Please give vseerror@lehigh.edu access to ship-it.mozilla.org

RESOLVED FIXED

Status

Infrastructure & Operations
Mozilla VPN: ACL requests
RESOLVED FIXED
3 years ago
2 years ago

People

(Reporter: wsmwk, Assigned: lerxst)

Tracking

Details

Attachments

(1 attachment)

(Reporter)

Description

3 years ago
Need access to vpn, ship-it and other infra for building and shipping Thunderbird.
(Reporter)

Comment 1

3 years ago
I'll also need instructions on how to connect. Thanks.
This will probably need some weigh in from Release Management Team
Flags: needinfo?(release-mgmt)
Assignee: relops → vpn-acl
Component: RelOps → Mozilla VPN: ACL requests
QA Contact: arich → dparsons
Summary: vpn and ship-it access for vseerror@lehigh.edu → Please give vseerror@lehigh.edu access to ship-it.mozilla.org
(Reporter)

Updated

3 years ago
Depends on: 1141319
Ship It has no concept of ACLs to prevent people from starting releases they shouldn't be able to. Without that, or a separate ship it instance, I don't think we can move forward here.
(Reporter)

Comment 4

3 years ago
(In reply to Ben Hearsum [:bhearsum] from comment #3)
> Ship It has no concept of ACLs to prevent people from starting releases they
> shouldn't be able to. Without that, or a separate ship it instance, I don't
> think we can move forward here.

Thanks for the update.
I'm confused. I thought there already have non-mozilla employees using these tools. 
If that is not the case, what do you suggest as next step?
Flags: needinfo?(bhearsum)
(In reply to Wayne Mery (:wsmwk) from comment #4)
> (In reply to Ben Hearsum [:bhearsum] from comment #3)
> > Ship It has no concept of ACLs to prevent people from starting releases they
> > shouldn't be able to. Without that, or a separate ship it instance, I don't
> > think we can move forward here.
> 
> Thanks for the update.
> I'm confused. I thought there already have non-mozilla employees using these
> tools.

bkerensa is a non-employee, but he drives Firefox releases.

> If that is not the case, what do you suggest as next step?

What we do here probably depends on whether or not Thunderbird continues to exist on RelEng infra. If it does, we'll need ACLs. If Thunderbird ends up with its own, parallel infra, it will need its own Ship it + release runner instances.

There might be a quick-ish way to hack in ACLs, but I don't have time to dig into at the moment.
Flags: needinfo?(bhearsum)
Worth noting that bug 1140567 is on file about adding roles/permissions to ship it, but it won't be looked in the short term.
(Reporter)

Comment 7

3 years ago
Thanks for the info. Much appreciated
Depends on: 1140567
Just spitballing here, but what about trusting Wayne not to ship Firefox while we wait for ACLs/parallel infra?
(Reporter)

Comment 9

3 years ago
I didn't think to mention it earlier, but if it helps on the question of trust I've had various mozilla supplied access over the years - login access to crash-stats.com, admin on several mailing lists, sec-bugs in BMO, and more recently the security mailing list.
I'm OK giving Wayne access to ship-it in order to manage Thunderbird releases. Blake vouched for him (I asked him in person). We should work on bug 1140567 but I don't think that needs to block us here.
Flags: needinfo?(release-mgmt)
(In reply to Blake Winton (:bwinton) from comment #8)
> Just spitballing here, but what about trusting Wayne not to ship Firefox
> while we wait for ACLs/parallel infra?

+1
(Assignee)

Comment 12

2 years ago
Wayne, do you already have a Mozilla LDAP account? If so, what is it?
Assignee: vpn-acl → dparsons
(Reporter)

Comment 13

2 years ago
(In reply to Dan Parsons [:lerxst] from comment #12)
> Wayne, do you already have a Mozilla LDAP account? If so, what is it?

vseerror@lehigh.edu
(Assignee)

Comment 14

2 years ago
You are already in the vpn_shipit group. Are you unable to access the server in question?
(Reporter)

Comment 15

2 years ago
Created attachment 8659034 [details]
tpad-ipconfig.txt

I am able to login to https://l10n.mozilla.org/ with my ldap user and password.

But on my laptop, connected using viscosity and a mozilla openvpn certificate, I can't get to https://ship-it.mozilla.org/ - "Server not found"
(Assignee)

Comment 16

2 years ago
What OS and VPN client are you using? Are you able to ping 10.8.81.228 when connected? What about 10.22.75.40?
(Reporter)

Comment 17

2 years ago
lerxst fixed me up. thanks #moc
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.