bug 1409609 - beetmover-dev. r=mtabara
MozReview-Commit-ID: 8d4yuq7s8MI
--- a/manifests/moco-nodes.pp
+++ b/manifests/moco-nodes.pp
@@ -1004,16 +1004,24 @@ node /balrogworker-.*\.srv\.releng\..*\.
node /beetmoverworker-.*\.srv\.releng\..*\.mozilla\.com/ {
$aspects = [ 'maximum-security' ]
$beetmoverworker_env = 'prod'
$timezone = 'UTC'
$only_user_ssh = true
include toplevel::server::beetmoverscriptworker
}
+node /beetmover-dev.*\.releng\..*\.mozilla\.com/ {
+ $aspects = [ 'maximum-security' ]
+ $beetmoverworker_env = 'dev'
+ $timezone = 'UTC'
+ $only_user_ssh = true
+ include toplevel::server::beetmoverscriptworker
+}
+
# Pushapk scriptworkers
node /pushapkworker-.*\.srv\.releng\..*\.mozilla\.com/ {
$aspects = [ 'maximum-security' ]
$pushapk_scriptworker_env = 'prod'
$timezone = 'UTC'
$only_user_ssh = true
include toplevel::server::pushapkscriptworker
}
--- a/modules/beetmover_scriptworker/manifests/init.pp
+++ b/modules/beetmover_scriptworker/manifests/init.pp
@@ -66,30 +66,34 @@ class beetmover_scriptworker {
basedir => $beetmover_scriptworker::settings::root,
task_script => $beetmover_scriptworker::settings::task_script,
task_script_config => $beetmover_scriptworker::settings::task_script_config,
username => $users::builder::username,
group => $users::builder::group,
- taskcluster_client_id => $beetmover_scriptworker::settings::taskcluster_client_id,
- taskcluster_access_token => $beetmover_scriptworker::settings::taskcluster_access_token,
+ taskcluster_client_id => $env_config["taskcluster_client_id"],
+ taskcluster_access_token => $env_config["taskcluster_access_token"],
worker_group => $beetmover_scriptworker::settings::worker_group,
- worker_type => $beetmover_scriptworker::settings::worker_type,
+ worker_type => $env_config["worker_type"],
task_max_timeout => $beetmover_scriptworker::settings::task_max_timeout,
cot_job_type => 'beetmover',
+ sign_chain_of_trust => $env_config["sign_chain_of_trust"],
+ verify_chain_of_trust => $env_config["verify_chain_of_trust"],
+ verify_cot_signature => $env_config["verify_cot_signature"],
+
verbose_logging => $beetmover_scriptworker::settings::verbose_logging,
}
file {
"${beetmover_scriptworker::settings::root}/script_config.json":
require => Python35::Virtualenv[$beetmover_scriptworker::settings::root],
mode => '0600',
owner => $users::builder::username,
group => $users::builder::group,
- content => template("${module_name}/script_config.json.erb"),
+ content => template($env_config["config_template"]),
show_diff => false;
}
}
--- a/modules/beetmover_scriptworker/manifests/settings.pp
+++ b/modules/beetmover_scriptworker/manifests/settings.pp
@@ -4,19 +4,16 @@
class beetmover_scriptworker::settings {
$root = '/builds/scriptworker'
$task_script = "${root}/bin/beetmoverscript"
$task_script_config = "${root}/script_config.json"
$task_max_timeout = 1800
$worker_group = 'beetmoverworker-v1'
- $worker_type = 'beetmoverworker-v1'
- $taskcluster_client_id = secret('beetmoverworker_dev_taskcluster_client_id')
- $taskcluster_access_token = secret('beetmoverworker_dev_taskcluster_access_token')
$verbose_logging = true
$env_config = {
'dev' => {
nightly_beetmover_aws_access_key_id => secret('stage-beetmover-aws_access_key_id'),
nightly_beetmover_aws_secret_access_key => secret('stage-beetmover-aws_secret_access_key'),
nightly_beetmover_aws_s3_firefox_bucket => 'net-mozaws-stage-delivery-firefox',
nightly_beetmover_aws_s3_fennec_bucket => 'net-mozaws-stage-delivery-archive',
@@ -25,27 +22,43 @@ class beetmover_scriptworker::settings {
release_beetmover_aws_secret_access_key => secret('stage-beetmover-aws_secret_access_key'),
release_beetmover_aws_s3_firefox_bucket => 'net-mozaws-stage-delivery-firefox',
release_beetmover_aws_s3_fennec_bucket => 'net-mozaws-stage-delivery-archive',
dep_beetmover_aws_access_key_id => secret('stage-beetmover-aws_access_key_id'),
dep_beetmover_aws_secret_access_key => secret('stage-beetmover-aws_secret_access_key'),
