Closed Bug 766708 Opened 12 years ago Closed 12 years ago

Grant respindola access to relengweb1.dmz.scl3.mozilla.com

Categories

(Infrastructure & Operations :: RelOps: General, task)

Product:
Infrastructure & Operations
Component:
RelOps: General
Platform:
x86_64
Linux
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: rail, Assigned: dustin)

Details

Rafael has been working on clang. To simplify the procedures and boost the process he needs to upload files to runtime-binaries.pvt.build.mozilla.org (relengweb1.dmz.scl3.mozilla.com:/var/www/html/runtime-binaries/tooltool).

Can we grant him access to this machine and allow him to write files to that location?
At the moment, we don't have a process for allowing uploads to tooltool.  John and I discussed a few options (web form, scp dropbox, ..), but ultimately focused on getting B2G up and running.

The immediate answer is that relengers will need to do the uploads on Rafael's behalf.  I'm hesitant to grant sudo access on that host without a nod from coop and/or amy, but once it's ok'd that's not hard.

I'm assigning to Amy both to make this call and to grant sudo access since I won't be back until Wednesday.  Something like (untested)

    include ldap_users::people
    class { "sudoers::users": users => "respindola"; }
Assignee: server-ops → arich
Component: Server Operations → Server Operations: RelEng
QA Contact: phong → arich
Can't we do this via group permissions rather than sudo ?
I suspect this will free up some of Rail's time, so I'm fine with granting this access, *provided* Rail has "the talk" with Rafael about only uploading tested versions, avoiding churn, great power==responsibility, etc.

(In reply to Nick Thomas [:nthomas] from comment #2)
> Can't we do this via group permissions rather than sudo ?

Whatever makes the most sense here.
(In reply to Chris Cooper [:coop] from comment #3)
> I suspect this will free up some of Rail's time, so I'm fine with granting
> this access, *provided* Rail has "the talk" with Rafael about only uploading
> tested versions, avoiding churn, great power==responsibility, etc.

Works for me. Rail, when is a good time for you?
(In reply to Rafael Ávila de Espíndola (:espindola) from comment #4)
> (In reply to Chris Cooper [:coop] from comment #3)
> > I suspect this will free up some of Rail's time, so I'm fine with granting
> > this access, *provided* Rail has "the talk" with Rafael about only uploading
> > tested versions, avoiding churn, great power==responsibility, etc.

Actually even "broken" versions won't hurt us, because we don't overwrite files normally.

> Works for me. Rail, when is a good time for you?

Anytime!
I think we should do it with group perms if we can, just on the principle of least permissions.
Assignee: arich → dustin
OK, I added a group, tooltooleditor, and put respindola in it.  The directory is /var/www/html/runtime-binaries/tooltool

Is there already a bug open to better control uploads?  If not, let's get one open.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Component: Server Operations: RelEng → RelOps
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.