Nick Thomas [:nthomas] (UTC+12) Reporter
	Description • 9 years ago

RelEng uses separate ssh keys for the staging and production infra for releases. It would be helpful if hosts like
  upload.ffxbld.productdelivery.stage.mozaws.net
were provisioned with the staging and production keys in ~ffxbld/.ssh/authorized_keys, while 
  upload.ffxbld.productdelivery.prod.mozaws.net
gets only the production keys. Currently we're manually adjusting the staging hosts, but this gets wiped out when they are re-provisioned. 

There are three of these systems, but mostly care about ffxbld and tbirdbld for this bug. There's a stage-ffxbld in ldap, and possibly one for Thunderbird too.

We are not sure how long we'll need these upload systems, so it may be worth scoping the extent of work before committing to it.

	Michael Shal [:mshal]
	Comment 1 • 9 years ago

Any progress on this? Right now uploads fail when building in staging, and it sounds like I need (yet another) manual workaround to get staging builds to do anything useful. This makes it more difficult to test nightly builds for things like bug 1217431.

	Bob Micheletto [:bobm]
	Comment 2 • 9 years ago

Sending this to the Release and Engineering component.

	Nick Thomas [:nthomas] (UTC+12) Reporter
	Comment 3 • 9 years ago

Does that move mean "this isn't a high priority compared to our other work, so please continuing to workaround" ?

	Jason Thomas [:jason]
	Comment 4 • 9 years ago

We moved this bug by accident, sorry. I've assigned to oremj to take a look at it.

	Jeremy Orem [:oremj] Assignee
	Comment 5 • 8 years ago

A quick fix for this would be to use different usernames for stage and prod e.g., ffxbld and ffxbldstage. Is that possible?

	Nick Thomas [:nthomas] (UTC+12) Reporter
	Comment 6 • 8 years ago

Yeah, it should be. There might already be a stage-ffxbld in ldap.

	Jeremy Orem [:oremj] Assignee
	Comment 7 • 8 years ago

Yep, it looks like we do have a stage-ffxbld user. I gave that user access to upload.ffxbld.productdelivery.stage.mozaws.net.