Closed Bug 919725 Opened 11 years ago Closed 11 years ago

publish updates to balrog prod

Categories

(Release Engineering :: General, defect)

Product:
Release Engineering
Component:
General
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: bhearsum, Assigned: bhearsum)

References

Details

Attachments

(2 files, 2 obsolete files)

point production builds at balrog production
657 bytes, patch
nthomas
: review+
bhearsum
: checked-in+
Details | Diff | Splinter Review
add mozilla root ca certificate to bundle
5.05 KB, patch
rail
: review+
bhearsum
: checked-in+
Details | Diff | Splinter Review 
We should publish the production updates to balrog dev, stage, and prod (once all of those environments are up). We should probably stop publishing to dev at some point, and reserve that for actually development testing.
Attached patch use multiple balrog roots (obsolete) — Splinter Review 

        Attachment #808793 -
        Flags: review?(nthomas)

        Attachment #808793 -
        Flags: review?(nthomas) → review+

    
    

    
  
Comment on attachment 808792 [details] [diff] [review]
make it possible to submit to multiple balrog servers

Waiting for updated patch.

        Attachment #808792 -
        Attachment is obsolete: true

        Attachment #808792 -
        Flags: review?(nthomas)

    
    

    
  
We decided that just prod is good enough for now.
Summary: publish updates to balrog dev, stage, and prod → publish updates to balrog prod

    
    

    
  


  
Need Puppet changes too, but both the username and password are stored as secrets on the Puppet server. I'll update this bug when I've done that.

        Attachment #808793 -
        Attachment is obsolete: true

        Attachment #810165 -
        Flags: review?(nthomas)

    
    

    
  
18:04 < bhearsum> nthomas: ack, i just realized that the balrog submitter isn't going to work - it's going to fail to validate the certificate because 
                  aus4-admin.mozilla.org uses a Mozilla Root CA cert
18:05 < bhearsum> i'll need to think about adding that root to the cert bundle we verify against

        Attachment #810165 -
        Flags: review?(nthomas) → review+

    
    

    
  


  
I think this is OK to do, because we should trust our own internal services as much as things signed by another root, right?

        Attachment #810549 -
        Flags: review?(rail)

    
    

    
  
Comment on attachment 810549 [details] [diff] [review]
add mozilla root ca certificate to bundle

r+ for misc/certs/ca-bundle.crt changes, lib/python/release/sanity.py is unrelated.

        Attachment #810549 -
        Flags: review?(rail) → review+

    
  

        Attachment #810549 -
        Flags: checked-in+

    
  

        Attachment #810165 -
        Flags: checked-in+

    
    

    
  
in production - the overnight nightlies will report to balrog production \o/!

    
    

    
  
This has been working fine for days.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Component: General Automation → General

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: