blob: 287d1010f1e8e3a9e094d744ff22f9b4f72a32a9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
# macOS
This is the configuration for the `proj-servo/macos` worker type.
These macOS workers are configured with SaltStack in [agentless] mode.
[agentless]: https://docs.saltstack.com/en/getstarted/ssh/index.html
Either run `./salt-ssh`
to automatically install `salt-ssh` in `mach`’s existing Python virtualenv,
or install `salt-ssh` through some other mean and run in from this directory.
```sh
cd etc/taskcluster/macos
./salt-ssh '*' test.ping
./salt-ssh '*' state.apply test=True
```
## (Re)deploying a server
* Place an order or file a ticket with MacStadium to get a new hardware or reinstall an OS.
* Change the administrator password to one generated with
`</dev/urandom tr -d -c 'a-zA-Z' | head -c 8; echo`
(this short because of VNC),
and save it in the shared 1Password account.
* Give the public IPv4 address a DNS name through Cloudflare.
* Add a correponding entry in the `config/roster` file.
* Log in through VNC, and run `xcode-select --install`
## Taskcluster secrets
This SaltStack configuration has a custom module that uses Taskcluster’s
[secrets service](https://tools.taskcluster.net/secrets/).
These secrets include an [authentication token](
You’ll need to authenticate with a Taskcluster client ID
that has scope `secrets:get:project/servo/*`.
This should be the case if you’re a Servo project administrator (the `project-admin:servo` role).
## Worker’s client ID
Workers are configured to authenticate with client ID
[`project/servo/worker/macos/1`](
https://tools.taskcluster.net/auth/clients/project%2Fservo%2Fworker%macos%2F1).
This client has the scopes required to run tasks for this worker type.
|
