[arch-devops] Add Frederik Schwan to the devops team
Hey all, I propose adding Frederik Schwan to the devops team. He's eager to help Arch, he's knowledgeable, and does devops professionally. He's got a good amount of experience with mail stacks and cloud stuff and he'd like to help us out. In fact, he's already helped quite a bit with testing and some accessless devops tasks but the number of tasks requiring access that we currently have far outweigh the accessless tasks and I think he'd like to become more involved. Thoughts? Cheers, Sven
Em junho 20, 2020 22:27 Sven-Hendrik Haase via arch-devops escreveu:
Hey all,
I propose adding Frederik Schwan to the devops team. He's eager to help Arch, he's knowledgeable, and does devops professionally. He's got a good amount of experience with mail stacks and cloud stuff and he'd like to help us out.
In fact, he's already helped quite a bit with testing and some accessless devops tasks but the number of tasks requiring access that we currently have far outweigh the accessless tasks and I think he'd like to become more involved.
Thoughts?
Hi Sven, I think that more help is *always* needed but, and this might sound a bit weird coming from his tu sponsor but, I'm getting a bit worried about the amount of people with root access on Arch Linux. So, my only issue here is that we should think about revoking root access from members of the devops team that are currently not working on devops related tasks, before adding more people. I'm saying this without any detriment to Frederik himself, but this is really related to adding more people while we have a few seemingly inactive "roots" currently. Other than that, +1 from me. Regards, Giancarlo Razzolini
On 24/06/2020 03:47, Giancarlo Razzolini via arch-devops wrote:
Em junho 20, 2020 22:27 Sven-Hendrik Haase via arch-devops escreveu:
Hey all,
I propose adding Frederik Schwan to the devops team. He's eager to help Arch, he's knowledgeable, and does devops professionally. He's got a good amount of experience with mail stacks and cloud stuff and he'd like to help us out.
In fact, he's already helped quite a bit with testing and some accessless devops tasks but the number of tasks requiring access that we currently have far outweigh the accessless tasks and I think he'd like to become more involved.
Thoughts?
Hi Sven,
I think that more help is *always* needed but, and this might sound a bit weird coming from his tu sponsor but, I'm getting a bit worried about the amount of people with root access on Arch Linux.
So, my only issue here is that we should think about revoking root access from members of the devops team that are currently not working on devops related tasks, before adding more people. I'm saying this without any detriment to Frederik himself, but this is really related to adding more people while we have a few seemingly inactive "roots" currently.
I agree with grazz. here, maybe we can limit some access to only what's required for that particular role?
Other than that, +1 from me.
Same for me! Greetings, Jelle van der Waa
On 21/06/2020 03.27, Sven-Hendrik Haase via arch-devops wrote:
Hey all,
I propose adding Frederik Schwan to the devops team. He's eager to help Arch, he's knowledgeable, and does devops professionally. He's got a good amount of experience with mail stacks and cloud stuff and he'd like to help us out.
In fact, he's already helped quite a bit with testing and some accessless devops tasks but the number of tasks requiring access that we currently have far outweigh the accessless tasks and I think he'd like to become more involved.
Thoughts?
Cheers, Sven
DevOps team traditionally consisted of developers, with exception of fukawi who is a member of our community for longer than many packagers are. While I understand you trust Frederik, he joined Arch only recently and unless you have some particular task in mind, I don't see why he would need root access to the entire infrastructure. It should be no-brainer to let him access only specific VPSes or even create a disposable one only for testing purposes. Bart
Em junho 30, 2020 17:32 Bartłomiej Piotrowski via arch-devops escreveu:
DevOps team traditionally consisted of developers, with exception of fukawi who is a member of our community for longer than many packagers are. While I understand you trust Frederik, he joined Arch only recently and unless you have some particular task in mind, I don't see why he would need root access to the entire infrastructure. It should be no-brainer to let him access only specific VPSes or even create a disposable one only for testing purposes.
Except this is not exactly true. I've joined as TU on November 2016 [0] and on the same month I was also given root access to the devops team [1]. The main problem with specific access is the vault and it's something we've discussed in the past. And, to fix that we need ... more people on devops. It's a chicken-egg problem. I'm not going to hijack this thread anymore with other topics, as I've said above, freswa has been contributing to Arch in several manners for *way* longer I was when I was given root access and he's not only knowledgeable, but wanting to help, so, again, it's a +1 from me. Regards, Giancarlo Razzolini [0] https://lists.archlinux.org/pipermail/aur-general/2016-November/032892.html [1] https://gitlab.archlinux.org/archlinux/infrastructure/-/commit/83b21fd45121a...
On 7/2/20 10:44 PM, Giancarlo Razzolini via arch-devops wrote:
Em junho 30, 2020 17:32 Bartłomiej Piotrowski via arch-devops escreveu:
DevOps team traditionally consisted of developers, with exception of fukawi who is a member of our community for longer than many packagers are. While I understand you trust Frederik, he joined Arch only recently and unless you have some particular task in mind, I don't see why he would need root access to the entire infrastructure. It should be no-brainer to let him access only specific VPSes or even create a disposable one only for testing purposes.
Except this is not exactly true. I've joined as TU on November 2016 [0] and on the same month I was also given root access to the devops team [1]. The main problem with specific access is the vault and it's something we've discussed in the past. And, to fix that we need ... more people on devops. It's a chicken-egg problem.
I fully agree on this part. While its good to be overall a bit conservative about handing out such permissions illy willy but and the end of the day it always boils down to trust. For me I think Frederik earned a fair portion of trust in the community and among the team as a bug wrangler and TU. On top be seems very eager and motivated to tackle multiple outstanding topics where he can bring in his experience. Taking both sides into consideration, from my side its a +1 to get him onboard. cheers, Levente
On 21.06.20 03:27, Sven-Hendrik Haase wrote:
Hey all,
I propose adding Frederik Schwan to the devops team. He's eager to help Arch, he's knowledgeable, and does devops professionally. He's got a good amount of experience with mail stacks and cloud stuff and he'd like to help us out.
In fact, he's already helped quite a bit with testing and some accessless devops tasks but the number of tasks requiring access that we currently have far outweigh the accessless tasks and I think he'd like to become more involved.
Thoughts?
Cheers, Sven
Since no new opinions are coming in, I'll summarise: Everyone agrees it's fine to let Frederik do some specific tasks without giving him full access. Some people have reservations about giving full access which is fair. Our problem is that our vault currently is all-or-nothing. This leads me to a new conundrum: How do we share only a little bit of access but still allow people to run the playbooks properly? Currently we assume everyone has full access but we need to rethink that assumption. This in turn would also make it less painful to get people into DevOps roles in Arch as we wouldn't necessarily have to grant full access to all secrets. I made an issue for this where we can discuss it further [0]. But I digress. The problem is: We only have so many tasks which can be done on a limited access basis. Our biggest tasks right now are migrations which often involve multiple services at once and therefore require significant access. I'll do this: I'll work with Frederik and see how much we can do without full vault access. There are a few specific issues I have in mind and I'll hand out specific credentials as required. When the time comes and we're reaching a point where we've exhausted the issues that can be done without full access, I'll send another mail. Let's consider Frederik a limited-access member of the DevOps team for the time being. :) Cheers, Sven [0] https://gitlab.archlinux.org/archlinux/infrastructure/-/issues/64
participants (6)
-
Bartłomiej Piotrowski
-
Giancarlo Razzolini
-
Jelle van der Waa
-
Levente Polyak
-
Santiago Torres-Arias
-
Sven-Hendrik Haase