Planet Gluster

Aggregated news from external sources

Upgrading the Gluster Jenkins Server

November 15, 2017

I’ve been wanting to work on upgrading build.gluster.org setup for ages.
There’s a lot about that setup that isn’t ideal in how people use Jenkins
anymore.

We used the unix user accounts for access to Jenkins. This means Jenkins needs
to read /etc/passwd and everyone has SSH access via passwords by default.
Very often, the username wasn’t tied to an actual email address. I had to
guess the account owner based on their usernames elsewhere. This was also open
to brute force attacks. The only way to change passwords was to login to the
server and run passwd command. We fixed this problem a few months ago by
switching our auth to Github. Now access control is a Github group which gives
you more permissions. Logging in will not give you any more permissions than
not logging in.

Our todo list during the Jenkins upgrade

Jenkins community now recommends not running jobs on the master node at all.
But our old setup depended on certain jobs always running on master. One by
one, I’ve eliminated them so that they can now run on any node agent. The last
job left is our release job. We make the tar from every release available on an
FTP-like server. In our old setup, the this server and Jenkins were the same
machine. The job ran on master and depended on them both being the same
machine. We decided to split up the systems so we could take down Jenkins
without any issue. We intend to fix this with an SCP command at the end of the
release job to copy artifacts to the FTP-like server.

One of the Red Hat buildings in Brno

Now, we have a Jenkins setup that I’m happy with. At this point, we’ve fixed
a vast majority of the annoying CI-related infra issues. In a few years, we’ll
rip them all out and re-do them. For now, spending a week with my colleague in
Brno working on an Infra sprint has been well worth our time and energy.

Source: nigelb (Upgrading the Gluster Jenkins Server)

BLOG

  • 31 May 2018
    Gluster Monthly Newsletter, May 201...

    Announcing mountpoint, August 27-28, 2018 Our inaugural software-defined storage conference combining Gluster, Ceph and other projects! More details at: http://lists.gluster.org/pipermail/gluster-users/2018-May/034039.html CFP at: http://mountpoint.io/   – closes June 15   Gluster Summit Videos – All our available videos (and slides) from Gluster Summit 2017 are up! Check out the GlusterCommunity YouTube homepage...

    Read more
  • 07 May 2018
    Gluster Monthly Newsletter, April 2...

    Announcing mountpoint, August 27-28, 2018 Our inaugural software-defined storage conference combining Gluster, Ceph and other projects! More details at: http://lists.gluster.org/pipermail/gluster-users/2018-May/034039.html CFP at: http://mountpoint.io/   Out of cycle updates for all maintained Gluster versions: New updates for 3.10, 3.12 and 4.0 http://lists.gluster.org/pipermail/announce/2018-April/000098.html   Project Technical Leadership Council Announced http://lists.gluster.org/pipermail/announce/2018-April/000094.html   Gluster...

    Read more
  • 30 Apr 2018
    Updated Gluster Releases

    The Gluster community has released an out-of-normal-cadence release for Gluster 3.10, 3.12, and 4.0 that resolves a CVE[1] that has been classified as Important. A privilege escalation flaw was found in the gluster snapshot scheduler.   Any gluster client allowed to mount gluster volumes could also mount shared gluster storage...

    Read more