| .. | ||
| config | ||
| modules/pillar | ||
| states | ||
| .gitignore | ||
| README.md | ||
| salt-ssh | ||
| Saltfile | ||
macOS
This is the configuration for the proj-servo/macos worker type.
These macOS workers are configured with SaltStack in agentless mode.
Either run ./salt-ssh
to automatically install salt-ssh in mach’s existing Python virtualenv,
or install salt-ssh through some other mean and run in from this directory.
cd etc/taskcluster/macos
./salt-ssh '*' test.ping
./salt-ssh '*' state.apply test=True
(Re)deploying a server
-
Place an order or file a ticket with MacStadium to get a new hardware or reinstall an OS.
-
Change the administrator password to one generated with
</dev/urandom tr -d -c 'a-zA-Z' | head -c 8; echo(this short because of VNC), and save it in the shared 1Password account. -
Give the public IPv4 address a DNS name through Cloudflare.
-
Add a correponding entry in the
config/rosterfile. -
Log in through VNC, and run
xcode-select --install
Taskcluster secrets
This SaltStack configuration has a custom module that uses Taskcluster’s
secrets service.
These secrets include an [authentication token](
You’ll need to authenticate with a Taskcluster client ID
that has scope secrets:get:project/servo/*.
This should be the case if you’re a Servo project administrator (the project-admin:servo role).
Worker’s client ID
Workers are configured to authenticate with client ID
project/servo/worker/macos/1.
This client has the scopes required to run tasks for this worker type.