Comments (8)
The build team has been cautious in terms of giving access to key infrastructure. While I understand the desire to make changes more quickly, part of that caution is to avoid emergency situations where the build team has to jump into fix things when they have not planned time to be able to do that.
There are discussions with the foundation in terms of taking over management of some/all of the Node.js infra and I think moving forward with that is a good way to address the current frustrations. It should provide an SLA for requests as well as people who are paid to respond quickly when changes cause issues.
I think having the Linux IT team take over the the Website infra including the downloads, along with Cloudflare would be a good first step in terms of the Foundation helping with Node.js infra and would be good to prioritize in terms of addressing @ovflowd frustrations as well.
from admin.
@UlisesGascon did some initial work on using Teraform to manage our cloudflare configuration and doing that might be a great way were requests could be done through PRs and then the Linux IT would be the team that would land those PRs once there were approvals, and be ready to do rollbacks if needed.
Yes, I think Terraform is the way to go here. It will allow us to be faster and safer when making changes in Cloudflare. I can focus on this as a priority once I am back from holidays. We just need to agree first within the Build team that we are confident with the new way of using infrastructure secrets in the Github actions and and how to trigger the changes, etc.., as this is a new tool for the project/team. π.
This was the major blocker until now for Terraform adoption nodejs/build#3391.
from admin.
@bensternthal do you have any idea of the timeline for when the Linux IT team would be able to start working on managing the Website/cloudflare infra and related discussion with the build WG?
@UlisesGascon did some initial work on using Teraform to manage our cloudflare configuration and doing that might be a great way were requests could be done through PRs and then the Linux IT would be the team that would land those PRs once there were approvals, and be ready to do rollbacks if needed.
from admin.
@mhdawson Right now the IT team is blocked because they do not have any access to the node accounts for github, jenkins, and cloudflare. Is there anything you can do to help here? They just need read only access to complete their audit.
from admin.
I don't remember the issue/slack conversation but for github they should already have read access to most things in the repo, if they could be specific about what they need to see that cannot today that would be great.
For Jenkins they should already have read access to most of the CI, jobs etc. Again if we could be more specific about what they don't have access to that's needed that would help us add specific persmissions in the Jenkings config.
For cloudflare I think I can figure that out. I believe we need to add a cloudflare id with red only privs. What is the id that we should add?
from admin.
For Jenkins they should already have read access to most of the CI, jobs etc. Again if we could be more specific about what they don't have access to that's needed that would help us add specific persmissions in the Jenkings config.
I think you need to be a collaborator to have read access to the job configs.
There's an issue tracking Jenkins access for LF IT: nodejs/build#3444
And another for Cloudflare access: nodejs/build#3445
Both of those are not in the scope of this issue which is for the web-infra team. We discussed that in this week's Build WG call and our preferred route of expanding write access to Cloudflare is to progress the Terraform work and enable changes to be PR-able into a GH repo.
from admin.
@richardlau thanks for the links to those issues.
@bensternthal can you add the id that we need to add for read-only cloudflare access into nodejs/build#3445
from admin.
@mhdawson much thanks for the help! The account to add is [email protected]
Mentioning @vvalderrv for visibility
from admin.
Related Issues (20)
- Create `nodejs/socket` repository for Node.js implementation of Cloudflare's Socket API HOT 12
- Youtube and zoom access for @marco-ippolito HOT 11
- Have a mascot HOT 86
- Reward Contributors Better - New Project Role HOT 14
- Triage and nodejs/help improvements HOT 8
- Create a primordials-use-cases repository HOT 4
- Collaborator Changes - More Privacy HOT 15
- Grace Hopper Day - Create a temporary label HOT 5
- FYI - Creating team for Linux IT for jenkins access HOT 1
- Turttle Mascot for NodeJSπ’ HOT 2
- FYI - adding @AdamBraden to windows teams HOT 2
- Create platform teams for `loong64` and `riscv64` HOT 3
- Add `nodejs-crowdin` Bot to the Node.js Org HOT 8
- Create nodejs/standards-positions repository HOT 19
- New additions to platform-aix team HOT 1
- Create GitHub Account for Shared Vercel Account HOT 11
- Transfer aduh95/collaborators-public-votes to the org HOT 4
- 1password and vercel access HOT 6
- Giving access to @marco-ippolito to security releases HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from admin.