generic-worker on macOS: configure livelog

etc/taskcluster/macos/modules/pillar/taskcluster_secrets.py

@@ -12,5 +12,5 @@ def ext_pillar(_minion_id, _pillar, *_args):
     tc.check()
     data = {}
     data.update(tc.secret("project/servo/tc-client/worker/macos/1"))
-    data.update(tc.secret("project/servo/livelog-secret/1"))
+    data.update(tc.livelog())
     return data

etc/taskcluster/macos/states/generic-worker.sls

@@ -28,7 +28,6 @@
 
 {{ home }}/config.json:
   file.serialize:
-    - makedirs: True
     - user: {{ user }}
     - mode: 600
     - show_changes: False
@@ -43,10 +42,25 @@
         signingKeyLocation: {{ home }}/key
         clientId: {{ pillar["client_id"] }}
         accessToken: {{ pillar["access_token"] }}
+        livelogExecutable: {{ bin }}/livelog
+        livelogCertificate: {{ home }}/livelog.crt
+        livelogKey: {{ home }}/livelog.key
         livelogSecret: {{ pillar["livelog_secret"] }}
     - watch_in:
       - service: net.generic.worker
 
+{{ home }}/livelog.crt:
+  file.managed:
+    - contents_pillar: livelog_cert
+    - user: {{ user }}
+    - mode: 600
+
+{{ home }}/livelog.key:
+  file.managed:
+    - contents_pillar: livelog_key
+    - user: {{ user }}
+    - mode: 600
+
 {{ bin }}/generic-worker new-openpgp-keypair --file {{ home }}/key:
   cmd.run:
     - creates: {{ home }}/key

etc/taskcluster/packet.net/tc.py

@@ -5,6 +5,7 @@
 import os
 import sys
 import json
+import base64
 import subprocess
 
 
@@ -20,6 +21,18 @@ def check():
                  "eval `taskcluster signin`\n")
 
 
+def livelog():
+    win2016 = api("awsProvisioner", "workerType", "servo-win2016")
+    files = win2016["secrets"]["files"]
+    assert all(f["encoding"] == "base64" for f in files)
+    files = {f.get("description"): f["content"] for f in files}
+    return {
+        "livelog_cert": base64.b64decode(files["SSL certificate for livelog"]),
+        "livelog_key": base64.b64decode(files["SSL key for livelog"]),
+        "livelog_secret": win2016["secrets"]["generic-worker"]["config"]["livelogSecret"],
+    }
+
+
 def packet_auth_token():
     return secret("project/servo/packet.net-api-key")["key"]
 

etc/taskcluster/packet.net/terraform_with_vars.py

@@ -6,7 +6,6 @@
 
 import os
 import sys
-import base64
 import subprocess
 
 import tc
@@ -16,13 +15,7 @@ def main(*args):
     tc.check()
     ssh_key = tc.secret("project/servo/ssh-keys/docker-worker-kvm")
     tc_creds = tc.secret("project/servo/tc-client/worker/docker-worker-kvm/1")
-    win2016 = tc.api("awsProvisioner", "workerType", "servo-win2016")
+    livelog = tc.livelog()
-    files_by_desc = {f.get("description"): f for f in win2016["secrets"]["files"]}
-
-    def decode(description):
-        f = files_by_desc[description]
-        assert f["encoding"] == "base64"
-        return base64.b64decode(f["content"])
 
     terraform_vars = dict(
         ssh_pub_key=ssh_key["public"],
@@ -30,8 +23,8 @@ def main(*args):
         taskcluster_client_id=tc_creds["client_id"],
         taskcluster_access_token=tc_creds["access_token"],
         packet_api_key=tc.packet_auth_token(),
-        ssl_certificate=decode("SSL certificate for livelog"),
+        ssl_certificate=livelog["livelog_cert_base64"],
-        cert_key=decode("SSL key for livelog"),
+        cert_key=livelog["livelog_key_base64"],
     )
     env = dict(os.environ)
     env["PACKET_AUTH_TOKEN"] = terraform_vars["packet_api_key"]