Project

General

Profile

Feature #17412

Drop the need for dedicated temporary storage space for IUKs on rsync.lizard

Added by intrigeri 3 months ago. Updated 2 days ago.

Status:
Resolved
Priority:
Elevated
Category:
Infrastructure
Target version:
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

That's the second step of #17385#note-2, i.e. make it so temporary data is stored directly in /srv during the release process.

One idea could be to:

  1. give every RM permission to SSH into rsync.lizard as the rsync_tails user, and point $HOME for this user somewhere under /srv
  2. adjust the release process so that all SSH operations done on rsync.lizard are done as the rsync_tails user
  3. drop the /home LV and migrate the corresponding data back to /

Related issues

Related to Tails - Feature #17385: Grow /home on rsync.lizard Resolved
Related to Tails - Feature #15287: Make it possible to reproducibly generate IUKs in CI Resolved 02/05/2018
Blocks Tails - Feature #13242: Core work: Sysadmin (Maintain our already existing services) Confirmed 06/29/2017

Associated revisions

Revision 4eb681c4 (diff)
Added by intrigeri 2 months ago

Release process: drop the need for allocating (duplicated) temporary storage space for IUKs on rsync.lizard (refs: #17412)

Previously, we would copy the IUKs to /home and then move them to /srv/rsync.
Given these 2 directories are on different storage volumes, this means
we had to allocate the corresponding storage space twice.

Let's instead directly copy the IUKs to /srv.

History

#1 Updated by intrigeri 3 months ago

  • Blocks Feature #13242: Core work: Sysadmin (Maintain our already existing services) added

#2 Updated by intrigeri 3 months ago

#3 Updated by intrigeri 3 months ago

  • Related to Feature #15287: Make it possible to reproducibly generate IUKs in CI added

#4 Updated by intrigeri 3 months ago

  • Priority changed from Normal to Elevated

#5 Updated by intrigeri 2 months ago

  • Status changed from Confirmed to In Progress
  • Feature Branch set to doc/17415-fix-IUK-generation-in-release-process

#6 Updated by intrigeri 2 months ago

  • Status changed from In Progress to Needs Validation
  • Assignee changed from intrigeri to anonym
  • Type of work changed from Sysadmin to Code

In the end I did it differently: instead of a new, dedicated user, I've adjusted our code & release process to use a work directory under /srv.

#7 Updated by anonym about 2 months ago

  • Target version changed from Tails_4.3 to Tails_4.4

#8 Updated by CyrilBrulebois 18 days ago

  • Target version changed from Tails_4.4 to Tails_4.5

#9 Updated by intrigeri 2 days ago

  • Assignee changed from anonym to CyrilBrulebois

Reassigning to @CyrilBrulebois, who will exercise this code path during the 4.5 release process.

#10 Updated by CyrilBrulebois 2 days ago

  • Assignee changed from CyrilBrulebois to intrigeri
  • Feature Branch deleted (doc/17415-fix-IUK-generation-in-release-process)

Well, I'm not sure I understand. The branch is gone, it's been merged a while ago, and the relevant commit is available in:

# TIL git branch --contains
kibi@armor:~/work/clients/tails/release/release-checkout$ git branch --contains 4eb681c4
  bugfix/17359-rply-cache
  devel
  doc/changelog-4.5-rc1
  feature/17539-tor-browser-9.0.7+force-all-tests
  stable
* testing
  web/release-4.4
  web/release-4.4.1
  web/release-4.5-rc1

and even:

kibi@armor:~/work/clients/tails/release/release-checkout$ git describe --contains 4eb681c4
4.3~11^2~1

#11 Updated by intrigeri 2 days ago

  • Assignee changed from intrigeri to CyrilBrulebois

Well, I'm not sure I understand. The branch is gone, it's been merged a while ago […]

Yep, I should have made my request clearer.

So, I have two questions:

  • Does 4eb681c4278f38a1727ad15346626d10bdfffb06 look sane to you?
  • Did you encounter any trouble recently (possibly caused by that commit) at the step of the release process that uses the copy-iuks-to-rsync-server-and-verify script?

#12 Updated by CyrilBrulebois 2 days ago

  • Status changed from Needs Validation to Resolved

Oh, OK.

Yes, the commit looks sane to me, and I'm happy not to have that kind of extra dance anymore.

TBH this was rather well hidden behind the new IUK handling (copied from Jenkins because successfully reproduced there), and while I haven't had to exercise the “manual upload” code path (fingers crossed), the overall change seems very fine.

Also available in: Atom PDF