jenkins 2018-09-25 2018-12-05 security vulnerabilties (TSSW)

XMLWordPrintable

Details

• Type: Bug
• Status: Done
• Resolution: Done
• Fix Version/s: None
• Component/s:
• Labels:
None
• Story Points:
10
• Team:
SQuaRE

Description

The jenkins update done for DM (DM-15866) also needs to be rolled out for TSSW. As a per-requistie, rather than continuing to maintain thet TSSW jenkins deployment as a fork/branch of the DM deployment that needs to be periodically rebased (often non-trivial) it should be merged into the same hiera configuration hierarchy in hopes of reducing the on-going maintenance burden.

Prior to the re-deployment, all existing plugins should be removed, so that all installed plugins are in the .hpi format as this is a long-shot possible source of [at least one of] the stability problems in (DM-16495).

Activity

Hide
Joshua Hoblitt added a comment -

It was more difficult than expected but I believe I have a working procedure for the update. Downtime has been announced on #ts-software for tomorrow evening.

 @channel the TSSW jenkins instance will be down for maintenance tomorrow evening (01/30) from 2000-2100 (US/Arizona time) 

Show
Joshua Hoblitt added a comment - It was more difficult than expected but I believe I have a working procedure for the update. Downtime has been announced on #ts-software for tomorrow evening. @channel the TSSW jenkins instance will be down for maintenance tomorrow evening ( 01 / 30 ) from 2000 - 2100 (US/Arizona time)
Hide
Joshua Hoblitt added a comment -

The deployment was completely redone from the vpc up. The old master was snapshotted and registered as ami-0959efe7c6f53d935 (us-west-2).

Brief testing is unable to reproduce the update-center metadata update crash.

Show
Joshua Hoblitt added a comment - The deployment was completely redone from the vpc up. The old master was snapshotted and registered as ami-0959efe7c6f53d935 ( us-west-2 ). Brief testing is unable to reproduce the update-center metadata update crash.
Hide
Joshua Hoblitt added a comment -

It was discovered during the update last night that jenkins CASC credentials management is an all or nothing affair, so it was disabled for the tssw jenkins-prod env. DM-17594 has been opened to investigate this.

Show
Joshua Hoblitt added a comment - It was discovered during the update last night that jenkins CASC credentials management is an all or nothing affair, so it was disabled for the tssw jenkins-prod env. DM-17594 has been opened to investigate this.

People

• Assignee:
Joshua Hoblitt
Reporter:
Joshua Hoblitt
Watchers:
Andy Clements, Joshua Hoblitt, Rob Bovill, Simon Krughoff