Closed
Bug 823775
Opened 12 years ago
Closed 12 years ago
Need Jenkins access to unagi_eng builds
Categories
(mozilla.org Graveyard :: Server Operations, task)
mozilla.org Graveyard
Server Operations
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: jgriffin, Assigned: dumitru)
References
Details
Now that rel-eng is making Marionette-enabled unagi builds (bug 820594), we need a way to access them from WebQA's Jenkins instance. They're current hosted at pvtbuilds, which requires LDAP access.
The Jenkins instance used by WebQA is on the Mozilla office VPN, at http://qa-selenium.mv.mozilla.com:8080.
We need to either:
- mirror them somewhere that has some sort of static authentication or no authentication, that's available only to the Jenkins master and slaves
- create an LDAP account for Jenkins that just grants access to pvtbuilds
Please re-assign to ServerOps if appropriate.
|
||
Comment 1•12 years ago
|
||
Yeah, I think IT is in the best position to get this fixed.
Assignee: nobody → server-ops
Component: Release Engineering: Automation (General) → Server Operations
QA Contact: catlee → shyam
|
||
Comment 2•12 years ago
|
||
Over to Dev Services
Assignee: server-ops → server-ops-devservices
Component: Server Operations → Server Operations: Developer Services
|
||
Comment 3•12 years ago
|
||
(In reply to Rick Bryce [:rbryce] from comment #2)
> Over to Dev Services
Jenkins is Webops now.
Assignee: server-ops-devservices → server-ops-webops
Component: Server Operations: Developer Services → Server Operations: Web Operations
QA Contact: shyam → nmaul
|
||
Comment 4•12 years ago
|
||
From comment 0, one of the options was:
- create an LDAP account for Jenkins that just grants access to pvtbuilds
Additionally, WebOps does not manage the Jenkins install at selenium.mv.mozilla.com... WebQA does themselves. So we can't really help with it much. :)
Moving this back to the main Server Ops component. Sounds to me like we can resolve this with just an LDAP user (in the pvtbuilds group), and get the credentials over to... WebQA, I guess?
Assignee: server-ops-webops → server-ops
Component: Server Operations: Web Operations → Server Operations
QA Contact: nmaul → shyam
|
||
Comment 5•12 years ago
|
||
(In reply to Jake Maul [:jakem] from comment #4)
> From comment 0, one of the options was:
>
> - create an LDAP account for Jenkins that just grants access to pvtbuilds
>
> Additionally, WebOps does not manage the Jenkins install at
> selenium.mv.mozilla.com... WebQA does themselves. So we can't really help
> with it much. :)
>
> Moving this back to the main Server Ops component. Sounds to me like we can
> resolve this with just an LDAP user (in the pvtbuilds group), and get the
> credentials over to... WebQA, I guess?
The problem I foresee is that Jenkins is currently using mozdownload to fetch the builds, and was previously using wget. These are both capable of providing basic authentication, but I'm not sure they can provide LDAP authentication. Hoping I'm wrong here.
|
||
Updated•12 years ago
|
Whiteboard: [waiting on account creation]
|
|
||
Comment 6•12 years ago
|
||
CC'ing releng folks and opsec, I'm not sure we're allowed to transfer builds across like this..now that I re-read it. We should make sure that's okay before proceeding.
|
|
||
Updated•12 years ago
|
Flags: needinfo?(joduinn)
aiui, as long as the unagi binaries are only available to MoCo employees, we're okay.
Meeting that criteria requires lockdown of the jenkins setup beyond what's discussed here (the transfer). Webops/opsec would have to speak to that point, and/or it'd need to go by legal.
|
||
Comment 8•12 years ago
|
||
Guessing comment 7 is still in effect, since we're seeing "auth required," now:
http://qa-selenium.mv.mozilla.com:8080/view/B2G/job/b2g.unagi.download.pvtbuilds/1/console
+ export DATE=
+ DATE=
+ mozdownload --url=https://pvtbuilds.mozilla.org/pub/mozilla.org/b2g/nightly/mozilla-b2g18-unagi-eng/latest/unagi.zip
Downloading from: https://pvtbuilds.mozilla.org/pub/mozilla.org/b2g/nightly/mozilla-b2g18-unagi-eng/latest/unagi.zip
<snip>
urllib2.HTTPError: HTTP Error 401: Authorization Required
Jishnu, any update on this?
Flags: needinfo?(jmenon)
|
||
Comment 9•12 years ago
|
||
Only moz employees and paid contractors under nda should have access to unagi builds. Not sure what these systems are but that's why these are set up on pvtbuilds
Flags: needinfo?(jmenon)
(In reply to Jishnu Menon from comment #9)
> Only moz employees and paid contractors under nda should have access to
> unagi builds. Not sure what these systems are but that's why these are set
> up on pvtbuilds
We are "moz employees and paid contractors under nda [sic]"; these systems are the critical continuous-integration infrastructure testing Firefox OS and will be responsible for reporting results to development engineers in TBPL (Tinderbox).
As releng wants to (rightly so) delete builds off of release.mozilla.com/b2g/, we *need* access to continue to test Firefox OS.
Flags: needinfo?(jmenon)
|
|
||
Comment 11•12 years ago
|
||
ok - I think I understand - access is fine as long as locked down to moz employeees/contractors on whatever share these builds end up on - happy to talk if I'm missing something - please call my cell (on phonebook)
Flags: needinfo?(jmenon)
|
Assignee | |
Updated•12 years ago
|
Assignee: server-ops → dgherman
|
|
Assignee | |
Comment 12•12 years ago
|
||
Done.
User and password communicated via IRC.
Status: NEW → RESOLVED
Closed: 12 years ago
Flags: needinfo?(joduinn)
Resolution: --- → FIXED
|
|
||
Updated•12 years ago
|
Whiteboard: [waiting on account creation]
|
||
Updated•10 years ago
|
Product: mozilla.org → mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•