[Git][qa/jenkins.debian.net][master] i386.reproduce.debian.net: use signup_secret from /opt/etc/rebuilderd.secret
Holger Levsen (@holger)
gitlab at salsa.debian.org
Thu Jan 2 17:46:23 GMT 2025
Holger Levsen pushed to branch master at Debian QA / jenkins.debian.net
Commits:
c03f53db by Holger Levsen at 2025-01-02T18:45:56+01:00
i386.reproduce.debian.net: use signup_secret from /opt/etc/rebuilderd.secret
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
4 changed files:
- hosts/infom07-i386/opt/etc/rebuilderd-worker.conf
- hosts/infom07-i386/opt/etc/rebuilderd.conf
- hosts/infom08-i386/opt/etc/rebuilderd-worker.conf
- update_jdn.sh
Changes:
=====================================
hosts/infom07-i386/opt/etc/rebuilderd-worker.conf
=====================================
@@ -1,7 +1,7 @@
## The rebuilderd to connect to
endpoint = "https://i386.reproduce.debian.net"
## The server would either allowlist our key or require a signup secret
-#signup_secret = "your_signup_key"
+signup_secret = "INSECURE"
[build]
#timeout = 86400 # 24 hours
=====================================
hosts/infom07-i386/opt/etc/rebuilderd.conf
=====================================
@@ -22,12 +22,12 @@ bind_addr = "127.0.0.1:8484"
#cookie = "INSECURE"
## IMPORTANT: in production, make sure either `authorized_workers` or `signup_secret` is configured.
-#[worker]
+[worker]
## If we have a fixed set of workers we can allow-list the keys here.
#authorized_workers = ["key1", "key2"]
## If we want to spawn new workers dynamically we can configure a sign up secret below.
## Use `pwgen -1s 32` to generate one.
-#signup_secret = "INSECURE"
+signup_secret = "INSECURE"
#[schedule]
## Configure the delay to automatically retry failed rebuilds in hours. The
=====================================
hosts/infom08-i386/opt/etc/rebuilderd-worker.conf
=====================================
@@ -1,7 +1,7 @@
## The rebuilderd to connect to
-endpoint = "http://127.0.0.1:8484"
+endpoint = "https://i386.reproduce.debian.net"
## The server would either allowlist our key or require a signup secret
-#signup_secret = "your_signup_key"
+signup_secret = "INSECURE"
[build]
#timeout = 86400 # 24 hours
=====================================
update_jdn.sh
=====================================
@@ -734,6 +734,19 @@ if [ "$HOSTNAME" = "jenkins" ] || [ "$HOSTNAME" = "ionos7-amd64" ] || [ "$HOSTNA
fi
done
fi
+# set secret for remote rebuilderd-workers
+case $HOSTNAME in
+ infom07|infom08*) SIGNUPSECRET="$(cat /opt/etc/rebuilderd.secret)"
+ for i in rebuilderd.conf rebuilderd-worker.conf ; do
+ if [ -f /opt/etc/$i ] ; then
+ if grep -q '^signup_secret = "INSECURE"' ; then
+ sudo sed -i "s^signup_secret = \"INSECURE\"#signup_secret = \"$SIGNUPSECRET\"#g" opt/etc/$i
+ fi
+ fi
+ done
+ ;;
+ *) ;;
+esac
if [ "$HOSTNAME" = "jenkins" ] || [ "$HOSTNAME" = "ionos7-amd64" ] ; then
if ! $UP2DATE || [ $BASEDIR/hosts/$HOSTNAME/etc/apache2 -nt $STAMP ] ; then
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/c03f53db890ce48c7501b0820937c16afae17699
--
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/c03f53db890ce48c7501b0820937c16afae17699
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-scm/attachments/20250102/ca017775/attachment-0001.htm>
More information about the Qa-jenkins-scm
mailing list