bug 1409609 - balrog-dev. r=mtabara
MozReview-Commit-ID: HXB6CErm4qE
--- a/manifests/moco-nodes.pp
+++ b/manifests/moco-nodes.pp
@@ -987,24 +987,32 @@ node /signing-linux-dev.*\.releng\..*\.m
$aspects = [ 'maximum-security' ]
$signing_scriptworker_env = 'dev'
$timezone = 'UTC'
$only_user_ssh = true
include toplevel::server::signingscriptworker
}
# Balrog scriptworkers
-node /balrogworker-.*\.srv\.releng\..*\.mozilla\.com/ {
+node /balrogworker-\d*\.srv\.releng\..*\.mozilla\.com/ {
$aspects = [ 'maximum-security' ]
$balrogworker_env = 'prod'
$timezone = 'UTC'
$only_user_ssh = true
include toplevel::server::balrogscriptworker
}
+node /balrogworker-dev\d*\.srv\.releng\..*\.mozilla\.com/ {
+ $aspects = [ 'maximum-security' ]
+ $balrogworker_env = 'dev'
+ $timezone = 'UTC'
+ $only_user_ssh = true
+ include toplevel::server::balrogscriptworker
+}
+
# Beetmover scriptworkers
node /beetmoverworker-.*\.srv\.releng\..*\.mozilla\.com/ {
$aspects = [ 'maximum-security' ]
$beetmoverworker_env = 'prod'
$timezone = 'UTC'
$only_user_ssh = true
include toplevel::server::beetmoverscriptworker
}
--- a/modules/balrog_scriptworker/manifests/init.pp
+++ b/modules/balrog_scriptworker/manifests/init.pp
@@ -91,31 +91,35 @@ class balrog_scriptworker {
task_script_executable => $balrog_scriptworker::settings::task_script_executable,
task_script => $balrog_scriptworker::settings::task_script,
task_script_config => $balrog_scriptworker::settings::task_script_config,
username => $users::builder::username,
group => $users::builder::group,
- taskcluster_client_id => $balrog_scriptworker::settings::taskcluster_client_id,
- taskcluster_access_token => $balrog_scriptworker::settings::taskcluster_access_token,
+ taskcluster_client_id => $env_config["taskcluster_client_id"],
+ taskcluster_access_token => $env_config["taskcluster_access_token"],
worker_group => $balrog_scriptworker::settings::worker_group,
- worker_type => $balrog_scriptworker::settings::worker_type,
+ worker_type => $env_config["worker_type"],
task_max_timeout => $balrog_scriptworker::settings::task_max_timeout,
cot_job_type => 'balrog',
+ sign_chain_of_trust => $env_config["sign_chain_of_trust"],
+ verify_chain_of_trust => $env_config["verify_chain_of_trust"],
+ verify_cot_signature => $env_config["verify_cot_signature"],
+
verbose_logging => $balrog_scriptworker::settings::verbose_logging,
}
mercurial::repo {
'tools':
- hg_repo => $balrog_scriptworker::settings::tools_repo,
+ hg_repo => $env_config["tools_repo"],
dst_dir => "${balrog_scriptworker::settings::root}/tools",
user => $users::builder::username,
branch => $balrog_scriptworker::settings::tools_branch,
require => [
Class['packages::mozilla::py27_mercurial'],
Python35::Virtualenv[$balrog_scriptworker::settings::root],
];
}
--- a/modules/balrog_scriptworker/manifests/settings.pp
+++ b/modules/balrog_scriptworker/manifests/settings.pp
@@ -3,29 +3,43 @@
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
class balrog_scriptworker::settings {
$root = '/builds/scriptworker'
$task_script_executable = "${root}/py27venv/bin/python"
$task_script = "${root}/py27venv/bin/balrogscript"
$task_script_config = "${root}/script_config.json"
$task_max_timeout = 1800
- $tools_repo = 'https://hg.mozilla.org/build/tools'
$tools_branch = 'default'
$worker_group = 'balrogworker-v1'
- $worker_type = 'balrogworker-v1'
- $taskcluster_client_id = secret('balrogworker_dev_taskcluster_client_id')
- $taskcluster_access_token = secret('balrogworker_dev_taskcluster_access_token')
$verbose_logging = true
$env_config = {
'dev' => {
balrog_username => 'balrog-stage-ffxbld',
balrog_password => secret('balrog-stage-ffxbld_ldap_password'),
balrog_api_root => 'https://balrog-admin.stage.mozaws.net/api',
+
+ dummy => true,
+ tools_repo => 'https://hg.mozilla.org/build/tools',
+ taskcluster_client_id => 'project/releng/scriptworker/balrogworker-dev',
+ taskcluster_access_token => secret('balrogworker_dev_taskcluster_access_token'),
+ worker_type => 'balrogworker-dev',
+ sign_chain_of_trust => false,
+ verify_chain_of_trust => true,
+ verify_cot_signature => false,
},
'prod' => {
balrog_username => 'balrog-ffxbld',
balrog_password => secret('balrog-ffxbld_ldap_password'),
balrog_api_root => 'https://aus4-admin.mozilla.org/api',
+
+ dummy => false,
+ tools_repo => 'https://hg.mozilla.org/build/tools',
+ taskcluster_client_id => 'project/releng/scriptworker/balrogworker',
+ taskcluster_access_token => secret('balrogworker_prod_taskcluster_access_token'),
+ worker_type => 'balrogworker-v1',
+ sign_chain_of_trust => true,
+ verify_chain_of_trust => true,
+ verify_cot_signature => true,
}
}
}
--- a/modules/balrog_scriptworker/templates/script_config.json.erb
+++ b/modules/balrog_scriptworker/templates/script_config.json.erb
@@ -1,16 +1,16 @@
{
"work_dir": "<%= scope.lookupvar("balrog_scriptworker::settings::root") %>/work",
"artifact_dir": "<%= scope.lookupvar("balrog_scriptworker::settings::root") %>/artifacts",
"schema_file": "<%= scope.lookupvar("balrog_scriptworker::settings::root") %>/py27venv/lib/python2.7/site-packages/balrogscript/data/balrog_task_schema.json",
"verbose": <%= scope.lookupvar("balrog_scriptworker::settings::verbose_logging") %>,
- "dummy": false,
+ "dummy": @env_config["dummy"],
"disable_certs": false,
"server_config": {
"nightly": {
"api_root": "<%= @env_config["balrog_api_root"] %>",
"balrog_username": "<%= @env_config["balrog_username"] %>",
"balrog_password": "<%= @env_config["balrog_password"] %>",
"allowed_channels": ["nightly"]