ReleaseEngineering/How To/Adjust SSH keys on a slave: Difference between revisions
No edit summary |
No edit summary |
||
| Line 4: | Line 4: | ||
In general, copy SSH keys from a similarly-configured slave. You will need to use <tt>-oBatchMode=no</tt> in your ssh invocation to avoid host-key failures. Note that only the private keys (<tt>*_dsa</tt>) are required, not the public keys (<tt>*_dsa.pub</tt>). Also note that the staging and production keys have the same filename. The current production ffxbld_dsa has md5 beginning with '166b900'; staging's begins with '86bcf286'. | In general, copy SSH keys from a similarly-configured slave. You will need to use <tt>-oBatchMode=no</tt> in your ssh invocation to avoid host-key failures. Note that only the private keys (<tt>*_dsa</tt>) are required, not the public keys (<tt>*_dsa.pub</tt>). Also note that the staging and production keys have the same filename. The current production ffxbld_dsa has md5 beginning with '166b900'; staging's begins with '86bcf286'. | ||
= Staging = | |||
To test that you have the staging keys and they are set up properly, try: | To test that you have the staging keys and they are set up properly, try: | ||
ssh -i ~/.ssh/ffxbld_dsa ffxbld@staging-stage.build.mozilla.org hostname | ssh -i ~/.ssh/ffxbld_dsa ffxbld@staging-stage.build.mozilla.org hostname | ||
= Preproduction = | |||
Preproduction keys are not the same as staging keys - see [[ReleaseEngineering/Preproduction/Stage]]. | |||
= Production Build = | |||
To test that a production master slave is set up properly, you must be able to run the following commands: | To test that a production master slave is set up properly, you must be able to run the following commands: | ||
ssh -i ~/.ssh/ffxbld_dsa ffxbld@aus2-staging.mozilla.org hostname | ssh -i ~/.ssh/ffxbld_dsa ffxbld@aus2-staging.mozilla.org hostname | ||
| Line 14: | Line 19: | ||
ssh -i ~/.ssh/xrbld_dsa xrbld@stage.mozilla.org hostname | ssh -i ~/.ssh/xrbld_dsa xrbld@stage.mozilla.org hostname | ||
= Try = | |||
'''Try builders use different keys!''' | '''Try builders use different keys!''' | ||
Revision as of 01:46, 14 April 2011
There are three sets of keys that are important: staging, production and try. Aside from a strange permissions problem on linux (.ssh is root:root owned), the process is roughly consistent on all three platforms.
In general, copy SSH keys from a similarly-configured slave. You will need to use -oBatchMode=no in your ssh invocation to avoid host-key failures. Note that only the private keys (*_dsa) are required, not the public keys (*_dsa.pub). Also note that the staging and production keys have the same filename. The current production ffxbld_dsa has md5 beginning with '166b900'; staging's begins with '86bcf286'.
Staging
To test that you have the staging keys and they are set up properly, try:
ssh -i ~/.ssh/ffxbld_dsa ffxbld@staging-stage.build.mozilla.org hostname
Preproduction
Preproduction keys are not the same as staging keys - see ReleaseEngineering/Preproduction/Stage.
Production Build
To test that a production master slave is set up properly, you must be able to run the following commands:
ssh -i ~/.ssh/ffxbld_dsa ffxbld@aus2-staging.mozilla.org hostname ssh -i ~/.ssh/ffxbld_dsa ffxbld@dm-symbolpush01.mozilla.org hostname ssh -i ~/.ssh/ffxbld_dsa ffxbld@stage.mozilla.org hostname ssh -i ~/.ssh/ffxbld_dsa ffxbld@stage-old.mozilla.org hostname ssh -i ~/.ssh/xrbld_dsa xrbld@stage.mozilla.org hostname
Try
Try builders use different keys!
You must wipe any ssh keys that are not trybld from a newly imaged slave, and copy in the trybld keys from another try builder (staging trybld keys are on the staging slaves)
To test that a try slave is set up properly, you must be able to run the following commands:
ssh -i ~/.ssh/trybld_dsa trybld@stage.mozilla.org hostname