[Gluster-devel] Jenkins accounts for all devs.

Niels de Vos ndevos at redhat.com
Fri Jan 22 12:39:11 UTC 2016


On Fri, Jan 22, 2016 at 05:42:11PM +0530, Ravishankar N wrote:
> On 01/22/2016 05:19 PM, Michael Scherer wrote:
> >Le vendredi 22 janvier 2016 à 11:31 +0100, Niels de Vos a écrit :
> >>On Fri, Jan 22, 2016 at 02:44:05PM +0530, Raghavendra Talur wrote:
> >>>On Fri, Jan 22, 2016 at 2:41 PM, Michael Scherer <mscherer at redhat.com>
> >>>wrote:
> >>>
> >>>>Le vendredi 22 janvier 2016 à 11:31 +0530, Ravishankar N a écrit :
> >>>>>On 01/14/2016 12:16 PM, Kaushal M wrote:
> >>>>>>On Thu, Jan 14, 2016 at 10:33 AM, Raghavendra Talur <rtalur at redhat.com>
> >>>>wrote:
> >>>>>>>On Thu, Jan 14, 2016 at 10:32 AM, Ravishankar N <
> >>>>ravishankar at redhat.com>
> >>>>>>>wrote:
> >>>>>>>>On 01/08/2016 12:03 PM, Raghavendra Talur wrote:
> >>>>>>>>>P.S: Stop using the "universal" jenkins account to trigger jenkins
> >>>>build
> >>>>>>>>>if you are not a maintainer.
> >>>>>>>>>If you are a maintainer and don't have your own jenkins account
> >>>>then get
> >>>>>>>>>one soon!
> >>>>>>>>>
> >>>>>>>>I would request for a jenkins account for non-maintainers too, at
> >>>>least
> >>>>>>>>for the devs who are actively contributing code (as opposed to random
> >>>>>>>>one-off commits from persons). That way, if the regression failure is
> >>>>>>>>*definitely* not in my patch (or) is a spurious failure (or) is
> >>>>something
> >>>>>>>>that I need to take a netbsd slave offline to debug etc.,  I don't
> >>>>have to
> >>>>>>>>be blocked on the Maintainer. Since the accounts are anyway tied to
> >>>>an
> >>>>>>>>individual, it should be easy to spot if someone habitually
> >>>>re-trigger
> >>>>>>>>regressions without any initial debugging.
> >>>>>>>>
> >>>>>>>+1
> >>>>>>We'd like to give everyone accounts. But the way we're providing
> >>>>>>accounts now gives admin accounts to all. This is not very secure.
> >>>>>>
> >>>>>>This was one of the reasons misc setup freeipa.gluster.org, to provide
> >>>>>>controlled accounts for all. But it hasn't been used yet. We would
> >>>>>>need to integrate jenkins and the slaves with freeipa, which would
> >>>>>>give everyone easy access.
> >>>>>Hi Michael,
> >>>>>Do you think it is possible to have this integration soon so that all
> >>>>>contributors can re-trigger/initiate builds by themselves?
> >>>>The thing that is missing is still the same, how do we consider that
> >>>>someone is a contributor. IE, do we want people just say "add me" and
> >>>>get root access to all our jenkins builder (because that's also what go
> >>>>with jenkins way of restarting a build for now) ?
> >>Contributors would need to get root permissions on the Jenkins slaves
> >>(the machines that do the actual building/testing).
> >I rather prefer to not have people have root access on the builder.
> >
> >1) they are used to build the rpms we distribute
> >2) root access also mean that some people might just do a quick fix to
> >make some tests pass instead of making a proper long term fix where it
> >is needed.
> 
> 
> Many of us non maintainers those who never had accounts (including yours
> truly) used the amarts account to *judiciously*  re-trigger builds.Until it
> was disabled. I don't think it caused any problems.
> The only quick fix you can do is retrigger the build, which, if it passes,
> means the failure was likely spurious the previous time.

Yes, and we are now going to a process where reporting spurious errors
becomes mandatory. The failed test should get moved to a disabled or
bad_tests directory and a bug filed against it.

Once all spurious tests have been cleaned up, retriggering becomes
unneeded. We had several occasions where the "amarts" account was
misused and caused more troubles. We can not figure out who incorrectly
used the account, so disabling it and handing out personal accounts
should help with that.

I'll leave the other bits (removed from below) to the infra guys, or
other emails :)

Niels
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://www.gluster.org/pipermail/gluster-devel/attachments/20160122/a962f1a8/attachment-0001.sig>


More information about the Gluster-devel mailing list