> For Fedora Atomic we release content every two weeks. A lot of ducks > have to be in a row in order to do this and often times behind the > scenes work is time sensitive. I really need access to releng/infra > so that I can be more efficient in doing this. I'd like to be able to: Okay, here we go. I'll give an overview of what kind of access you're asking for here. > > - restart failed disk image build in koji This means admin in koji or root on compose boxes (Depending how you want to kick it off). Allows you to either do basically everything in koji or on compose boxes. > - re-kick off daily runs if they fail for some reason (make a .1 of a daily run) This needs root on compose boxes. Allows you to do basically everything in all of releng. > - merge pull requests for other team members after I review them Releng group on Pagure. For this I'd be +1. > - perform two week atomic releases Root on bodhi-backend01. > - I realize this one is hard because of signing keys but seriously > would be nice to be able to do this one myself > - If signing keys are a problem then we should just automate the > signing of the checksums for the atomic runs so that the > checksums are already signed by the time we do the release. Access to all signing keys, allowing you to sign anything you'd like. Do note that autosigning this was on the task list, but because the process changed so much the last few months I was told to "hang on". > - push access to infra repo Sysadmin or sysadmin-veteran group (assuming you mean the ansible repo). I'd be fine with this. > - I often get patches reviewed on the list and then no one merges > the patches for me because they assume I have access and that I'm > going to do it myself. Then I bug someone to merge it for me, > then they forget to run the ansible playbook that is needed to > apply the change. I probably have to ping/wait 5+ times for every > change I need. Running playbooks: depends on what playbook, we can give specific access to run a particular playbook (rbac-playbook). The playbooks you likely want (bodhi* and releng) are somewhat tricky, but since it's all from ansible anyway, fine. > - manipulate ostree repos > - occasionally we have to reset refs, sync content from one repo > to another or otherwise manipulate the repo. Waiting on someone > to do this for me every time is quite painful. I do want people > to review changes that I propose but waiting more than 2 days is > not something I want to have to do. Root on bodhi-backend01. Do note that right now the reason you need to wait so long is because I am the only one handling these requests. I already asked three months ago for SOP's on how the ostree stuff works, and learning materials for releng, but have so far not seen those (https://pagure.io/releng/issue/6984#comment-460533 and some meetings). I might have missed them, but if you have those resources, other releng folks can help with more things, which would massively speed things up. > - investigate failures by having access to infrastructure and logs > - fedimg fails often and I have to wait someone to investigate every time sysadmin-fedimg, including access to the AWS keys on it. Note that Sayan promised me the new one is more reliable and should be deployed this week. > - koji builders can sometimes have random failures. Being able to > investigate myself would be useful. sysadmin-releng. Wide access to all builders. > > I have read over the following docs: > > - https://docs.pagure.org/releng/index.html#join-releng > - https://docs.pagure.org/releng/contributing.html > - https://fedoraproject.org/wiki/Infrastructure/GettingStarted > - https://fedoraproject.org/wiki/Infrastructure_Apprentice > > I know of the SOPs and have contributed to at least one of them: > > - https://docs.pagure.org/releng/sop.html > - https://infrastructure.fedoraproject.org/infra/docs/ > > I have helped debug a lot of issues with composes and general infra > inconsistencies over the past year. I have spent much time in the releng > /admin channels and have even helped others who are new to the channel. > I have attended releng/infra meetings somewhat regularly over the past > few months. > > I am not asking for permissions so that I can willy nilly do what I please. > I'd try to get proposed changes reviewed and announce any actions I performed > on list. I just want to add a little more sanity to my day-to-day. The permissions you would need to do the things you requests *do* allow you to do "willy nilly" what you want. E.g. access to modify ostree repos manually require full write access to /mnt/koji and /pub. I have tried to point out the specific pieces of access I would be fine with, but personally I am really not happy with the large set of permissions requested, and a set of them I would really be uncomfortable with. One of the reasons for that feeling from me is the number of things we have needed to do ad-hoc to ostree repositories, like resetting refs etc, because the version numbers got out of step due to ostree bugs. If you have ideas which other permissions would grant the things you requested, I'd be open to them, but this is what I can see would satisfy what you asked for. > > I have an outstanding ticket open for adding myself to the releng group: > - https://pagure.io/releng/issue/6994 > > Not sure if there is an equivalent process for adding people to Infra. There is none, the normal process is that when you do a lot in a particular piece of infra and we think you have a proven track record and give a good feeling with people, we will ask you if you'd like the permissions. Do note that we also discussed the releng request over Flock, where I suggested to hold off for a bit and get stuff documented and see if that improves things. > > Thanks! > Dusty Regards, Patrick _______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx