ReleaseEngineering/How To/Adjust SSH keys on a slave: Difference between revisions
m (→Production) |
m (→Production) |
||
| Line 20: | Line 20: | ||
rmdir /S /Q .ssh | rmdir /S /Q .ssh | ||
D:\mozilla-build\msys\bin\scp.exe cltbld@staging-master.build.mozilla.org:~/w32-prod-keys.zip . | D:\mozilla-build\msys\bin\scp.exe cltbld@staging-master.build.mozilla.org:~/w32-prod-keys.zip . | ||
D:\mozilla-build\7zip\7z.exe x w32-prod-keys.zip | D:\mozilla-build\7zip\7z.exe x w32-prod-keys.zip .ssh | ||
del w32-prod-keys.zip | del w32-prod-keys.zip | ||
rmdir /S /Q E:\builds\moz2_slave | rmdir /S /Q E:\builds\moz2_slave | ||
Revision as of 17:11, 31 August 2011
There are three sets of keys that are important: staging, production and try. Aside from a strange permissions problem on linux (.ssh is root:root owned), the process is roughly consistent on all three platforms.
In general, copy SSH keys from a similarly-configured slave. You will need to use -oBatchMode=no in your ssh invocation to avoid host-key failures. Note that only the private keys (*_dsa) are required, not the public keys (*_dsa.pub). Also note that the staging and production keys have the same filename. The current production ffxbld_dsa has md5 beginning with '166b900'; staging's begins with '86bcf286'.
= Staging =
To test that you have the staging keys and they are set up properly, try:
# *nix ssh -i ~/.ssh/ffxbld_dsa ffxbld@staging-stage.build.mozilla.org hostname # Windows set HOME=C:\Documents and Settings\cltbld D:\mozilla-build\msys\bin\ssh.exe -i .ssh\ffxbld_dsa ffxbld@staging-stage.build.mozilla.org hostname
Preproduction
Preproduction keys are not the same as staging keys - see ReleaseEngineering/Preproduction/Stage.
Production
Steps for Windows:
rmdir /S /Q .ssh D:\mozilla-build\msys\bin\scp.exe cltbld@staging-master.build.mozilla.org:~/w32-prod-keys.zip . D:\mozilla-build\7zip\7z.exe x w32-prod-keys.zip .ssh del w32-prod-keys.zip rmdir /S /Q E:\builds\moz2_slave
To test that a production master slave is set up properly, you must be able to run the following commands:
ssh -i ~/.ssh/ffxbld_dsa ffxbld@aus2-staging.mozilla.org hostname ssh -i ~/.ssh/ffxbld_dsa ffxbld@dm-symbolpush01.mozilla.org hostname ssh -i ~/.ssh/ffxbld_dsa ffxbld@stage.mozilla.org hostname ssh -i ~/.ssh/ffxbld_dsa ffxbld@stage-old.mozilla.org hostname ssh -i ~/.ssh/xrbld_dsa xrbld@stage.mozilla.org hostname
Try
Try builders use different keys!
You must wipe any ssh keys that are not trybld from a newly imaged slave, and copy in the trybld keys from another try builder (staging trybld keys are on the staging slaves)
To test that a try slave is set up properly, you must be able to run the following commands:
ssh -i ~/.ssh/trybld_dsa trybld@stage.mozilla.org hostname
Steps for Windows:
rmdir /S /Q .ssh D:\mozilla-build\msys\bin\scp.exe cltbld@staging-master.build.mozilla.org:~/w32-try-keys.zip . D:\mozilla-build\7zip\7z.exe x w32-try-keys.zip del w32-try-keys.zip REM Testing - it should not ask you for authentication set HOME=C:\Documents and Settings\cltbld D:\mozilla-build\msys\bin\ssh.exe -i .ssh/trybld_dsa trybld@stage.mozilla.org hostname rmdir /S /Q E:\builds\moz2_slave