dep_beetmover_aws_s3_firefox_bucket => 'net-mozaws-stage-delivery-firefox',
dep_beetmover_aws_s3_fennec_bucket => 'net-mozaws-stage-delivery-archive',
+
+ config_template => 'beetmover_scriptworker/dev_script_config.json.erb',
+ worker_type => 'beetmover-dev',
+ taskcluster_client_id => secret('beetmoverworker_dev_taskcluster_client_id'),
+ taskcluster_access_token => secret('beetmoverworker_dev_taskcluster_access_token'),
+ sign_chain_of_trust => false,
+ verify_chain_of_trust => true,
+ verify_cot_signature => false,
},
'prod' => {
nightly_beetmover_aws_access_key_id => secret('nightly-beetmover-aws_access_key_id'),
nightly_beetmover_aws_secret_access_key => secret('nightly-beetmover-aws_secret_access_key'),
nightly_beetmover_aws_s3_firefox_bucket => 'net-mozaws-prod-delivery-firefox',
nightly_beetmover_aws_s3_fennec_bucket => 'net-mozaws-prod-delivery-archive',
release_beetmover_aws_access_key_id => secret('beetmover-aws_access_key_id'),
release_beetmover_aws_secret_access_key => secret('beetmover-aws_secret_access_key'),
release_beetmover_aws_s3_firefox_bucket => 'net-mozaws-prod-delivery-firefox',
release_beetmover_aws_s3_fennec_bucket => 'net-mozaws-prod-delivery-archive',
dep_beetmover_aws_access_key_id => secret('stage-beetmover-aws_access_key_id'),
dep_beetmover_aws_secret_access_key => secret('stage-beetmover-aws_secret_access_key'),
dep_beetmover_aws_s3_firefox_bucket => 'net-mozaws-stage-delivery-firefox',
dep_beetmover_aws_s3_fennec_bucket => 'net-mozaws-stage-delivery-archive',
+
+ config_template => 'beetmover_scriptworker/prod_script_config.json.erb',
+ worker_type => 'beetmoverworker-v1',
+ taskcluster_client_id => secret('beetmoverworker_prod_taskcluster_client_id'),
+ taskcluster_access_token => secret('beetmoverworker_prod_taskcluster_access_token'),
+ sign_chain_of_trust => true,
+ verify_chain_of_trust => true,
+ verify_cot_signature => true,
}
}
}
rename from modules/beetmover_scriptworker/templates/script_config.json.erb
rename to modules/beetmover_scriptworker/templates/base_script_config.json.erb
--- a/modules/beetmover_scriptworker/templates/script_config.json.erb
+++ b/modules/beetmover_scriptworker/templates/base_script_config.json.erb
@@ -1,22 +1,19 @@
-{
"work_dir": "<%= scope.lookupvar("beetmover_scriptworker::settings::root") %>/work",
"artifact_dir": "<%= scope.lookupvar("beetmover_scriptworker::settings::root") %>/artifacts",
"aiohttp_max_connections": 10,
"checksums_digests": ["sha512", "sha256"],
"blobs_needing_prettynaming_contents": [
"target.test_packages.json"
],
"schema_file": "<%= scope.lookupvar("beetmover_scriptworker::settings::root") %>/lib/python3.5/site-packages/beetmoverscript/data/beetmover_task_schema.json",
"verbose": <%= scope.lookupvar("beetmover_scriptworker::settings::verbose_logging") %>,
- "dummy": false,
- "disable_certs": false,
"template_files": {
"firefox_nightly": "<%= scope.lookupvar("beetmover_scriptworker::settings::root") %>/lib/python3.5/site-packages/beetmoverscript/templates/firefox_nightly.yml",
"firefox_nightly_repacks": "<%= scope.lookupvar("beetmover_scriptworker::settings::root") %>/lib/python3.5/site-packages/beetmoverscript/templates/firefox_nightly_repacks.yml",
"fennec_nightly": "<%= scope.lookupvar("beetmover_scriptworker::settings::root") %>/lib/python3.5/site-packages/beetmoverscript/templates/fennec_nightly.yml",
"fennec_nightly_repacks": "<%= scope.lookupvar("beetmover_scriptworker::settings::root") %>/lib/python3.5/site-packages/beetmoverscript/templates/fennec_nightly_repacks.yml",
"fennecx86_nightly": "<%= scope.lookupvar("beetmover_scriptworker::settings::root") %>/lib/python3.5/site-packages/beetmoverscript/templates/fennecx86_nightly.yml",
"fennecaarch64_nightly": "<%= scope.lookupvar("beetmover_scriptworker::settings::root") %>/lib/python3.5/site-packages/beetmoverscript/templates/fennecaarch64_nightly.yml"
@@ -32,45 +29,10 @@
