Closed Bug 887033 Opened 11 years ago Closed 11 years ago

Please may LDAP group vpn_sheriff be given permissions to access https://secure.pub.build.mozilla.org/slavealloc/

Categories

(Infrastructure & Operations :: RelOps: General, task)

Product:
Infrastructure & Operations
Component:
RelOps: General
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: emorley, Assigned: dustin)

Details

The old slavealloc page (http://slavealloc.build.mozilla.org/) is accessible over BuildVPN without any further permissions.

However BuildVPN and the old build.m.o services are going away, so we should be using https://secure.pub.build.mozilla.org/ from now on.

The new page doesn't need to be accessed over VPN, however it appears to need special LDAP permissions (presuming releng group is needed to access much of the non public parts of build.m.o). Please may myself, RyanVM, KWierso, Tomcat & philor be given access to slavealloc. Ideally, please give the permissions to the existing vpn_sheriffs group, since it will make it easier to maintain over time. We'll just need to get philor added to that LDAP group.

Filing the bug in releng to get signoff before moving over to an IT component for actioning.

Many thanks :-)
(In reply to Ed Morley [:edmorley UTC+1] from comment #0)
> However BuildVPN and the old build.m.o services are going away, so we should
> be using https://secure.pub.build.mozilla.org/ from now on.

Correct URL:
https://secure.pub.build.mozilla.org/slavealloc/
Summary: Please may sheriffs be given LDAP permissions to access https://secure.pub.build.mozilla.org/ → Please may sheriffs be given LDAP permissions to access https://secure.pub.build.mozilla.org/slavealloc/
(In reply to Ed Morley [:edmorley UTC+1] from comment #0)
> The old slavealloc page (http://slavealloc.build.mozilla.org/) is accessible
> over BuildVPN without any further permissions.
> 
> However BuildVPN and the old build.m.o services are going away, so we should
> be using https://secure.pub.build.mozilla.org/ from now on.
> 
> The new page doesn't need to be accessed over VPN, however it appears to
> need special LDAP permissions (presuming releng group is needed to access
> much of the non public parts of build.m.o). Please may myself, RyanVM,
> KWierso, Tomcat & philor be given access to slavealloc. Ideally, please give
> the permissions to the existing vpn_sheriffs group, since it will make it
> easier to maintain over time. We'll just need to get philor added to that
> LDAP group.
> 
> Filing the bug in releng to get signoff before moving over to an IT
> component for actioning.

1) Ack, and yes, this counts as signoff from RelEng.

2) Assuming that "vpn_sheriffs" group is RyanVM/KWierso/Tomcat/Philor, lets use the ldap group as I agree thats easier to maintain. Going forward, who owns that group, and can you ensure that RelEng is notified when people are being added/removed from that group?
(In reply to John O'Duinn [:joduinn] from comment #2)
> (In reply to Ed Morley [:edmorley UTC+1] from comment #0)
> > Filing the bug in releng to get signoff before moving over to an IT
> > component for actioning.
> 
> 1) Ack, and yes, this counts as signoff from RelEng.

Over to relops for action
Assignee: nobody → server-ops-releng
Component: Release Engineering → Server Operations: RelEng
QA Contact: arich
(In reply to John O'Duinn [:joduinn] from comment #2)
> 2) Assuming that "vpn_sheriffs" group is RyanVM/KWierso/Tomcat/Philor, lets
> use the ldap group as I agree thats easier to maintain. Going forward, who
> owns that group, and can you ensure that RelEng is notified when people are
> being added/removed from that group?

vpn_sheriffs is currently {edmorley,RyanVM,KWierso,Tomcat}, I'm going to get philor added shortly.

I'm happy to own vpn_sheriffs if that's ok with you - and I'll ensure we notify release@moco (or CC the bugzilla component email for releng; whichever is preferred) whenever the member list is changed.

Thank you! :-)
Summary: Please may sheriffs be given LDAP permissions to access https://secure.pub.build.mozilla.org/slavealloc/ → Please may LDAP group vpn_sheriffs be given permissions to access https://secure.pub.build.mozilla.org/slavealloc/
This should be active now.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Unfortunately my LDAP credentials don't appear to work for https://secure.pub.build.mozilla.org/slavealloc/
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Ah, you gave me the wrong group name, throwing me off the trail!

Should be active in about an hour.
Status: REOPENED → RESOLVED
Closed: 11 years ago11 years ago
Resolution: --- → FIXED
Summary: Please may LDAP group vpn_sheriffs be given permissions to access https://secure.pub.build.mozilla.org/slavealloc/ → Please may LDAP group vpn_sheriff be given permissions to access https://secure.pub.build.mozilla.org/slavealloc/
Oh my, memory fail in the time it took to switch tabs from bug 886078 to this when filing. Sorry about that! :-)
Sorry to be a pain - it doesn't seem to be working still.
Do I just need to wait longer?
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Ugh, this one's on me.  "Sherrif" is one of those words I just can't see spelled right.  And I double-checked it too!  One r, Two f's, no trailing s.

I can't very effectively test it since I'm in both of the other groups that have access, and not in vpn_sheriff (or vpn_sherrif, or vpn_sheriffs, or..)

I pushed this change directly, so you should see satisfaction immediately.
Assignee: server-ops-releng → jdow
Assignee: jdow → dustin
Status: REOPENED → RESOLVED
Closed: 11 years ago11 years ago
Resolution: --- → FIXED
Working great - thank you :-)
Component: Server Operations: RelEng → RelOps
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.