ReleaseEngineering/How To/Adjust SSH keys on a slave: Difference between revisions
| Line 15: | Line 15: | ||
= Production = | = Production = | ||
NOTE: '''Make sure that the host you try to grab keys from is on the same data-center'''. | |||
Steps for Windows: | Steps for Windows: | ||
<pre> | <pre> | ||
rmdir /S /Q .ssh | rmdir /S /Q .ssh | ||
C:\mozilla-build\msys\bin\scp -o 'StrictHostKeyChecking no' -o 'BatchMode=no' -r cltbld@bld- | C:\mozilla-build\msys\bin\scp -o 'StrictHostKeyChecking no' -o 'BatchMode=no' -r cltbld@bld-linux64-ix-028:~/.ssh .ssh | ||
</pre> | </pre> | ||
Revision as of 19:34, 22 August 2013
There are three sets of keys that are important: staging, production and try. Aside from a strange permissions problem on linux (.ssh is root:root owned), the process is roughly consistent on all three platforms.
In general, copy SSH keys from a similarly-configured slave. You will need to use -oBatchMode=no in your ssh invocation to avoid host-key failures. Note that only the private keys (*_dsa) are required, not the public keys (*_dsa.pub) (however, if you have the ".pub", it must match with the private or the key will silently fail). Also note that the staging and production keys have the same filename. The current production ffxbld_dsa has md5 beginning with '166b900'; staging's begins with '86bcf286'.
Staging
# Windows cd .ssh C:\mozilla-build\msys\bin\scp.exe cltbld@dev-master01:~/staging_keys/* . set HOME=C:\Users\cltbld C:\mozilla-build\msys\bin\ssh.exe -i %HOME%\.ssh\ffxbld_dsa ffxbld@dev-stage01.build.mozilla.org hostname
Preproduction
Preproduction keys are not the same as staging keys - see ReleaseEngineering/Preproduction/Stage.
Production
NOTE: Make sure that the host you try to grab keys from is on the same data-center.
Steps for Windows:
rmdir /S /Q .ssh C:\mozilla-build\msys\bin\scp -o 'StrictHostKeyChecking no' -o 'BatchMode=no' -r cltbld@bld-linux64-ix-028:~/.ssh .ssh
To test that a production master slave is set up properly, you must be able to run the following commands:
set HOME=C:\Users\cltbld ssh -i ~/.ssh/ffxbld_dsa ffxbld@symbolpush.mozilla.org exit ssh -i ~/.ssh/ffxbld_dsa ffxbld@stage.mozilla.org exit ssh -i ~/.ssh/xrbld_dsa xrbld@stage.mozilla.org exit ssh -i ~/.ssh/auspush ffxbld@aus3-staging.mozilla.org exit ssh -i ~/.ssh/auspush tbirdbld@aus3-staging.mozilla.org exit ssh -i ~/.ssh/tbirdbld_dsa tbirdbld@symbols1.dmz.phx1.mozilla.com exit ssh -i ~/.ssh/tbirdbld_dsa tbirdbld@stage.mozilla.org exit
Try
Try builders use different keys!
You must wipe any ssh keys that are not trybld from a newly imaged slave, and copy in the trybld keys from another try builder (staging trybld keys are on the staging slaves)
To test that a try slave is set up properly, you must be able to run the following commands:
ssh -i ~/.ssh/trybld_dsa trybld@stage.mozilla.org hostname ssh -i ~/.ssh/trybld_dsa trybld@relengweb1.dmz.scl3.mozilla.com hostname
Steps for Windows:
rmdir /S /Q .ssh mkdir .ssh scp cltbld@bld-lion-r5-095:~/.ssh/* .ssh ssh -i .ssh/trybld_dsa trybld@stage.mozilla.org hostname ssh -i .ssh/trybld_dsa trybld@relengweb1.dmz.scl3.mozilla.com hostname rmdir /S /Q E:\builds\moz2_slave