Closed Bug 819850 Opened 12 years ago Closed 12 years ago

please deploy train 2012.12.07 to stage

Categories

(Cloud Services :: Server: Identity, defect)

Product:
Cloud Services
Component:
Server: Identity
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: lhilaiel, Assigned: gene)

References

Details

this will require the creation of a new database table:

  "CREATE TABLE IF NOT EXISTS idp (" +
    "id BIGINT AUTO_INCREMENT PRIMARY KEY," +
    "domain VARCHAR(255) UNIQUE NOT NULL," +
    "lastSeen TIMESTAMP DEFAULT 0 NOT NULL" +
    ") ENGINE=InnoDB;",

version 0.2012.12.07 sha 4545e8fda9 branch train-2012.12.07
Gene already did the CREATE TABLE in stage:
https://bugzilla.mozilla.org/show_bug.cgi?id=819506#c3

So we can just proceed with the rpm spin of the sha above and push that on stage.
Status: NEW → ASSIGNED
jrgm : For this release are there any configuration changes associated with the new code (e.g. proxy_idp, etc)
The RPM we'll be using is : browserid-server-0.2012.12.07-1.el6_111519.x86_64.rpm which is distributed everywhere and ready to be installed
Flags: needinfo?(jrgm)
I've been going through the diff and I'm not sure what config changes will need defaults.

proxy_idsp: {} is definitely one.

The others may be measure_dom_loading, cef and idp_offline_grace_period_ms.
Shane, Jed, Lloyd can you say what changes are needed if any.
Flags: needinfo?(jrgm)
Flags: needinfo?(lhilaiel)
(In reply to John Morrison [:jrgm] from comment #5)

I think proxy_idps changes were a clarification, but something we already managed in stage. No real change there.
Ya, I still don't have a definitive list of what config changes I need for this release. jrgm, can you schedule a meeting with Jed Lloyd etc. to find out the answers to your question about 

measure_dom_loading, cef and idp_offline_grace_period_ms
Depends on: 820885
Okay, sorry I missed that. I'll get you these details. (I actually was in the previous train's tree when I poked around, because I was confused)
Updated with 3 hotfixes.

SHA: 7d22f19cbcd5473c641d2951b66bc80b43e78d83
Branch: https://github.com/mozilla/browserid/tree/train-2012.12.07

Ready to deploy (after train-2012.11.23 is deployed and tested of course)
So for idp_offline_grace_period_ms, measure_dom_loading, cef, they have
reasonable defaults set in browserid/config/production.json in
train-2012.12.07.

However, if I have this right, puppet has its own version of that file that
it wants to install. Is that correct? Then you'll need updates to the puppet
version. (But we really shouldn't need to have production.json modified from the 
committed version, again if that's how it currently is; prod/stage specific changes
can be picked up in an overlay file on that config).

Can you check the diff between that version and the version on this train
(or give me a copy of production.json, and also webhead.json).
Yes, puppet installs a production.json file.

> But we really shouldn't need to have production.json modified from the 
committed version, again if that's how it currently is; prod/stage specific changes
can be picked up in an overlay file on that config

I'd like to understand more about this. What is the overlay file? We use production.json to define all the URLs as well as all the ports. These all differ from the default production.json

Sure, here's the diff


--- <unnamed>
+++ <unnamed>
@@ -1,71 +1,43 @@
-// production.js is the common base configuration for
-// all hosted deployments (non-local)
 {
   "env": "production",
+  "public_url": "https://login.anosrep.org",
+  "public_static_url": "https://static.login.anosrep.org",
   "bind_to": {
     "host": "127.0.0.1"
   },
   "use_minified_resources": true,
-	"public_static_url": "https://static.login.persona.org",
   "database": {
     "driver": "mysql",
-    "user": "browserid",
     "name": "browserid",
-    "create_schema": true
+    "create_schema": false
+  },
+  "smtp": {
+    "host": "127.0.0.1"
   },
   "statsd": {
     "enabled": true
   },
-  "kpi_backend_sample_rate": 0.0,
   "bcrypt_work_factor": 12,
   "max_compute_processes": null,
   "max_compute_duration": 10,
   "disable_primary_support": false,
   "enable_code_version": false,
   "default_lang": "en",
-  // supported_languages should be overridded with what is appropriate for the
-  // deployment.  That is environment dependent:
-  //  * in l10 preview env it's all available locales
-  //  * in staging or dev envs it depends, but should include at least
-  //    testing locales:  "it-CH", "db-LB"
-  //  * in production it's reviews locales that have been signed off
-  "supported_languages": [
-    "en"
-  ],
-  "debug_lang": "it-CH",
-  // locale directory should be overridden
-  "express_log_format": "default_bid",
+  "express_log_format": "default",
   "email_to_console": false,
-  // var path should be overridded
-  // "var_path": "xxx",
+  "var_path": "/var/browserid",
 
