Bug #11801
Use shared-secrets.d instead of TailsToaster_config/common.d
100%
Description
We use shared-secrets.d
when developing tests, so our isotesters should use it as well so developers can push updates required for new tests that will go live on the isotesters as well.
This would also have the advantage of making tails::jenkins::slave::iso_tester
work a bit more out-of-the-box on other systems than lizard: currently, systems managed by that class get configuration (e.g. ssh.yml
) that can’t possibly work outside of lizard.
Subtasks
Related issues
Has duplicate Tails - |
Duplicate | 2017-05-18 |
History
#1 Updated by intrigeri 2016-09-16 06:46:39
- Category changed from Infrastructure to Continuous Integration
- Type of work changed from Code to Sysadmin
#2 Updated by bertagaz 2016-11-08 20:23:59
- Target version changed from Tails_2.7 to Tails_2.9.1
#3 Updated by anonym 2016-12-14 20:11:27
- Target version changed from Tails_2.9.1 to Tails 2.10
#4 Updated by intrigeri 2016-12-18 09:57:23
- Target version changed from Tails 2.10 to Tails_2.11
#5 Updated by intrigeri 2017-01-03 10:35:42
- Description updated
- Assignee changed from bertagaz to intrigeri
Added one use case I care about, and thus taking over since I’d rather not wait.
#6 Updated by intrigeri 2017-03-08 09:00:43
- Target version changed from Tails_2.11 to Tails_2.12
#7 Updated by intrigeri 2017-04-03 07:52:06
- Status changed from Confirmed to In Progress
- % Done changed from 0 to 10
TailsToaster_config/common.d
contains:
- icedove: duplicated info so we can use the copy that’s in
shared-secrets
- sftp and ssh: same as what’s in
shared-secrets
, modulo the hostname; we can probably use what’s inshared-secrets
but it will probably require:- fixing the host resolution of
lizard.t.b.o
on our VMs (it currently points to 127.0.1.1, which is wrong) - some firewall tweaks
- fixing the host resolution of
- Tor:
shared-secrets
has no config for Tor bridges, so developers currently need to fill it themselves; moving the config currently used on isotesters toshared-secrets
would simplify things for developers, and would make our test suite results easier to compare.
And shared-secrets
contains no additonal config.
Next steps:
- Give our isotesters (lizard + sib) read-only access to the
shared-secrets
repo - Ensure isotesters can connect to
lizard.t.b.o:$PORT
over SSH, i.e. implement the tweaks mentioned above for sftp and ssh - Copy the Tor config to
shared-secrets
and ensure this doesn’t break current developers’ setup (tell them how to adjust their local config if needed). - In
tails::jenkins::slave::iso_tester
, replace the bits aboutTailsToaster_config/common.d
with a clone of theshared-secrets
repo. - And finally, think about the use case of contributors deploying
tails::jenkins::slave::iso_tester
without having access totails_secrets_jenkins
nor toshared-secrets
. This is off-topic here, but working on this class is a good time to file tickets about what else needs to be done about it.
#8 Updated by intrigeri 2017-04-17 08:29:14
- Target version changed from Tails_2.12 to Tails_3.1
#9 Updated by intrigeri 2017-05-18 10:27:18
- has duplicate
Bug #12559: The shared secrets repo is no up-to-date on Jenkins added
#10 Updated by intrigeri 2017-07-23 16:42:41
- % Done changed from 10 to 20
intrigeri wrote:
> Next steps:
>
> # Give our isotesters (lizard + sib) read-only access to the shared-secrets
repo
Done for lizard isotesters, will do for sib once I get access to it again.
> # Ensure isotesters can connect to lizard.t.b.o:$PORT
over SSH, i.e. implement the tweaks mentioned above for sftp and ssh
Fixed the host resolution and tweaked the firewall so this now works.
Remains to do:
- Copy the Tor config to
shared-secrets
and ensure this doesn’t break current developers’ setup (tell them how to adjust their local config if needed). - In
tails::jenkins::slave::iso_tester
, replace the bits aboutTailsToaster_config/common.d
with a clone of theshared-secrets
repo. - And finally, think about the use case of contributors deploying
tails::jenkins::slave::iso_tester
without having access totails_secrets_jenkins
nor toshared-secrets
. This is off-topic here, but working on this class is a good time to file tickets about what else needs to be done about it.
#11 Updated by intrigeri 2017-07-23 16:47:51
intrigeri wrote:
> # Copy the Tor config to shared-secrets
and ensure this doesn’t break current developers’ setup (tell them how to adjust their local config if needed).
Err, we don’t use this anymore (Chutney!) so we can simply remove these bits.
#12 Updated by intrigeri 2017-07-23 17:45:24
intrigeri wrote:
> # In tails::jenkins::slave::iso_tester
, replace the bits about TailsToaster_config/common.d
with a clone of the shared-secrets
repo.
Done. I haven’t access to my dev platform at the moment so I pushed this straight to production, sorry. First job that uses the new config: https://jenkins.tails.boum.org/job/manual_test_Tails_ISO_devel/61/
#13 Updated by intrigeri 2017-07-23 17:46:25
- % Done changed from 20 to 50
- QA Check set to Ready for QA
#14 Updated by intrigeri 2017-07-23 20:30:27
- QA Check changed from Ready for QA to Dev Needed
One test suite scenario is broken apparently (https://jenkins.tails.boum.org/job/manual_test_Tails_ISO_devel/61/artifact/build-artifacts/02%3A15%3A10_SSH_is_using_the_default_SocksPort.png). I think that it’s only the case when run on lizard, and could be trivially solved by connecting to another server than lizard (rather one we maintain ourselves, stable and well-connected to lizard, e.g. labs.r.n).
#15 Updated by intrigeri 2017-07-24 05:36:28
intrigeri wrote:
> One test suite scenario is broken apparently (https://jenkins.tails.boum.org/job/manual_test_Tails_ISO_devel/61/artifact/build-artifacts/02%3A15%3A10_SSH_is_using_the_default_SocksPort.png). I think that it’s only the case when run on lizard, and could be trivially solved by connecting to another server than lizard (rather one we maintain ourselves, stable and well-connected to lizard, e.g. labs.r.n).
I’ve adjusted our firewall instead. This scenario should be repaired now, let’s see how https://jenkins.tails.boum.org/job/manual_test_Tails_ISO_stable/14/ goes.
#16 Updated by intrigeri 2017-07-24 18:55:42
- Assignee changed from intrigeri to bertagaz
- QA Check changed from Dev Needed to Ready for QA
Everything seems back into good shape. Please review. This work can be found in our Puppet manifests repo (July 23-24) and the submodules it references + one additional cleanup in the test suite shared secrets repo.
#17 Updated by bertagaz 2017-07-31 10:52:15
- Status changed from In Progress to Resolved
- Assignee deleted (
bertagaz) - % Done changed from 50 to 100
- QA Check changed from Ready for QA to Pass
intrigeri wrote:
> Everything seems back into good shape. Please review. This work can be found in our Puppet manifests repo (July 23-24) and the submodules it references + one additional cleanup in the test suite shared secrets repo.
Indeed! Thanks for the hands on this.