Closed
Bug 864730
Opened 12 years ago
Closed 12 years ago
create an account for Geeksphone to access symbolpush.mozilla.org via SSH
Categories
(mozilla.org Graveyard :: Server Operations, task)
mozilla.org Graveyard
Server Operations
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: ted, Assigned: dumitru)
References
Details
We need to setup an SSH account for Geeksphone to upload symbols from their B2G builds to symbolpush.mozilla.org so we can have useful crash reports.
We're going to need to do this for other partners in the future, I'm sure, but let's start here.
Christie: can you CC the relevant parties at Geeksphone that could provide an SSH key for the account?
|
Assignee | |
Comment 1•12 years ago
|
||
How much data gathering are we talking about?
Has this passed all the RelEng/Security/Legal etc. approvals before giving them SSH access to our infra?
Group: mozilla-corporation-confidential
|
Reporter | |
Comment 2•12 years ago
|
||
This is not data gathering. This is the standard crash reporting symbols we have on all Firefox and B2G builds that Mozilla produces. We already have accounts in place for Linux distributions and Adobe to upload symbols to this host. This is well-trod ground.
Group: mozilla-corporation-confidential
|
||
Comment 3•12 years ago
|
||
Also note that this is only for them uploading those build symbols to us, they don't get access to any existing data/files on our infra with this, they only get access to the files they upload (and to a place to upload them to so we can use them).
Without those symbols, almost all crash reports users send in from the builds they create are useless, only through those symbols we can make the reports into something useful for us to debug stability problems and fix bugs.
Also, note that while this is the first Firefox OS partner we set this up for, we will need to do this for any partner that produces builds for their users - and we need to make it easy for them to get that access to upload that data, because for them, this is mostly just additional work and no direct reward (only indirect due to getting more stability long-term), while the direct reward is mostly on our side in being able to actually act on crash reports being sent in from their users and work our bugs causing those crashes.
|
||
Comment 4•12 years ago
|
||
(In reply to Ted Mielczarek [:ted.mielczarek] from comment #2)
> This is not data gathering. This is the standard crash reporting symbols we
> have on all Firefox and B2G builds that Mozilla produces. We already have
> accounts in place for Linux distributions and Adobe to upload symbols to
> this host. This is well-trod ground.
Ted
Looking at Bug 753470. We will need a ssh key to get this done. Please attach a public ssh key and we will get you squared away.
|
|
Reporter | |
Comment 5•12 years ago
|
||
Per comment 0, I need Christie to find a contact at Geeksphone to attach said SSH key.
|
||
Updated•12 years ago
|
Flags: sec-review?(mhenry)
|
|
Reporter | |
Comment 6•12 years ago
|
||
Why do you think this needs sec-review?
|
|
||
Comment 7•12 years ago
|
||
(In reply to Ted Mielczarek [:ted.mielczarek] from comment #6)
> Why do you think this needs sec-review?
How these SSH connections are setup and managed isn't known to me or my team. We want to look at this and make sure we're doing things properly and aren't perpetuating any security issues. I don't want to "ok" something I know little to nothing about. The SecReview won't take long. Michael Henry [:tinfoil] is working on it now.
|
|
||
Comment 8•12 years ago
|
||
Ted,
We don't need to stop your work here, please attach the SSH key, and Rick Bryce or another SRE will take care of getting the access setup.
|
|
Reporter | |
Updated•12 years ago
|
Flags: needinfo?(ckoehler)
|
|
||
Updated•12 years ago
|
Flags: needinfo?(gp)
|
||
Comment 9•12 years ago
|
||
Carlos, please provide us with your public SSH key.