-  // this is daemon specific configuration to bind the
-  // ports we've traditionally bound different daemons to,
-  // may be overridden if desired
+  "keysigner": { "bind_to": { "port": 62700 } },
+  "browserid": { "bind_to": { "port": 62700 } },
+  "router": { "bind_to": { "port": 63300 } },
   "verifier": { "bind_to": { "port": 62800 } },
-  "verifier_url": "http://127.0.0.1:62800/verify",
-  "keysigner": { "bind_to": { "port": 62600 } },
-  "keysigner_url": "http://127.0.0.1:62600",
-  "dbwriter": { "bind_to": { "port": 62900 } },
-  "dbwriter_url": "http://127.0.0.1:62900",
-  "browserid": { "bind_to": { "port": 62700 } },
+  "dbwriter": { "bind_to": { "port": 62700 } },
+  "static": { "bind_to": { "port": 63400 } },
+
+  "static_url": "http://127.0.0.1:63400",
+  "verifier_url": "https://browserid.org",
+  "keysigner_url": "http://keysign.idkeysign.scl2.stage.svc.mozilla.com",
+  "dbwriter_url": "http://dbwriter.idsecweb.scl2.stage.svc.mozilla.com",
   "browserid_url": "http://127.0.0.1:62700",
-  "static": { "bind_to": { "port": 63400 } },
-  "static_url": "http://127.0.0.1:63400",
-  "router": { "bind_to": { "port": 63300 } },
-
-  // set to true to enable the development menu.
-  "enable_development_menu": false,
-
-  // http_proxy should be overridded per env
-  //"http_proxy": {
-  //  "host": "127.0.0.1",
-  //  "port": 10006
-  //},
-  
-  // set to true to use an inline script in the dialog HEAD to measure the 
-  // time it takes the window to open and the DOM to start loading.
-  // Enabling this will break CSP because of the extra inline script in the 
-  // HEAD.
-  "measure_dom_loading": false
+  "proxy_idps": {}
 }
(In reply to Gene Wood [:gene] from comment #7)
> Ya, I still don't have a definitive list of what config changes I need for
> this release. jrgm, can you schedule a meeting with Jed Lloyd etc. to find
> out the answers to your question about 
> 
> measure_dom_loading, cef and idp_offline_grace_period_ms

For CEF, one change needs to be made:

    CEF_SYSLOG_HOST=local4
See Also: → 821368
All configs have good default values, no new config is manditory.

lloyd added idp_offline_grace_period_ms defaults to 5 days
MIN_TIME_BETWEEN_EMAILS_MS is a new ENV variable for the existing min_time_between_emails_ms

stomlinson added measure_dom_loading - defaults to false

jedp added cef [1] logging has many config values. All have sane defaults for stage/production.

We chatted with yvan and parker to sanity check. 

There is no stage syslog hosted by security.

Each DC will have a syslog server that we can send data to.

gene will open up a bug for produciton config.

[1] https://github.com/mozilla/browserid/compare/train-2012.11.23...train-2012.12.07#L21R136
(In reply to Gene Wood [:gene] from comment #11)

> I'd like to understand more about this. What is the overlay file? We use
> production.json to define all the URLs as well as all the ports. These all
> differ from the default production.json
> 

Thanks for the diff. By "overlay", look at CONFIG_FILES in services/browserid*/run. Each file in the list can overwrite any previous keys (although not delete, I think).
(In reply to John Morrison [:jrgm] from comment #14)
> ... can overwrite any previous keys (although not delete ...

can overwrite or *add*, but not delete keys
Depends on: 821598
Yes, please deploy this train to stage. I am done with 11.23 in stage.
Yes, at 7d22f19cbcd547.
7d22f19cbcd5473c641d2951b66bc80b43e78d83 has been deployed to stage l10n and clientN
Updated with 4th hotfix.

SHA: f9ee47079ca0883ac9a4bf03c35b3139c18ee918
Branch: https://github.com/mozilla/browserid/tree/train-2012.12.07

Ready to deploy
f9ee47079ca0883ac9a4bf03c35b3139c18ee918 deployed as browserid-server-0.2012.12.07-4.el6_111681.x86_64.rpm on stage l10n and clientN
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Please enable Yahoo BigTent in stage. We wanted to turn this on and off over the next couple of weeks. Please consult your environment notes, but I think our stage is yahoo.login.anosrep.org.

Example config in browserid would be:

    {"yahoo.com":"yahoo.login.anosrep.org"}
Flags: needinfo?(lhilaiel)
See Also: 821368
You need to log in before you can comment on or make changes to this bug.