[Gluster-devel] Jenkins accounts for all devs.

Fri Jan 22 10:31:50 UTC 2016

On Fri, Jan 22, 2016 at 02:44:05PM +0530, Raghavendra Talur wrote:
> On Fri, Jan 22, 2016 at 2:41 PM, Michael Scherer <mscherer at redhat.com>
> wrote:
> 
> > Le vendredi 22 janvier 2016 à 11:31 +0530, Ravishankar N a écrit :
> > > On 01/14/2016 12:16 PM, Kaushal M wrote:
> > > > On Thu, Jan 14, 2016 at 10:33 AM, Raghavendra Talur <rtalur at redhat.com>
> > wrote:
> > > >>
> > > >> On Thu, Jan 14, 2016 at 10:32 AM, Ravishankar N <
> > ravishankar at redhat.com>
> > > >> wrote:
> > > >>> On 01/08/2016 12:03 PM, Raghavendra Talur wrote:
> > > >>>> P.S: Stop using the "universal" jenkins account to trigger jenkins
> > build
> > > >>>> if you are not a maintainer.
> > > >>>> If you are a maintainer and don't have your own jenkins account
> > then get
> > > >>>> one soon!
> > > >>>>
> > > >>> I would request for a jenkins account for non-maintainers too, at
> > least
> > > >>> for the devs who are actively contributing code (as opposed to random
> > > >>> one-off commits from persons). That way, if the regression failure is
> > > >>> *definitely* not in my patch (or) is a spurious failure (or) is
> > something
> > > >>> that I need to take a netbsd slave offline to debug etc.,  I don't
> > have to
> > > >>> be blocked on the Maintainer. Since the accounts are anyway tied to
> > an
> > > >>> individual, it should be easy to spot if someone habitually
> > re-trigger
> > > >>> regressions without any initial debugging.
> > > >>>
> > > >> +1
> > > > We'd like to give everyone accounts. But the way we're providing
> > > > accounts now gives admin accounts to all. This is not very secure.
> > > >
> > > > This was one of the reasons misc setup freeipa.gluster.org, to provide
> > > > controlled accounts for all. But it hasn't been used yet. We would
> > > > need to integrate jenkins and the slaves with freeipa, which would
> > > > give everyone easy access.
> > >
> > > Hi Michael,
> > > Do you think it is possible to have this integration soon so that all
> > > contributors can re-trigger/initiate builds by themselves?
> >
> > The thing that is missing is still the same, how do we consider that
> > someone is a contributor. IE, do we want people just say "add me" and
> > get root access to all our jenkins builder (because that's also what go
> > with jenkins way of restarting a build for now) ?

Contributors would need to get root permissions on the Jenkins slaves
(the machines that do the actual building/testing).  There is no need
for root access on the Jenkins master (build.gluster.org). Because
Jenkins accounts are connected to the PAM cofiguration on
build.gluster.org, contributors would get an account there (does not
need to have a shell?).

> > I did the technical stuff, but so far, no one did the organisational
> > part of giving a criteria for who has access to what. Without clear
> > process, I can't do much.
> >
> 
> 
> +ndevos +vijay
> 
> Something like "should have contributed 10 patches to Gluster and be
> supported by at least 1 maintainer" would do?

Works for me. Please send a new page with a description on what
requirements a (new) contributor needs to fullfill, what privileges are
given and a little on when/how to use those.

  http://gluster.readthedocs.org/en/latest/Contributors-Guide/Index/

Thanks!
Niels
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://www.gluster.org/pipermail/gluster-devel/attachments/20160122/979460be/attachment.sig>