"fennecaarch64_nightly": "<%= scope.lookupvar("beetmover_scriptworker::settings::root") %>/lib/python3.5/site-packages/beetmoverscript/templates/fennecaarch64_nightly.yml"
},
"push-to-candidates": {
"fennec_candidates": "<%= scope.lookupvar("beetmover_scriptworker::settings::root") %>/lib/python3.5/site-packages/beetmoverscript/templates/fennec_candidates.yml",
"fennec_candidates_repacks": "<%= scope.lookupvar("beetmover_scriptworker::settings::root") %>/lib/python3.5/site-packages/beetmoverscript/templates/fennec_candidates_repacks.yml",
"fennecx86_candidates": "<%= scope.lookupvar("beetmover_scriptworker::settings::root") %>/lib/python3.5/site-packages/beetmoverscript/templates/fennecx86_candidates.yml",
"fennecaarch64_candidates": "<%= scope.lookupvar("beetmover_scriptworker::settings::root") %>/lib/python3.5/site-packages/beetmoverscript/templates/fennecaarch64_candidates.yml"
},
- "push-to-releases": {},
- "push-to-staging": {}
+ "push-to-releases": {}
},
-
- "bucket_config": {
- "nightly": {
- "credentials": {
- "id": "<%= @env_config["nightly_beetmover_aws_access_key_id"] %>",
- "key": "<%= @env_config["nightly_beetmover_aws_secret_access_key"] %>"
- },
- "buckets": {
- "firefox": "<%= @env_config["nightly_beetmover_aws_s3_firefox_bucket"] %>",
- "fennec": "<%= @env_config["nightly_beetmover_aws_s3_fennec_bucket"] %>"
- }
- },
- "release": {
- "credentials": {
- "id": "<%= @env_config["release_beetmover_aws_access_key_id"] %>",
- "key": "<%= @env_config["release_beetmover_aws_secret_access_key"] %>"
- },
- "buckets": {
- "firefox": "<%= @env_config["release_beetmover_aws_s3_firefox_bucket"] %>",
- "fennec": "<%= @env_config["release_beetmover_aws_s3_fennec_bucket"] %>"
- }
- },
- "dep": {
- "credentials": {
- "id": "<%= @env_config["dep_beetmover_aws_access_key_id"] %>",
- "key": "<%= @env_config["dep_beetmover_aws_secret_access_key"] %>"
- },
- "buckets": {
- "firefox": "<%= @env_config["dep_beetmover_aws_s3_firefox_bucket"] %>",
- "fennec": "<%= @env_config["dep_beetmover_aws_s3_fennec_bucket"] %>"
- }
- }
- }
-}
new file mode 100644
--- /dev/null
+++ b/modules/beetmover_scriptworker/templates/dev_script_config.json.erb
@@ -0,0 +1,16 @@
+{
+<%= scope.function_template(["beetmover_scriptworker/base_script_config.json.erb"]) %>
+
+ "bucket_config": {
+ "dep": {
+ "credentials": {
+ "id": "<%= @env_config["dep_beetmover_aws_access_key_id"] %>",
+ "key": "<%= @env_config["dep_beetmover_aws_secret_access_key"] %>"
+ },
+ "buckets": {
+ "firefox": "<%= @env_config["dep_beetmover_aws_s3_firefox_bucket"] %>",
+ "fennec": "<%= @env_config["dep_beetmover_aws_s3_fennec_bucket"] %>"
+ }
+ }
+ }
+}
new file mode 100644
--- /dev/null
+++ b/modules/beetmover_scriptworker/templates/prod_script_config.json.erb
@@ -0,0 +1,36 @@
+{
+<%= scope.function_template(["beetmover_scriptworker/base_script_config.json.erb"]) %>
+
+ "bucket_config": {
+ "nightly": {
+ "credentials": {
+ "id": "<%= @env_config["nightly_beetmover_aws_access_key_id"] %>",
+ "key": "<%= @env_config["nightly_beetmover_aws_secret_access_key"] %>"
+ },
+ "buckets": {
+ "firefox": "<%= @env_config["nightly_beetmover_aws_s3_firefox_bucket"] %>",
+ "fennec": "<%= @env_config["nightly_beetmover_aws_s3_fennec_bucket"] %>"
+ }
+ },
+ "release": {
+ "credentials": {
+ "id": "<%= @env_config["release_beetmover_aws_access_key_id"] %>",
+ "key": "<%= @env_config["release_beetmover_aws_secret_access_key"] %>"
+ },
+ "buckets": {
+ "firefox": "<%= @env_config["release_beetmover_aws_s3_firefox_bucket"] %>",
+ "fennec": "<%= @env_config["release_beetmover_aws_s3_fennec_bucket"] %>"
+ }
+ },
+ "dep": {
+ "credentials": {
+ "id": "<%= @env_config["dep_beetmover_aws_access_key_id"] %>",
+ "key": "<%= @env_config["dep_beetmover_aws_secret_access_key"] %>"
+ },
+ "buckets": {
+ "firefox": "<%= @env_config["dep_beetmover_aws_s3_firefox_bucket"] %>",
+ "fennec": "<%= @env_config["dep_beetmover_aws_s3_fennec_bucket"] %>"
+ }
+ }
+ }
+}