When you want to run an application that is not part of the offered services (like a demo setup of the project), you need to request a dedicated virtual machine (vm). It is not possible to request a physical machine. Physical machines are shared resources for all ASF projects.
Infra maintains hosts in different computer centers around the world. Most of these hosts are used to run virtual machines, so your vm can be relocated as requirements change, without you having to reinstall anything.
You need to open a Jira issue with at least the following content:
CPU and RAM are expensive resources, so we will (unless you make a really compelling case) start the vm with default values, and then if you/we see problems we can always add more. Adding CPU cores/RAM can be done without reinstalling anything.
The OS needs to be supported by our standard applications like puppet, therefore we currently only offer Ubuntu.
Important: the ticket must be acknowledged by a PMC member.
We will have a look at the Jira issue, and maybe ask additional questions using the comments feature on the issue.
After all questions have been answered, we will create the vm according to specifications, install the OS and the mandatory standard (infra) applications. The mandatory application guarantee a level of security and provide ssh access common to all vms.
Once we have tested the vm, we will ask the project maintainer to do ssh to the vm.
The project maintainers are responsible for maintaining the vm. Infra will normally not maintain the vm, but will check on security from time to time.
Each project maintainer needs to have ssh keys uploaded to id.a.o before requesting the vm. ssh keys stored in LDAP are used for logins.
When the vm is created, each maintainer gets karma to access the vm (ldap add host to userid). Once that has been tested, it is time to get sudo karma if it is required.
To prepare for sudo karma follow the OPIE guidelines.
When opie works, contact us on #asfinfra, or by commenting on the issue, and sudo karma will be granted (ldap add userid to sudoer group).
To use key-based login, you need to generate a key on your local desktop (do not use a publicly accessible server for this) and then add your public key to LDAP using the self-service app at https://id.apache.org
Once you have done this, wait at least 10 mins. You should then be able to login as follows:
:::shell $ ssh [username]@$project-vm.apache.org
Depending on your client setup, you may need to run the following command to ensure the key(s) are made available to the ssh client on your system:
:::shell $ ssh-add
If you use PuTTY then ensure that it is configured to force SSH v2 protocol. And use keyboard-interactive.
Once you are logged on, there are few tasks best performed right away. Please take care when using your shell account.
You need to check that your
umask is set in a group friendly fashion. This ensures that the documents you create are editable by your fellow committers. To do this, (depending on which shell you use) edit the
.cshrc file or
.profile (sh derivatives) and ensure that the
umask is set as follows:
umask line already exists, modify it. Otherwise, a new line needs to be added. (You will need to use a *nix command-line editor such as
Tip: You can view the files of some other committer, e.g.
ls -al ~mymentor; cat ~mymentor/.cshrc
There are no mandatory rules, but here are some suggestions:
Please do not try to change items controlled by puppet, such as:
in essence, anything relevant for security.
As sudoer you are expected to know what you do, and are expected to clear any problems you create.
Before doing something, you are always welcome to join #asfinfra and ask about itThis material has moved here.