publish updates to balrog prod

RESOLVED FIXED

Status

Release Engineering
General Automation
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: bhearsum, Assigned: bhearsum)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments, 2 obsolete attachments)

(Assignee)

Description

5 years ago
We should publish the production updates to balrog dev, stage, and prod (once all of those environments are up). We should probably stop publishing to dev at some point, and reserve that for actually development testing.
(Assignee)

Comment 1

5 years ago
Created attachment 808792 [details] [diff] [review]
make it possible to submit to multiple balrog servers
Attachment #808792 - Flags: review?(nthomas)
(Assignee)

Comment 2

5 years ago
Created attachment 808793 [details] [diff] [review]
use multiple balrog roots
Attachment #808793 - Flags: review?(nthomas)
Attachment #808793 - Flags: review?(nthomas) → review+
Comment on attachment 808792 [details] [diff] [review]
make it possible to submit to multiple balrog servers

Waiting for updated patch.
Attachment #808792 - Attachment is obsolete: true
Attachment #808792 - Flags: review?(nthomas)
(Assignee)

Comment 4

5 years ago
We decided that just prod is good enough for now.
Summary: publish updates to balrog dev, stage, and prod → publish updates to balrog prod
(Assignee)

Comment 5

5 years ago
Created attachment 810165 [details] [diff] [review]
point production builds at balrog production

Need Puppet changes too, but both the username and password are stored as secrets on the Puppet server. I'll update this bug when I've done that.
Attachment #808793 - Attachment is obsolete: true
Attachment #810165 - Flags: review?(nthomas)
(Assignee)

Comment 6

5 years ago
18:04 < bhearsum> nthomas: ack, i just realized that the balrog submitter isn't going to work - it's going to fail to validate the certificate because 
                  aus4-admin.mozilla.org uses a Mozilla Root CA cert
18:05 < bhearsum> i'll need to think about adding that root to the cert bundle we verify against
Attachment #810165 - Flags: review?(nthomas) → review+
(Assignee)

Comment 7

5 years ago
Created attachment 810549 [details] [diff] [review]
add mozilla root ca certificate to bundle

I think this is OK to do, because we should trust our own internal services as much as things signed by another root, right?
Attachment #810549 - Flags: review?(rail)
Comment on attachment 810549 [details] [diff] [review]
add mozilla root ca certificate to bundle

r+ for misc/certs/ca-bundle.crt changes, lib/python/release/sanity.py is unrelated.
Attachment #810549 - Flags: review?(rail) → review+
(Assignee)

Updated

5 years ago
Attachment #810549 - Flags: checked-in+
(Assignee)

Updated

5 years ago
Attachment #810165 - Flags: checked-in+
(Assignee)

Comment 9

5 years ago
in production - the overnight nightlies will report to balrog production \o/!
(Assignee)

Comment 10

5 years ago
This has been working fine for days.
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.