ReleaseEngineering/How To/Adjust SSH keys on a slave

From MozillaWiki
< ReleaseEngineering‎ | How To
Revision as of 18:16, 4 February 2011 by Djmitche (talk | contribs) (From ReleaseEngineering:BuildSlaveSetup)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

There are three sets of keys that are important: staging, production and try. Aside from a strange permissions problem on linux (.ssh is root:root owned), the process is roughly consistent on all three platforms. missing info: not sure what to put here for getting the keys on the slave, be creative for now.

Note that only the private keys (*_dsa) are required, not the public keys (*_dsa.pub). Also note that the staging and production keys have the same filename, so you'll need to compare them by using them:

To test that you have the staging keys and they are set up properly, try: 

ssh -i ~/.ssh/ffxbld_dsa ffxbld@staging-stage.build.mozilla.org

To test that a production master slave is set up properly, you must be able to run the following commands: 

ssh -i ~/.ssh/ffxbld_dsa ffxbld@aus2-staging.mozilla.org hostname
ssh -i ~/.ssh/ffxbld_dsa ffxbld@dm-symbolpush01.mozilla.org hostname
ssh -i ~/.ssh/ffxbld_dsa ffxbld@stage.mozilla.org hostname
ssh -i ~/.ssh/ffxbld_dsa ffxbld@stage-old.mozilla.org hostname
ssh -i ~/.ssh/ffxbld_dsa ffxbld@hg.mozilla.org hostname
ssh -i ~/.ssh/ffxbld_dsa ffxbld@cvs.mozilla.org hostname

Try builders use different keys!

You must wipe any ssh keys that are not trybld from a newly imaged slave, and copy in the trybld keys from another try builder (staging trybld keys are on the staging slaves)

To test that a try slave is set up properly, you must be able to run the following commands: 

ssh -i ~/.ssh/trybld_dsa trybld@stage.mozilla.org hostname
Retrieved from "https://wiki.mozilla.org/index.php?title=ReleaseEngineering/How_To/Adjust_SSH_keys_on_a_slave&oldid=282498"