LFIT Access to Secrets Part II

[ryanaslett]

I'd like to get access to the infra secrets, so that I can work on the backup/grafana/unencrypted machines that need to be transitioned from Equinix.

It would also be helpful to have jenkins admin access, to both release and test, in order to bring them fully online once I have them built. (and pass ansible the jenkins secret key etc)

Eventually, it would be ideal to have access to any other Vendor accounts or dashboards so that I can assist in evaluate/investigate/audit any other resource issues that come up. (and also do more discovery on the vendor relationships that exist).

Thanks, Ryan

[richardlau]

+1 from me

cc @nodejs/build-infra

[UlisesGascon]

+1 from me

[mhdawson]

+1 from me.

[ryanaslett]

Vendor accounts I'm hoping to access, or, learn more about their history. Some of this is just exploratory to find out what our vendor relationships are, and whether they can be more formalized etc.

• [ ] Azure (To anlayze usage to help OpenJSF Negotiate an agreement for future credits https://github.com/nodejs/build/issues/3672)
• [ ] GCP (To help understand how its being used, and the nature of the credits /vendor etc) (re: https://github.com/nodejs/build/issues/3697)
• [ ] Rackspace - also to see whats there/
• [ ] IBM -
• [ ] iinthecloud (?)
• [ ] rzkh (?)
• [ ] Softlayer (?)
• [ ] OSUOSL (?) - probably doesnt have a console/login/account thing
• [ ] Marist - same as OSUOSL but just in case.

[richardlau]

Re. these:

• [ ] iinthecloud (?)
• [ ] rzkh (?)

These are the hosts for the IBM i machines. Build doesn't actually have access to hosting console/account -- we've previously been going through @ThePrez (who sourced these) for anything that cannot be done via ssh. I believe @abmusse has access (at least for iinthecloud).

• [ ] Softlayer (?)

IBM bought Softlayer back in 2013. It's now been rebranded IBM Cloud, and any references to "Softlayer" in the Ansible inventory are historic. You'll need to create an individual account on IBM Cloud and then we can get you added to the organizational accounts (there's more than one depending on the type of machine).

• [ ] OSUOSL (?) - probably doesnt have a console/login/account thing

We have three separate things at OSUOSL:

• AIX machines. No console/login/account management.
• arm64 OpenStack. Linux arm64 machines. This hosts the smaller arm64 machines that we had to migrate previously from Equinix Metal (see https://github.com/nodejs/build/issues/3028 for history).
• OpenPOWER OpenStack. Linux ppc machines. This is a completely separate OpenStack instance to the arm one.

• [ ] Marist - same as OSUOSL but just in case.

Two sets of machines here:

• LinuxONE self-provisioning system. Linux on s390x.
• z/OS. No console/login/account management.

[targos]

It would also be helpful to have jenkins admin access, to both release and test, in order to bring them fully online once I have them built. (and pass ansible the jenkins secret key etc)

I added you to both github teams that give jenkins admin access.

[ryanaslett]

Great, thank you!

[targos]

@ryanaslett I can add you to the GCP project as an owner. I just need an email address.

[richardlau]

@ryanaslett You should now have access to the infra folder in the secrets repository.