Page MenuHomePhabricator
Create Task
Maniphest T131903

Update gerrit sshkey in role::ci::slave::labs when upgrade to Jessie happens
Closed, ResolvedPublic
Actions

Description

I added a patch to allow Jenkins slaves to trust the gerrit host here - https://github.com/wikimedia/operations-puppet/blob/production/modules/role/manifests/ci/slave/labs.pp#L66. The ssh key should be updated if it changes when the Gerrit server is upgraded to Jessie.

Creating this task so we remember to do it.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
contint/gerrit: allow ssh for git on new gerrit serveroperations/puppetproduction+6 -1
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedNemo_bisT51674 Restore full text search/grepping on the whole repository
 Resolved demonT38467 Impossible to search a commit from Gerrit
 Resolved demonT63463 Gerrit search: enable secondary index to allow latest operators
 Resolved demonT52297 Show "Can Merge: Yes / No" status on dashboard
 Resolved demonT65995 Provide search operator "is:mergeable" in Gerrit
 ResolvedNoneT37534 Free-form tagging in gerrit
 Resolved demonT131189 Only receiving few emails from Gerrit
 Resolved demonT48792 Gerrit should include summaries of and links to inline comments in the cover comment
 Resolved demonT116246 Provide a Github-like web editor for Gerrit to make small edits to code
 ResolvedAklapperT140272 Update Gerrit docs on mw.org after 2.12 upgrade
 Resolved demonT127605 Gerrit search by user name displays error message
 Resolved demonT127606 Links for user names in Gerrit are double-encoded; does not open page in Firefox
 Resolved demonT141065 Fine-tune gerrit cache settings
 Resolved demonT141064 Raise gerrit's memory limit
 Resolved demonT141241 @gerritbot not active anymore in Phabricator since Gerrit 2.12 upgrade
 Resolved demonT70271 Upgrade gerrit to 2.12
 Resolved demonT131903 Update gerrit sshkey in role::ci::slave::labs when upgrade to Jessie happens
 ResolvedDzahnT125018 replace gerrit server (ytterbium) with jessie server (lead)
 ResolvedRobHT123132 Need spare server to upgrade/migrate gerrit
 Resolved CmjohnsonT123531 check for memory upgrade for lead
 Resolved demonT126794 setup/deploy server lead as jessie gerrit server
 Resolved CmjohnsonT141415 decom ytterbium (datacenter)

Event Timeline

madhuvishy created this task.Apr 6 2016, 12:01 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 6 2016, 12:01 AM
madhuvishy added a subtask: T125018: replace gerrit server (ytterbium) with jessie server (lead).Apr 6 2016, 12:01 AM
madhuvishy updated the task description. (Show Details)
madhuvishy added subscribers: hashar, dduvall.
Paladox subscribed.Apr 6 2016, 12:30 AM
fgiunchedi triaged this task as Low priority.Apr 27 2016, 1:59 PM
greg edited projects, added Gerrit; removed Release-Engineering-Team.Jun 29 2016, 11:29 PM
Paladox raised the priority of this task from Low to High.Jul 11 2016, 9:04 PM

Changing to high priority due to the fact we are near to updating gerrit sometime this week.

Paladox added a subscriber: demon.Jul 11 2016, 9:04 PM
hashar added a comment.Jul 11 2016, 9:09 PM

Good catch! I guess @chad has a pending patch that replaces all occurences of the host key. Maybe the key will be migrated to the new server and would thus remain valid.

Dzahn added a parent task: T70271: Upgrade gerrit to 2.12.Jul 11 2016, 9:11 PM
gerritbot subscribed.Jul 11 2016, 9:18 PM

Change 298377 had a related patch set uploaded (by Paladox):
contint/gerrit: allow ssh for git on new gerrit server

https://gerrit.wikimedia.org/r/298377

gerritbot added a project: Patch-For-Review.Jul 11 2016, 9:18 PM
Paladox mentioned this in rOPUPddcf20b5f246: contint/gerrit: allow ssh for git on new gerrit server.Jul 11 2016, 9:22 PM
demon added a comment.Jul 11 2016, 9:49 PM
In T131903#2450119, @hashar wrote:

Good catch! I guess @chad has a pending patch that replaces all occurences of the host key. Maybe the key will be migrated to the new server and would thus remain valid.

It's not the host key, it's the public SSH key for the gerrit2 user. Jenkins/Zuul doesn't use that user, right? That key shouldn't have to change.

(Bonus points if we could pull that IP address from hiera so we don't have to tweak it)

Dzahn mentioned this in rOPUP2c8afd88b6f8: contint/gerrit: allow ssh for git on new gerrit server.Jul 11 2016, 10:10 PM
gerritbot added a comment.Jul 11 2016, 10:15 PM

Change 298377 merged by Dzahn:
contint/gerrit: allow ssh for git on new gerrit server

https://gerrit.wikimedia.org/r/298377

demon added a comment.EditedJul 19 2016, 4:15 PM

I'm thinking we should copy the host key to the new machine as well so people don't get unexpected key mismatches. Then zuul won't need a tweak either.

demon closed this task as Resolved.Jul 21 2016, 3:14 PM
demon claimed this task.

That public key won't be changing, neither will the ssh host key. I'm tentatively closing this.

Dzahn closed subtask T125018: replace gerrit server (ytterbium) with jessie server (lead) as Resolved.Jul 27 2016, 2:25 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits