Reducing SPOFs, people edition

Hello all, We've seen some SPOFs (Single Point Of Failure) on people. We all know this is a bad thing, but how do we fix it? Let's start by listing the services. Please correct/add info if you have it. - openshift -- Services * website / wiki -- Admins * Rydekull (SSH only) * ewoud (SSH only) * quaid (full admin) - linode01 -- Services * resources * mailing lists * gerrit backups -- Admins * RobertM * Rydekull * dcaro * eedri * ewoud * mburns * quaid - alterway01 -- Services * jenkins master -- Admins * dcaro * eedri * ewoud (jenkins account broken due to openid plugin) * quaid * RobertM - Alterway02 -- Services * ovirt host to be, waiting for IP space to install guests -- Admins * dcaro * eedri * ewoud - Rackspace -- Services * jenkins slaves (not installed yet) -- Admins * quaid Jenkins slaves, incomplete list I'm sure - jenkins.ekohl.nl Runs Fedora 17, sponsored by my employer Oxilion. -- Admins * eedri * ekohl

----- Original Message -----
From: "Ewoud Kohl van Wijngaarden" <ewoud+ovirt@kohlvanwijngaarden.nl> To: infra@ovirt.org Sent: Monday, April 22, 2013 3:09:29 PM Subject: Reducing SPOFs, people edition
Hello all,
We've seen some SPOFs (Single Point Of Failure) on people. We all know this is a bad thing, but how do we fix it?
Let's start by listing the services. Please correct/add info if you have it.
- openshift -- Services * website / wiki
-- Admins * Rydekull (SSH only) * ewoud (SSH only) * quaid (full admin)
- linode01 -- Services * resources * mailing lists * gerrit backups
-- Admins * RobertM * Rydekull * dcaro * eedri * ewoud * mburns * quaid
- alterway01 -- Services * jenkins master
-- Admins * dcaro * eedri * ewoud (jenkins account broken due to openid plugin)
openid only works for on google account i think, this shouldn't block you from logging in normally. if need a password reset, let me know.
* quaid * RobertM
- Alterway02 -- Services * ovirt host to be, waiting for IP space to install guests
-- Admins * dcaro * eedri * ewoud
- Rackspace -- Services * jenkins slaves (not installed yet)
-- Admins * quaid
Jenkins slaves, incomplete list I'm sure
- jenkins.ekohl.nl Runs Fedora 17, sponsored by my employer Oxilion.
-- Admins * eedri * ekohl
- EC2 slaves f18/rhel 6.4 -- Admins * iheim - had admin on vms administration * eedri * dcaro * jenkins user accessible from master server with sudo
_______________________________________________ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra

On 04/22, Eyal Edri wrote:
----- Original Message -----
From: "Ewoud Kohl van Wijngaarden" <ewoud+ovirt@kohlvanwijngaarden.nl> To: infra@ovirt.org Sent: Monday, April 22, 2013 3:09:29 PM Subject: Reducing SPOFs, people edition
Hello all,
We've seen some SPOFs (Single Point Of Failure) on people. We all know this is a bad thing, but how do we fix it?
Let's start by listing the services. Please correct/add info if you have it.
- openshift -- Services * website / wiki
-- Admins * Rydekull (SSH only) * ewoud (SSH only) * quaid (full admin)
- linode01 -- Services * resources * mailing lists * gerrit backups
-- Admins * RobertM * Rydekull * dcaro * eedri * ewoud * mburns * quaid
- alterway01 -- Services * jenkins master
-- Admins * dcaro * eedri * ewoud (jenkins account broken due to openid plugin)
openid only works for on google account i think, this shouldn't block you from logging in normally. if need a password reset, let me know.
* quaid * RobertM
- Alterway02 -- Services * ovirt host to be, waiting for IP space to install guests
-- Admins * dcaro * eedri * ewoud
- Rackspace -- Services * jenkins slaves (not installed yet)
-- Admins * quaid
Jenkins slaves, incomplete list I'm sure
- jenkins.ekohl.nl Runs Fedora 17, sponsored by my employer Oxilion.
-- Admins * eedri * ekohl
- EC2 slaves f18/rhel 6.4
-- Admins * iheim - had admin on vms administration * eedri * dcaro * jenkins user accessible from master server with sudo
- EC2 Gerrit -- Admins (Correct me if I'm wrong) * iheim * kwade (limited) * eedri (limited)
_______________________________________________ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
_______________________________________________ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra

On 04/22/2013 04:01 PM, David Caro wrote:
- EC2 Gerrit
-- Admins (Correct me if I'm wrong) * iheim * kwade (limited) * eedri (limited)
iirc. they have sudo for host/system admin and kwade setup the gerrit backup service, but not expected to do gerrit administration specifically.

