-
Notifications
You must be signed in to change notification settings - Fork 167
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Action required by 4 March 2025 ci-release #3852
Comments
I'd like to try tackling it this weekend. |
Yes, I think so. We rebuilt ci-release back in 2021 so there's some history for reference: #2626 (comment) |
|
I did everything I could. https://ci-release.nodejs.org now points to the new server. There are a few open questions/tasks:
I'm leaving for holiday tomorrow. Anyone else feel free to finish the migration while I'm away. Test build: https://ci-release.nodejs.org/job/iojs+release/10554/ |
💚 Thanks for doing this.
I don't believe we need to do anything on the release nodes so long as ci-release.nodejs.org points to the correct server.
Again I think this should just work so long as ci-release.nodejs.org was updated. I'll look at the whats on the backup machine tomorrow.
ci-release.nodejs.org seems to be behind the expected certificate -- I can't remember if this is being server from nginx or Cloudflare for the Jenkins servers. |
It's being served from nginx. My interrogation is about renewal. Do we need to do something on the server so it is automatically renewed when necessary? |
|
Not seeing any osx13 machines in https://ci-release.nodejs.org/computer/ although I'm not sure if we expect to with the ephermeral VM set up. @UlisesGascon @ryanaslett |
No, at least at the moment the certificates have been manually updated yearly. |
Well I was wrong -- it doesn't look like the backups worked (last update in |
I checked that I could successfully ssh into ci-release from the backup machine (after removing the known host as the server has changed). I also tried to run
|
Yes, backup was using a different contributor's credentials, and we didn't have a good mechanism for a service account. I'll open a separate issue to investigate how to address that. |
Unrelated, but I cant update my ssh config using ansible, so I can get onto the new server to investigate the vpn connectivity. The secrets/build/test/inventory.yml file wasnt encrypted with my key for some reason. |
For new jenkins hosts we'll need to add https://github.com/nodejs/build/blob/main/doc/orka-vpn.md as another set of steps (until its automated). The vpn is now connected again, and jobs are running. |
Backups now appear to be working.
|
I also opened a stub issue so we dont forget to look at that "individual contributor access token" for backups: #3939 |
https://cloud.ibm.com/classic/support/event/details/162467655
The affected machine is
ci-release
(FWIW despite itsinfra-ibm-ubuntu1804-x64-1.nodejs.private
name, it is running Ubuntu 20.04). We don't have to migrate it urgently, but we should plan to avoid September/October (Node.js 23) and March (Node.js 24).The text was updated successfully, but these errors were encountered: