Page MenuHomePhabricator

Give all members of the deployment-prep project sudo
Closed, ResolvedPublic

Description

In a recent irc conversation {{citation needed}} it was determined that the requirement for people to have signed an NDA is bogus. The ability to sudo all commands should be restored for all members of the project.


Version: unspecified
Severity: enhancement
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501

Details

Reference
bz69269

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 3:29 AM
bzimport set Reference to bz69269.
bzimport added a subscriber: Unknown Object (MLST).
bd808 created this task.Aug 7 2014, 9:42 PM

That has been done because we want to deploy real SSL certificate on the HTTPS handlers (on beta cluster, that is nginx on the varnish instances): bug 48501. So I went with a sudoer group under_NDA.

I lack knowledge about how SSL Certificate authority and certs work. There might be a way to have some custom SSL cert that we would not mind too much being stollen.

bd808 added a comment.Aug 8 2014, 3:36 PM

Making this change would essentially mean that we are abandoning the quest for installing commercially provided ssl certificates in beta and closing bug 48501 as WON'T FIX. We could still do something using self-signed certs of that is wanted/needed.

I would like to hear from Antoine and Chris McMahon on this topic. I'd personally come down on the side of allowing more people to participate in beta in a meaningful way, but I'm willing to be told that I'm missing a bigger picture need.

greg triaged this task as Medium priority.Nov 24 2014, 11:26 PM
greg added a comment.Feb 2 2015, 4:40 PM

doit, but let it be known that this means we'll continually hit weird ssl-related issues that aren't seen in prod (and thus annoying as heck, and we'll (RelEng) need help diagnosing them).

See also: Safari not deleting cookies and redirecting to https and failing to login on beta.

Alright, doing this now...

Done. Everyone, NDA or not, can sudo on deployment-prep now. @greg I'll email releng list, am unsure where else this should be communicated...

yuvipanda closed this task as Resolved.Mar 5 2015, 1:14 PM
yuvipanda claimed this task.
yuvipanda moved this task from Next: Feature to Done on the Beta-Cluster-Infrastructure board.