ISO history: fix?
This ticket is specifically about trying to fix the incredible performance issues we can get when it’s time to push data to the git-annex powered ISO history repository.
Assigning to Sysadmins for the time being.
|Blocks Tails - Feature #16209: Core work: Foundations Team||Confirmed|
#1 Updated by anonym 2020-05-06 12:56:50
One solution here is to
ssh jenkins.lizard locate the image and then import to
isos.git from there (after verifying them, of course). This is possible right now, with the caveat that you’d have to move your personal SSH key (the one you use for accessing
isos.git) there. That’s a no-no of course. :)
Instead, what if:
- we add a checkout of
jenkins.lizardthat all RMs have rw permissions to
- we generate a new key SSH that I will refer to as K
- we give push rights for key K to the
- we tell puppet to import key K for all RMs accounts on
- we add instructions to
release_process.mdwnso the history import is just a copy-paste job (including verifying the images first, droping the local copy from the Git annex after the import to save disk space, etc)
- possibly instruct the TR to verify that the correct images was uploaded to the images history archive as well
One drawback is that all RMs then need access to
jenkins.lizard. ATM it seems kibi doesn’t, so that would be a necessary change. Note that any of our VMs that has access to Jenkins’ build artifacts will do, so if there is another VM with that access but that exposes less critical infra it could replace “