mxnet-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Olivier <cjolivie...@gmail.com>
Subject Re: Commiter access to Jenkins Sevrer
Date Fri, 05 Jan 2018 18:51:19 GMT
Well, login to the Jenkins server, I would imagine.

github or Apache SSO (does Apache support OAUTH?) seems like a good idea as
long as there's a way to not let everyone with a github account log in.

Access to actual slave machines could be more restricted, I imagine.

Eventually, a public current AMI for a build slave would be good in order
to reproduce build or test problems that can't be reproduced locally.

wdyt?



On Fri, Jan 5, 2018 at 10:41 AM, Marco de Abreu <
marco.g.abreu@googlemail.com> wrote:

> Would it be an acceptable solution if we add SSO or do you also want access
> to the actual AWS account and all machines?
>
> Yes, the build jobs are automatically getting created for new branches.
>
> -Marco
>
> Am 05.01.2018 7:35 nachm. schrieb "Marco de Abreu" <
> marco.g.abreu@googlemail.com>:
>
> I totally agree, this is not the way it should work in an Apache Project.
> It's running on an isengard account, meaning it is only accessible for
> Amazon employees. The problem is that a compromised account could cause
> damage up to 170,000$ per day. There are alarms in place to notice those
> cases, but we still have to be very careful. These high limits have been
> chosen due to auto scaling being added within the next week's.
>
> I'd be happy to introduce a committer into the CI process and all the
> necessary steps as well as granting them permission. The only restriction
> being that it has to be and Amazon employee and access to console, master
> and slave only being possible from the Corp network.
>
> There is no open ticket. What would you like to request?
>
> -Marco
>
>
> Am 05.01.2018 7:22 nachm. schrieb "Chris Olivier" <cjolivier01@gmail.com>:
>
> Like John and other mentors were saying, it's not proper for CI to be a
> closed/inaccessible environment.  Is it running on an Isengard account or
> in PROD or CORP or just generic EC2?  I think that we should remedy this.
> It's very strange that no committers have access at all.  Is there a ticket
> open to IPSEC?
>
> On Fri, Jan 5, 2018 at 10:17 AM, Marco de Abreu <
> marco.g.abreu@googlemail.com> wrote:
>
> > Hello Chris,
> >
> > At the moment this is not possible due Amazon AppSec (Application
> security)
> > restrictions which does not permit user data and credentials on these
> > machines.
> >
> > I have been thinking about adding single sign on bound to GitHub, but we
> > would have to check back with AppSec.
> >
> > Is the reason for your request still the ability to start and stop
> running
> > builds?
> >
> > Best regards,
> > Marco
> >
> > Am 05.01.2018 7:11 nachm. schrieb "Chris Olivier" <cjolivier01@gmail.com
> >:
> >
> > Marco,
> >
> > Are all committers able to get login access to the Jenkins Server?  If
> not,
> > why?
> >
> > -Chris
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message