Flags: needinfo?(ckoehler)
|
||
Updated•12 years ago
|
Whiteboard: Waiting on SSH Keys
|
||
Comment 10•12 years ago
|
||
Sorry about the delay, public SSH Key:
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQCXWpdPTk+ilDlJqV3yR/wKVY7HjJjkXNeyLDMIC4CZLdG751ktzgKua85Q4MVGd+ZmleaehvrylbXicEtFgFxnYrS+D9wd1SvYUAx3dekHNX9F46Gy+KXiuGwS3V+FvmNkgGk8zF/MnBOFvwHs4U6rKnYTcdtlRSKOtbAThmzpugyZS1VSIiehHVRd07QphzoN+Kd3uVZ42gCpJcqtpE3/fISCstIwrsNUpIFi9UMkbEUi5h5fSCapSD1+YZFVSNgdTSCKUpPs/16P0E55Tm/w1EHoAxWed6ROCC87XVbrimtU1dCCPTn82ntpq8PrgVWOJQdHRy9nT660GO0GkOP7
geeksphone@GP-HARLAN
Flags: needinfo?(gp)
|
|
||
Updated•12 years ago
|
Assignee: server-ops → dgherman
|
|
Assignee | |
Comment 11•12 years ago
|
||
You should be able to SSH into symbolpush.mozilla.org as 'geeksphonesymbols' with the SSH key provided.
Let me know if anything else is needed.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Whiteboard: Waiting on SSH Keys
|
||
Updated•12 years ago
|
Flags: sec-review?(mhenry) → sec-review+
|
|
||
Comment 12•12 years ago
|
||
What is the SYMBOL_SERVER_PATH that Geeksphone should use?
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
Assignee | |
Comment 13•12 years ago
|
||
I don't know, IT is not managing the symbols. The other symbols are in /mnt/netapp/breakpad/.
Who can answer this question?
|
|
Reporter | |
Comment 15•12 years ago
|
||
Historically we've created a separate symbols_<whatever> dir for each user, so creating a symbols_geeksphone dir owned by the geeksphone user would be fine. We'll have to file another bug to get Socorro updated to look there for symbols. (Sorry if I omitted that point.)
Flags: needinfo?(ted)
|
|
||
Comment 16•12 years ago
|
||
Geeksphone suggests the following:
keon/b2g-18.0.en-US.android-arm.crashreporter-symbols-full.zip
peak/b2g-18.0.en-US.android-arm.crashreporter-symbols-full.zip
TEF/b2g-18.0.en-US.android-arm.crashreporter-symbols-full.zip
Perhaps we should create the following?
symbols_keon
symbols_peak
symbols_peak-tef
|
|
Reporter | |
Comment 17•12 years ago
|
||
There's not much benefit to splitting them up per-product, we upload all branches of Firefox builds to a single symbols_ffx, for example. The separate directories are primarily just useful to enforce filesystem permissions and keep different projects from stepping on each other.
|
|
||
Comment 18•12 years ago
|
||
(In reply to Ted Mielczarek [:ted.mielczarek] from comment #17)
> There's not much benefit to splitting them up per-product, we upload all
Okay, then a single symbols_geeksphone directory. Can we get that created today?
Should the zip files include the name of the device-build so they are unique?
|
|
Reporter | |
Comment 19•12 years ago
|
||
The zip files don't matter that much, they're just an intermediate step. The -symbols.txt files inside matter more, if you want to make those more unique you can set MOZ_SYMBOLS_EXTRA_BUILDID=whatever in the environment while running the "buildsymbols" step, and that will be appended to the filename. We use this for project branches, etc.
|
|
Assignee | |
Comment 20•12 years ago
|
||
(In reply to Christie Koehler [:ckoehler] from comment #18)
> (In reply to Ted Mielczarek [:ted.mielczarek] from comment #17)
> > There's not much benefit to splitting them up per-product, we upload all
>
> Okay, then a single symbols_geeksphone directory. Can we get that created
> today?
drwxr-xr-x 2 geeksphonesymbols root 4096 May 28 10:04 symbols_geeksphone
The path on the system is: /mnt/netapp/breakpad/symbols_geeksphone
There is a cron script that cleans up symbols older than 45 days. If needed, please let me know and I'll add this new folder as well.
Status: REOPENED → RESOLVED
Closed: 12 years ago → 12 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Comment 21•12 years ago
|
||
Yes, please add this to the cleanup script (note that it's more complicated than "45 days old", just in case anyone is wondering).
|
|
Assignee | |
Comment 22•12 years ago
|
||
Added. Yeah, that script is crazy!
|
||
Updated•10 years ago
|
Product: mozilla.org → mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•