org

With the correct SSH keys and let me know if that doesn't work. 

Thanks!
(Assignee)

Updated

6 years ago
Assignee: mburns → shyam
(Assignee)

Comment 14

6 years ago
Should be good to go. The account was created incorrectly and I had to fiddle with LDAP to make sure it was good to go. I blew away the old one and re-did the account.

Dave says he can now auth successfully. I've given the account scm_level_2 which should be sufficient to commit to the repos mentioned in comment #3.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.