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2SXJLCDDIWTRGXEILKTGH Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 04/24/2013 08:19 AM, Itamar Heim wrote:
On 04/22/2013 04:01 PM, David Caro wrote:
- EC2 Gerrit
-- Admins (Correct me if I'm wrong) * iheim * kwade (limited) * eedri (limited) =20 iirc. they have sudo for host/system admin and kwade setup the gerrit backup service, but not expected to do gerrit administration specifical= ly.
+1 --=20 Karsten 'quaid' Wade, Sr. Analyst - Community Growth http://TheOpenSourceWay.org .^\ http://community.redhat.com @quaid (identi.ca/twitter/IRC) \v' gpg: AD0E0C41 ------enig2SXJLCDDIWTRGXEILKTGH Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iD8DBQFReBUG2ZIOBq0ODEERApiHAJ9ylrSgIPZgsR81usUR7MK06Y/3EACgzuPi L0zhVN2+S74R8HXCCJfhVC4= =RpR6 -----END PGP SIGNATURE----- ------enig2SXJLCDDIWTRGXEILKTGH--

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2LQQARRQNNFKRTVACRERB Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 04/22/2013 05:09 AM, Ewoud Kohl van Wijngaarden wrote: > Hello all, >=20 > We've seen some SPOFs (Single Point Of Failure) on people. We all know > this is a bad thing, but how do we fix it? >=20 > Let's start by listing the services. Please correct/add info if you hav= e > it. >=20 > - openshift > -- Services > * website / wiki >=20 > -- Admins > * Rydekull (SSH only) > * ewoud (SSH only) > * quaid (full admin) + * dneary (SSH only) + * garrett (SSH only) + * jbrooks (SSH only) Also, I used quaid@ovirt.org, and that can be aliased to anyone, so we can at least shift the full admin SPOF to another soft human. The additional people are more than just members of my team at Red Hat, they are also people who have been significant contributors to oVirt in a number of ways; I've basically just considered them junior and quiet Infra members. :) > - linode01 > -- Services > * resources > * mailing lists > * gerrit backups >=20 > -- Admins > * RobertM > * Rydekull > * dcaro > * eedri > * ewoud > * mburns - * quaid + * quaid (full Linode back-end admin) Those are all my fixes to this list. - Karsten > - alterway01 > -- Services > * jenkins master >=20 > -- Admins > * dcaro > * eedri > * ewoud (jenkins account broken due to openid plugin) > * quaid > * RobertM >=20 > - Alterway02 > -- Services > * ovirt host to be, waiting for IP space to install guests >=20 > -- Admins > * dcaro > * eedri > * ewoud >=20 > - Rackspace > -- Services > * jenkins slaves (not installed yet) >=20 > -- Admins > * quaid >=20 > Jenkins slaves, incomplete list I'm sure >=20 > - jenkins.ekohl.nl > Runs Fedora 17, sponsored by my employer Oxilion. >=20 > -- Admins > * eedri > * ekohl > _______________________________________________ > Infra mailing list > Infra@ovirt.org > http://lists.ovirt.org/mailman/listinfo/infra >=20 --=20 Karsten 'quaid' Wade, Sr. Analyst - Community Growth http://TheOpenSourceWay.org .^\ http://community.redhat.com @quaid (identi.ca/twitter/IRC) \v' gpg: AD0E0C41 ------enig2LQQARRQNNFKRTVACRERB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iD8DBQFRdvTM2ZIOBq0ODEERApwnAKCkiaIk9IVkPnNmYBPU0NHyFKmqrwCghY0C zu87quwegksj1KLjUvbzNss= =ZDeB -----END PGP SIGNATURE----- ------enig2LQQARRQNNFKRTVACRERB--
participants (5)
-
David Caro
-
Ewoud Kohl van Wijngaarden
-
Eyal Edri
-
Itamar Heim
-
Karsten 'quaid' Wade