Requesting a new VM for a project
When you want to run an application, not part of the offered services (like e.g. a demo setup of the project), you need to request a dedicated virtual machine. As per policy, it is not possible to request a physical machine. Physical machines are shared resources for all ASF projects.
Infra maintains hosts in different computer centers around the world, most of these hosts are used to run virtual machines. Which means the vm can be relocated as requirements change, without having to reinstall anything.
Requesting the vm
You need to make a JIRA issue with at least the following content:
- a short description of the use
- why do you need a dedicated vm
- is login used in the projects application (HTTPS is mandatory for use of login)
- are any special ports required to be opened
- VM Resources:
- CPU cores (default is 1)
- RAM (default is 1Gb)
- Disk (default is 20Gb)
- OS will be Ubuntu latest LTS release; currently 16.04
- Name (default is <project>-vm.a.o)
- apache Id of project administrator
- Application resources:
- Database (infra have central sql servers, with postgresql and mysql supported)
- Httpd (installed pr default, configuration is to be agreed upon)
- Non-standard packages (will be maintained by puppet)
- DNS names needed (default is to create vmname only)
- Backup needed (default is NO backups other than what is in puppet)
CPU and RAM are expensive resources, so we will (unless you argue real good) start the vm with default, and then if you/we see problems we can always add more. Adding CPU cores/RAM can be done without reinstalling anything.
OS needs to be supported by our standard applications like e.g. puppet, therefore we currently only offer Ubuntu.
Important: the ticket must be ACKed by a PMC member.
Handling the JIRA
We will have a look at the JIRA issue, and maybe ask additional questions, that will all happen as comments on the issue.
Deploying the vm
After all questions have been answered, we will create the vm according to specifications, install the OS and the mandatory standard (infra) applications.
The purpose of the mandatory applications are to - guarantee a level of security - provide ssh access common to all vms
Once tested, the project maintainer will be requested to do ssh to the vm.
The project maintainer is responsible for maintaining the VM. Infra will normally not maintain the vm, but will check on security from time to time.
The project maintainer needs to have ssh keys uploaded to id.a.o before requesting the vm. ssh keys stored in LDAP are used for logins.
When the vm is created, a maintainer gets karma to access the vm (ldap add host to userid), once that has been tested, it is time to get sudo karma if required.
To prepare for sudo karma follow the OPIE guidelines.
When opie works, contact us on #asfinfra, or by commenting the issue, and sudo karma will be granted (ldap add userid to sudoer group).
There are no mandatory rules, but a couple of good advices:
- Keep all changes in Git/Puppet. See: https://github.com/apache/infrastructure-puppet
- If you do not have karma, please create PRs in a branch against our Github repository
- Keep all application data in /x1 if possible.
- Update puppet with all extra installed packages
- See https://github.com/apache/infrastructure-puppet/tree/deployment/modules/<vmname>/manifests/init.pp
- See also: https://cwiki.apache.org/confluence/display/INFRA/Git+workflow+for+infrastructure-puppet+repo
A word of warning
Please do not try to change items controlled by puppet such as:
in essence anything relevant for security.
As sudoer you are expected to know what you do, and are expected to clear any problems you create.
Before doing something, you are always welcome to join #asfinfra and ask.