Closed Bug 919725 Opened 8 years ago Closed 8 years ago

publish updates to balrog prod


(Release Engineering :: General, defect)

Not set


(Not tracked)



(Reporter: bhearsum, Assigned: bhearsum)




(2 files, 2 obsolete files)

We should publish the production updates to balrog dev, stage, and prod (once all of those environments are up). We should probably stop publishing to dev at some point, and reserve that for actually development testing.
Attached patch use multiple balrog roots (obsolete) — Splinter Review
Attachment #808793 - Flags: review?(nthomas)
Attachment #808793 - Flags: review?(nthomas) → review+
Comment on attachment 808792 [details] [diff] [review]
make it possible to submit to multiple balrog servers

Waiting for updated patch.
Attachment #808792 - Attachment is obsolete: true
Attachment #808792 - Flags: review?(nthomas)
We decided that just prod is good enough for now.
Summary: publish updates to balrog dev, stage, and prod → publish updates to balrog prod
Need Puppet changes too, but both the username and password are stored as secrets on the Puppet server. I'll update this bug when I've done that.
Attachment #808793 - Attachment is obsolete: true
Attachment #810165 - Flags: review?(nthomas)
18:04 < bhearsum> nthomas: ack, i just realized that the balrog submitter isn't going to work - it's going to fail to validate the certificate because 
         uses a Mozilla Root CA cert
18:05 < bhearsum> i'll need to think about adding that root to the cert bundle we verify against
Attachment #810165 - Flags: review?(nthomas) → review+
I think this is OK to do, because we should trust our own internal services as much as things signed by another root, right?
Attachment #810549 - Flags: review?(rail)
Comment on attachment 810549 [details] [diff] [review]
add mozilla root ca certificate to bundle

r+ for misc/certs/ca-bundle.crt changes, lib/python/release/ is unrelated.
Attachment #810549 - Flags: review?(rail) → review+
Attachment #810549 - Flags: checked-in+
Attachment #810165 - Flags: checked-in+
in production - the overnight nightlies will report to balrog production \o/!
This has been working fine for days.
Closed: 8 years ago
Resolution: --- → FIXED
Component: General Automation → General
You need to log in before you can comment on or make changes to this bug.