Conversation
|
In general our build.servo.org services rely on secrets that need to be provided as part of the submission process (eg: https://github.com/servo/standups/blob/415c2fe2a399575740cd9ce585eeff0b11fafec1/standups/flask_server.py#L90). The crash reporter would need to embed the secret in the binary, which is unavoidable, but it's Good Enough for casual attempts to abuse the server. We would be able to store the secret in taskcluster rather than the repository, so it would only be added to nightly builds, and we could add a simple #define override mechanism to make it easy to add to local builds when necessary. |
crash-reporter/init.sls
Outdated
| - upgrade: True | ||
| - require: | ||
| - virtualenv: crash-reporter | ||
| {% if grains.get('virtual_subtype', '') != 'Docker' %} |
There was a problem hiding this comment.
This conditional (and the corresponding endif) can be removed like in #1006.
|
|
||
| /home/servo/crash-reporter/config.json: | ||
| file.managed: | ||
| - source: salt://{{ tpldir }}/files/config.json |
There was a problem hiding this comment.
For the shared secret, we will want to add:
- context:
secret: {{ pillars['crash-reporter']['secret'] }}
We will also need to add /srv/pillar/crash-reporter.sls on the main machine, and add the following fake crash-reporter.sls to .travis/test_pillars/:
'crash-reporter':
'secret': 'TEST-CRASH-REPORTER-SECRET'
crash-reporter/files/config.json
Outdated
| @@ -0,0 +1 @@ | |||
| {"port": 5004, "crash_dir": "./crashes/"} | |||
There was a problem hiding this comment.
This will need a "secret": "{{ pillar['crash-reporter']['secret'] }}" entry as well.
crash-reporter/init.sls
Outdated
| /lib/systemd/system/tracker.service: | ||
| file.managed: | ||
| - source: salt://{{ tpldir }}/files/tracker.service |
There was a problem hiding this comment.
We'll need a different name for this file or it will overwrite the existing tracker.service. Let's call it crash-reporter.service instead.
crash-reporter/init.sls
Outdated
| - pip: crash-reporter | ||
| - watch: | ||
| - file: /home/servo/crash-reporter/config.json | ||
| - file: /lib/systemd/system/tracker.service |
There was a problem hiding this comment.
This will need to change if we change the .service file name.
paulrouget
force-pushed
the
crashreporter
branch
2 times, most recently
from
9bf1981 to
d6bc531
Compare
paulrouget
force-pushed
the
crashreporter
branch
from
d6bc531 to
2c30fc4
Compare
|
Note to self: this hasn't been addressed yet. |
|
☔ The latest upstream changes (presumably #1012) made this pull request unmergeable. Please resolve the merge conflicts. |
4 participants
Flask: https://github.com/paulrouget/crash-reporter - this will need a review, and be migrated under github.com/servo. Tested and appears to work as expected.
Saltfs configuration is blindly copy/pasted from the intermittent-tracker code.
@jdm can you give a quick a look at the flask code? And do we have any mechanism in place to prevent abuse of the different build.servo.org services?