Re: Jenkins accounts for all devs.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01/22/2016 05:19 PM, Michael Scherer wrote:
Le vendredi 22 janvier 2016 à 11:31 +0100, Niels de Vos a écrit :
On Fri, Jan 22, 2016 at 02:44:05PM +0530, Raghavendra Talur wrote:
On Fri, Jan 22, 2016 at 2:41 PM, Michael Scherer <mscherer@xxxxxxxxxx>
wrote:

Le vendredi 22 janvier 2016 à 11:31 +0530, Ravishankar N a écrit :
On 01/14/2016 12:16 PM, Kaushal M wrote:
On Thu, Jan 14, 2016 at 10:33 AM, Raghavendra Talur <rtalur@xxxxxxxxxx>
wrote:
On Thu, Jan 14, 2016 at 10:32 AM, Ravishankar N <
ravishankar@xxxxxxxxxx>
wrote:
On 01/08/2016 12:03 PM, Raghavendra Talur wrote:
P.S: Stop using the "universal" jenkins account to trigger jenkins
build
if you are not a maintainer.
If you are a maintainer and don't have your own jenkins account
then get
one soon!

I would request for a jenkins account for non-maintainers too, at
least
for the devs who are actively contributing code (as opposed to random
one-off commits from persons). That way, if the regression failure is
*definitely* not in my patch (or) is a spurious failure (or) is
something
that I need to take a netbsd slave offline to debug etc.,  I don't
have to
be blocked on the Maintainer. Since the accounts are anyway tied to
an
individual, it should be easy to spot if someone habitually
re-trigger
regressions without any initial debugging.

+1
We'd like to give everyone accounts. But the way we're providing
accounts now gives admin accounts to all. This is not very secure.

This was one of the reasons misc setup freeipa.gluster.org, to provide
controlled accounts for all. But it hasn't been used yet. We would
need to integrate jenkins and the slaves with freeipa, which would
give everyone easy access.
Hi Michael,
Do you think it is possible to have this integration soon so that all
contributors can re-trigger/initiate builds by themselves?
The thing that is missing is still the same, how do we consider that
someone is a contributor. IE, do we want people just say "add me" and
get root access to all our jenkins builder (because that's also what go
with jenkins way of restarting a build for now) ?
Contributors would need to get root permissions on the Jenkins slaves
(the machines that do the actual building/testing).
I rather prefer to not have people have root access on the builder.

1) they are used to build the rpms we distribute
2) root access also mean that some people might just do a quick fix to
make some tests pass instead of making a proper long term fix where it
is needed.


Many of us non maintainers those who never had accounts (including yours truly) used the amarts account to *judiciously* re-trigger builds.Until it was disabled. I don't think it caused any problems. The only quick fix you can do is retrigger the build, which, if it passes, means the failure was likely spurious the previous time.

  There is no need
for root access on the Jenkins master (build.gluster.org). Because
Jenkins accounts are connected to the PAM cofiguration on
build.gluster.org, contributors would get an account there (does not
need to have a shell?).
This is something that can be fixed by using LDAP.

I did the technical stuff, but so far, no one did the organisational
part of giving a criteria for who has access to what. Without clear
process, I can't do much.


+ndevos +vijay

Something like "should have contributed 10 patches to Gluster and be
supported by at least 1 maintainer" would do?
Works for me. Please send a new page with a description on what
requirements a (new) contributor needs to fullfill, what privileges are
given and a little on when/how to use those.

   http://gluster.readthedocs.org/en/latest/Contributors-Guide/Index/
Also, we expect people to request that access, or someone is in charge
of picking them ?

I have created an etherpad for those who want to request a login: https://public.pad.fsfe.org/p/gerrit_access_request Folks whose requests have a +1 from a maintainer can be given an account like Raghavendra said.


Also, do we have a formal list of maintainers ?

Yes, https://github.com/gluster/glusterfs/blob/master/MAINTAINERS
  And a process for
becoming one ?
I would like to know this too  but that is a separate topic. ;-)

-Ravi

_______________________________________________
Gluster-devel mailing list
Gluster-devel@xxxxxxxxxxx
http://www.gluster.org/mailman/listinfo/gluster-devel




[Index of Archives]     [Gluster Users]     [Ceph Users]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux