root access to OSUOSL AIX machines for Michael Felt

[mhdawson]

Michael Felt currently is an IBM employee who will retire at the end of this month. He plans to continue his assistance to the OSUOSL system after his retirement. He is very experienced with AIX, VIOS and HMC system administration and configuration, having solved issues like those at OSUOSL for IBM clients. He also is involved in Open Source projects for AIX.

You may have noticed that there was a planned outage our of OSUOSL AIX machine. This was allow Michael to reconfigure the underlying hardware. At this point the next steps require root access to the vms themselves.

Currently we our release machine is NOT at OSUOSL so the only AIX machines would be the existing 7.2 machine which is used for libuv testing and new 7.2 machines provisioned at OSUOSL. I'd like to get the ok for Michael Felt to have root access to that machine as well as any new ones so that he can help OSUOSL maintain them at the system level. The plan would be to give him access by adding his ssh keys to the machines.

[sam-github]

If we could get a couple +1s, that would be great, the rework being done should be quite helpful to us, but the infra provider will need to "peek into the box" to make it happen, and that requires ssh access.

And to be explicit, I'm definitely +1!

[rvagg]

+1 I'm generally fine with this as long as (1) we can establish a decent trust relationship with the individuals involved (they work for a donor, they work for a member company, etc.) and (2) it doesn't involve exposing the staging SSH key on release machines or present risk to the release build pipeline that may undermine confidence in its security. Since this is for test machines and is from a donor then :thumbsup:.

[aixtools]

Hello all,

I have hosted rootvg.net - old school forums - and aixtools.net (not happy enough with the way OSS packaging had been done, or maybe not done, for many years.

I had permission from my local manager to have the portals - but I always had to be sure there was no competition with IBM before. So, they are low-key - or were. I hope to have the time - as I now have the freedom - to be more involved and open.

As to root access - the last 11 to 12 years I have worked as a consultant in IBM Lab Services where, among other things - performed AIX/POWER Performance and Security "healthchecks".

My earlier years in IBM were in IBM education - and until I got blacklisted (for finding too many mistakes and making it too difficult for new course materials to be updated or written I had served as SMA (subject matter expert/authority) for AIX Performance, Security, Networking and Virtualization. I was also very involved in the PowerHA (was HACMP) courseware development.

On my own I have been growing from "struggling" to "promoting" OSS for AIX. The "promotion" being best described by my activities as 'aixtools' where education is the primary driver behind 'rootvg.net'.

I hope to be able to contribute my knowledge of the platform AIX - to improve the product and acceptance of node.js on AIX.

Sincerely, Michael Felt

[mhdawson]

@sam-github I think we have enough +1's to go ahead.

[sam-github]

I labelled this as access request, and never stale while its active.

We don't have to do anything, @aixtools has machine level access so put the .ssh keys on himself.

If @aixtools is willing, I'd be happy to add him to the nodejs org, so that he can be part of the platform-aix team, https://github.com/orgs/nodejs/teams/platform-aix

@aixtools That membership comes with no responsibilities (other than abiding by the code of conduct). It wouldn't mean you'd be on the hook for fixing anything, or responding to anybody. It is occaisonally (monthly perhaps?) pinged on an aix specific issue in either nodejs src, nodejs tests, or sometimes aix machine issues. Other than that should not trigger a flood of email (and if it does, you can ask to be removed). Tell me if you'd like to be added, and I'll see what the process is, probably just its a notification that we will do that, and some thumbs up on this comment right here from build-wg members. If that's more engagement than you want, that's OK, too.

[aixtools]

On 27/05/2020 20:05, Sam Roberts wrote:

I labelled this as access request, and never stale while its active.

We don't have to do anything, @aixtools https://github.com/aixtools has machine level access so put the .ssh keys on himself.

If @aixtools https://github.com/aixtools is willing, I'd be happy to add him to the nodejs org, so that he can be part of the platform-aix team, https://github.com/orgs/nodejs/teams/platform-aix

Am willing (honored?) and I hope, though not required - to be able to provide platform support - e.g., in areas where you might not normally think (e.g., RBAC integration - assuming there is at least a discussion on the level of SELinux and/or AppArmor, etc. integration.

@aixtools https://github.com/aixtools That membership comes with no responsibilities (other than abiding by the code of conduct). It wouldn't mean you'd be on the hook for fixing anything, or responding to anybody. It is occaisonally (monthly perhaps?) pinged on an aix specific issue in either nodejs src, nodejs tests, or sometimes aix machine issues. Other than that should not trigger a flood of email (and if it does, you can ask to be removed). Tell me if you'd like to be added, and I'll see what the process is, probably just its a notification that we will do that, and some thumbs up on this comment right here from build-wg members. If that's more engagement than you want, that's OK, too.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/nodejs/build/issues/2328#issuecomment-634843571, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACSZR5MH454VS3EDEFCQT4TRTVI67ANCNFSM4NF52WNA.

[github-actions[bot]]

This issue is stale because it has been open many days with no activity. It will be closed soon unless the stale label is removed or a comment is made.

[targos]

Do we need to keep this open?