ReleaseEngineering/How To/RelOps Hardware Controller (Roller): Difference between revisions
(Created page with "https://github.com/mozilla-platform-ops/relops-hardware-controller == How to Use Roller == === Allow the self-signed SSL certificate === File:Roller show-failure-because-o...") |
No edit summary |
||
| Line 2: | Line 2: | ||
== How to Use Roller == | == How to Use Roller == | ||
=== Allow the | === Summary === | ||
# Allow the ssl certificate at https://roller1.srv.releng.mdc1.mozilla.com/api/v1/workers/auth-ssl/jobs | |||
# Request an action | |||
## Login to https://tools.taskcluster.net/provisioners/releng-hardware/worker-types/ | |||
## Navigate to a worker | |||
## Click an action for that worker | |||
# Wait to receive the action results | |||
## Read the email | |||
## See the message in IRC | |||
=== Actions === | |||
[[File:Roller actions for dev.png|400px|thumb|right|Example showing roller development actions in tools.taskcluster.net.]] | |||
Roller is configured through releng-puppet. The actions are added manually to the tools.taskcluster.net provisioners, and are visible through the worker views. To use the actions, you must allow the ssl certificate in your browser (see below) and have appropriate taskcluster scopes; The scopes matching the actions are defined in puppet like "project:releng:roller:ping". | |||
=== Results === | |||
The taskcluster tools interface issues the request to Roller, and Roller authorizes the action against the TaskCluster auth server. If your logged-in taskcluster id has scopes to perform the action, Roller queues the action and responds that the action is accepted. This is the check-mark success that is shown in the tools.taskcluster.net interface. | |||
The actual results for the action are sent to your email address (it assumes that your '''email address is tc_clientid@mozilla.com''') and directly to you on Mozilla's irc server (also assumes that your '''irc nickname is your tc_clientid'''). | |||
* Email to tc_clientid@mozilla.com | |||
* IRC personal message from taskcluster to tc_clientid | |||
This out-of-band return of results is the simplest current approach; The tools.taskcluster.net website shows pass/fail synchronous request results only. | |||
[[File:Roller show-failure-because-of-cert.png|400px|thumb|right|What does the SSL failure look like from the tools.taskcluster.net interface?]] | [[File:Roller show-failure-because-of-cert.png|400px|thumb|right|What does the SSL failure look like from the tools.taskcluster.net interface?]] | ||
=== Allow the self-signed SSL certificate === | |||
Load a url for roller: https://roller1.srv.releng.mdc1.mozilla.com/api/v1/workers/auth-ssl/jobs | Load a url for roller: https://roller1.srv.releng.mdc1.mozilla.com/api/v1/workers/auth-ssl/jobs | ||
(This matches the urls for the actions on tools.taskcluster.net like https://tools.taskcluster.net/provisioners/releng-hardware/worker-types/gecko-t-linux-talos/workers/mdc1/t-linux64-ms-004) | (This matches the urls for the actions on tools.taskcluster.net like https://tools.taskcluster.net/provisioners/releng-hardware/worker-types/gecko-t-linux-talos/workers/mdc1/t-linux64-ms-004) | ||
| Line 11: | Line 35: | ||
Once the certificate is allowed, the requests to roller from your view of tools.taskcluster.net will not be blocked. | Once the certificate is allowed, the requests to roller from your view of tools.taskcluster.net will not be blocked. | ||
[[File:Roller show-adding-security-exception-for-self-signed-key.png|400px|thumb| | [[File:Roller show-adding-security-exception-for-self-signed-key.png|400px|thumb|left|Example of accepting the roller SSL certificate.]] | ||
Revision as of 18:01, 28 March 2018
https://github.com/mozilla-platform-ops/relops-hardware-controller
How to Use Roller
Summary
- Allow the ssl certificate at https://roller1.srv.releng.mdc1.mozilla.com/api/v1/workers/auth-ssl/jobs
- Request an action
- Login to https://tools.taskcluster.net/provisioners/releng-hardware/worker-types/
- Navigate to a worker
- Click an action for that worker
- Wait to receive the action results
- Read the email
- See the message in IRC
Actions
Roller is configured through releng-puppet. The actions are added manually to the tools.taskcluster.net provisioners, and are visible through the worker views. To use the actions, you must allow the ssl certificate in your browser (see below) and have appropriate taskcluster scopes; The scopes matching the actions are defined in puppet like "project:releng:roller:ping".
Results
The taskcluster tools interface issues the request to Roller, and Roller authorizes the action against the TaskCluster auth server. If your logged-in taskcluster id has scopes to perform the action, Roller queues the action and responds that the action is accepted. This is the check-mark success that is shown in the tools.taskcluster.net interface.
The actual results for the action are sent to your email address (it assumes that your email address is tc_clientid@mozilla.com) and directly to you on Mozilla's irc server (also assumes that your irc nickname is your tc_clientid).
- Email to tc_clientid@mozilla.com
- IRC personal message from taskcluster to tc_clientid
This out-of-band return of results is the simplest current approach; The tools.taskcluster.net website shows pass/fail synchronous request results only.
Allow the self-signed SSL certificate
Load a url for roller: https://roller1.srv.releng.mdc1.mozilla.com/api/v1/workers/auth-ssl/jobs (This matches the urls for the actions on tools.taskcluster.net like https://tools.taskcluster.net/provisioners/releng-hardware/worker-types/gecko-t-linux-talos/workers/mdc1/t-linux64-ms-004)
Your web browser will report that the certificate is invalid and may ask to allow the certificate. Choose to allow it, or add the exception to allow it. When successful, you will receive an error from the roller server; this is because it is not receiving your TaskCluster account information. You cannot make api calls to roller directly.
Once the certificate is allowed, the requests to roller from your view of tools.taskcluster.net will not be blocked.
