Skip to content
Runbooks

access

How to access MacOS VMs?

Section titled “How to access MacOS VMs?”

MacOS VMs are currently hosted in AWS. SRE should have access to the Production environment via Okta.

Production via Okta

Section titled “Production via Okta”

All SRE should have access to the MacOS Production environment through Okta:

  • Go to Okta.
  • Click AWS Services Org.
  • Under AWS Account pick saas-mac-runners-b6fd8d28.

Most of the resources exist in the N. Virginia (us-east-1) region; if you’re looking for more info, go to resources.md for information about the used resources.

NOTE: if you don’t see AWS Services Org, then open an individual Access Request, to get access to the AWS account: saas-mac-runners-b6fd8d28. See past bulk access request.

SSH Access to MacOS Instances

Section titled “SSH Access to MacOS Instances”

Important: The pem files for accessing Mac instances are stored in their associated runner managers. To SSH into a Mac instance in AWS, you must first SSH into the associated runner manager in the GCP project gitlab-ci-155816, then SSH from the runner manager to the Mac instances.

In order to access a runner manager, a user will need to configure their Yubikey and have a user configuration entered in the chef repo data bag. For more information on Yubikey setup, refer to Yubikey documentation.

  1. SSH into Runner Manager:

    ssh userid@runners-manager-saas-macos-large-m2pro-blue-1.c.gitlab-ci-155816.internal

  2. From Runner Manager to Mac Instance:

    sudo ssh -i /etc/gitlab-runner/macos-ssh-key.pem ec2-user@PRIVATE_IP4

For detailed information on SSH VM access and debugging, refer to debugging.md.

Staging / Production via gitlabsandbox

Section titled “Staging / Production via gitlabsandbox”

If you think you have the appropriate access in the sandbox, you can view the Staging environment following these steps:

  • Go to the sandbox
  • Choose eng-dev-verify-runner.
  • Click View IAM Credentials.
  • Click the AWS Console URL.
  • Copy the username and password; beware that sometimes the copy can produce extra spaces before and after the text.
  • Login to AWS.
  • Click your username in the upper right corner.
  • From the dropdown menu, choose Switch role.
  • Enter the details in verify-runner handbook.

Just like the Production environment, resources are mostly in N. Virginia (us-east-1) region, for more info go to resource.md.