Hudson machines admin (was: Re: Hudson access for non-PMC member)

[Tim Ellison <t....@gmail.com>]

On 29/Jan/2010 10:24, Justin Mason wrote:
> On Fri, Jan 29, 2010 at 09:24, Tim Ellison <t....@gmail.com> wrote:
>>> I am absolutely +1 on Hudson Admin Team maintaining these boxes and giving out shell
>>> accounts to the few PMC members that really need it, and also expanding out the
>>> Hudson Admin Team if necessary to add a very few more folks that will maintain all
>>> aspects of the machines for the benefit of all projects.
>> Or reducing/removing the responsibility of the "Hudson admin team" and
>> making these 'real' ASF Infra managed machines.
>>
>> I don't have the time (or skills!) of the dedicated infra folk here, and
>> while I know I can call on you and Philip to help out if things go
>> wrong, better to have the machines properly managed in the first place.
> 
> The danger I see is that neither Hudson admins [*], nor Infra, have
> the bandwidth to administer all the random bits of build platform
> software required by the range of products in the ASF.
> 
>         (*: well, ok, me ;)

Me too, and as Gavin wrote, there will always be the opportunity for
PMC-blessed people to have accounts so they can look after installed
software packages required by build.

I was referring to the admin of the OS itself, such as ensuring the
patches are up to date, repartitioning the disks, noticing anomalies in
usage, and (heaven forbid) dealing with security breaches.

I'm happy to do my part to keep Hudson running because I use it too, but
I'd also like to hack on Harmony code, and I've seen the time and skill
the infra team invest in the other apache.org machines -- I can't do
that for these.

> As Uwe noted earlier in the thread:
> 
> '- Updating lucene's private SVN tools for the new lucene rev-based
> backwards branch (sparse checkout)'
> 
> '- Upgrading hudson's clover version for our new coverage reports
> (that work correct with backwards branch)'
> 
> 'You haven’t seen our IRC conversation between Mike and me where we
> did something like "human remote control" when changing our build
> scripts and so on. Something like "tell me whats in dir xyz", "hmm, ok
> then we have to.... Ah before tell me if solaris has a toolxy
> installed!", "yes", "ah then we can do pqrs first and tar this there".
> Funny, but worked, but took a day :-)'
> 
> Those are all tasks where SSH access is either required, or greatly
> simplifies the task.

I expect that today, many of these accounts are unnecessary, since we
ask people to apply for an OS account in the same breath as a Hudson
account.  Many build system users only need Hudson logins.

> by the way I fully agree that we can lock down the Hudson master box.
> It's just the build slaves that are still in question.

Who administers the zones?  Does each PMC ensure their zone is well behaved?

Regards,
Tim