generic-worker on macOS: configure livelog

2025-06-06 16:45:39 +00:00 · 2018-11-12 22:34:33 +01:00 · 2018-11-12 22:34:33 +01:00 · ff1e2c2394
commit ff1e2c2394
parent a5089885ac
4 changed files with 32 additions and 12 deletions
--- a/etc/taskcluster/macos/modules/pillar/taskcluster_secrets.py
+++ b/etc/taskcluster/macos/modules/pillar/taskcluster_secrets.py
@ -12,5 +12,5 @@ def ext_pillar(_minion_id, _pillar, *_args):
    tc.check()
    data = {}
    data.update(tc.secret("project/servo/tc-client/worker/macos/1"))
-    data.update(tc.secret("project/servo/livelog-secret/1"))
+    data.update(tc.livelog())
    return data
--- a/etc/taskcluster/macos/states/generic-worker.sls
+++ b/etc/taskcluster/macos/states/generic-worker.sls
@ -28,7 +28,6 @@

 {{ home }}/config.json:
  file.serialize:
-    - makedirs: True
    - user: {{ user }}
    - mode: 600
    - show_changes: False
@ -43,10 +42,25 @@
        signingKeyLocation: {{ home }}/key
        clientId: {{ pillar["client_id"] }}
        accessToken: {{ pillar["access_token"] }}
+        livelogExecutable: {{ bin }}/livelog
+        livelogCertificate: {{ home }}/livelog.crt
+        livelogKey: {{ home }}/livelog.key
        livelogSecret: {{ pillar["livelog_secret"] }}
    - watch_in:
      - service: net.generic.worker

+{{ home }}/livelog.crt:
+  file.managed:
+    - contents_pillar: livelog_cert
+    - user: {{ user }}
+    - mode: 600
+
+{{ home }}/livelog.key:
+  file.managed:
+    - contents_pillar: livelog_key
+    - user: {{ user }}
+    - mode: 600
+
 {{ bin }}/generic-worker new-openpgp-keypair --file {{ home }}/key:
  cmd.run:
    - creates: {{ home }}/key
--- a/etc/taskcluster/packet.net/tc.py
+++ b/etc/taskcluster/packet.net/tc.py
@ -5,6 +5,7 @@
 import os
 import sys
 import json
+import base64
 import subprocess


@ -20,6 +21,18 @@ def check():
                 "eval `taskcluster signin`\n")


+def livelog():
+    win2016 = api("awsProvisioner", "workerType", "servo-win2016")
+    files = win2016["secrets"]["files"]
+    assert all(f["encoding"] == "base64" for f in files)
+    files = {f.get("description"): f["content"] for f in files}
+    return {
+        "livelog_cert": base64.b64decode(files["SSL certificate for livelog"]),
+        "livelog_key": base64.b64decode(files["SSL key for livelog"]),
+        "livelog_secret": win2016["secrets"]["generic-worker"]["config"]["livelogSecret"],
+    }
+
+
 def packet_auth_token():
    return secret("project/servo/packet.net-api-key")["key"]

--- a/etc/taskcluster/packet.net/terraform_with_vars.py
+++ b/etc/taskcluster/packet.net/terraform_with_vars.py
@ -6,7 +6,6 @@

 import os
 import sys
-import base64
 import subprocess

 import tc
@ -16,13 +15,7 @@ def main(*args):
    tc.check()
    ssh_key = tc.secret("project/servo/ssh-keys/docker-worker-kvm")
    tc_creds = tc.secret("project/servo/tc-client/worker/docker-worker-kvm/1")
-    win2016 = tc.api("awsProvisioner", "workerType", "servo-win2016")
-    files_by_desc = {f.get("description"): f for f in win2016["secrets"]["files"]}
-
-    def decode(description):
-        f = files_by_desc[description]
-        assert f["encoding"] == "base64"
-        return base64.b64decode(f["content"])
+    livelog = tc.livelog()

    terraform_vars = dict(
        ssh_pub_key=ssh_key["public"],
@ -30,8 +23,8 @@ def main(*args):
        taskcluster_client_id=tc_creds["client_id"],
        taskcluster_access_token=tc_creds["access_token"],
        packet_api_key=tc.packet_auth_token(),
-        ssl_certificate=decode("SSL certificate for livelog"),
-        cert_key=decode("SSL key for livelog"),
+        ssl_certificate=livelog["livelog_cert_base64"],
+        cert_key=livelog["livelog_key_base64"],
    )
    env = dict(os.environ)
    env["PACKET_AUTH_TOKEN"] = terraform_vars["packet_api_key"]