We maintain four Jenkins instances and require root access to upgrade them or debug them when they go south (via jmap, jstack, strace etc). This request made specifically in the context of T239985, an upcoming Jenkins upgrade.
In the interest of reducing bus factor, we would like to elevate @brennen privileges for Jenkins. He should be added to the shell groups contint-roots and releasers-mediawiki.
contint-roots grants root access on the CI and on releases hosts
releasers-mediawiki grants Jenkins admin on release hosts
The hosts:
contint1001.wikimedia.org |
contint2001.wikimedia.org |
releases1001.eqiad.wmnet |
releases2001.codfw.wmnet |