MozillaWiki

ReleaseEngineering/Infrastructure/Signing: Difference between revisions

Page Discussion

ReleaseEngineering/Infrastructure/Signing (view source)

Revision as of 15:39, 8 January 2014

220 bytes added ,  8 January 2014
no edit summary
No edit summary
Line 1: Line 1:


NOTE: This is a draft. This info has to be verified by bhearsum or someone that knows more about these systems.
NOTE: This is only meant for a quick read and be able to move fast when your previous knowledge to the system is limited.For full and formal documentation please read [https://mana.mozilla.org/wiki/display/IT/Product+Signing Mana's Product Signing] (credentials required) and [https://intranet.mozilla.org/RelEngWiki/index.php/Signing Internal Signing page] (credentials required).
 
NOTE: This is '''exploratory documentation'''. It could be wrong.


= Introduction =
= Introduction =
Signing servers use [[ReleaseEngineering/How_To/Restart_Redis|redis]] to share the valid tokens amongst the different servers.
Signing servers use [[ReleaseEngineering/How_To/Restart_Redis|redis]] to share the valid tokens amongst the different server (quoting bhearsum)s.  


We have 4 Mac signing servers (mac-signing[1-4]) and 3 Linux signing servers (signing{4,5,6})
= How it works =
Build machines, before they upload their files to FTP or S3, need their build files signed.
Build machines, before they upload their files to FTP or S3, need their build files signed.
The per-check-in and nightly builds (not the debug builds) submit the files that need signing to the signing servers, however, they initially need to request a valid token.
The per-check-in and nightly builds submit the files that need signing to the signing servers, however, they initially need to request a valid token.


== Download token ==
== Download token ==
Every build has a step called "download token".
The builds have a step called "download token".
In this step the buildbot master will contact one of the signing servers, receive back a signing token, and download it to the build machine.
In this step the buildbot master will contact one of the signing servers, receive back a signing token, and download it to the build machine.


Line 21: Line 20:
</pre>
</pre>


The signing server will recognize the token as valid since it had issued earlier.
The signing server will recognize the token as valid since it had issued it earlier.
 
I believe the upload step will rotate through the list of signing servers until it finds the one that will accept the token on-disk.
NOTE: I think the upload step will rotate through the list of signing servers until it finds the one that will accept the token on-disk.


= Known failures =
= Known failures =
Armenzg
Confirmed users
3,990

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/869750"