The old slavealloc page (http://slavealloc.build.mozilla.org/) is accessible over BuildVPN without any further permissions. However BuildVPN and the old build.m.o services are going away, so we should be using https://secure.pub.build.mozilla.org/ from now on. The new page doesn't need to be accessed over VPN, however it appears to need special LDAP permissions (presuming releng group is needed to access much of the non public parts of build.m.o). Please may myself, RyanVM, KWierso, Tomcat & philor be given access to slavealloc. Ideally, please give the permissions to the existing vpn_sheriffs group, since it will make it easier to maintain over time. We'll just need to get philor added to that LDAP group. Filing the bug in releng to get signoff before moving over to an IT component for actioning. Many thanks :-)

(In reply to Ed Morley [:edmorley UTC+1] from comment #0) > However BuildVPN and the old build.m.o services are going away, so we should > be using https://secure.pub.build.mozilla.org/ from now on. Correct URL: https://secure.pub.build.mozilla.org/slavealloc/

(In reply to Ed Morley [:edmorley UTC+1] from comment #0) > The old slavealloc page (http://slavealloc.build.mozilla.org/) is accessible > over BuildVPN without any further permissions. > > However BuildVPN and the old build.m.o services are going away, so we should > be using https://secure.pub.build.mozilla.org/ from now on. > > The new page doesn't need to be accessed over VPN, however it appears to > need special LDAP permissions (presuming releng group is needed to access > much of the non public parts of build.m.o). Please may myself, RyanVM, > KWierso, Tomcat & philor be given access to slavealloc. Ideally, please give > the permissions to the existing vpn_sheriffs group, since it will make it > easier to maintain over time. We'll just need to get philor added to that > LDAP group. > > Filing the bug in releng to get signoff before moving over to an IT > component for actioning. 1) Ack, and yes, this counts as signoff from RelEng. 2) Assuming that "vpn_sheriffs" group is RyanVM/KWierso/Tomcat/Philor, lets use the ldap group as I agree thats easier to maintain. Going forward, who owns that group, and can you ensure that RelEng is notified when people are being added/removed from that group?

(In reply to John O'Duinn [:joduinn] from comment #2) > (In reply to Ed Morley [:edmorley UTC+1] from comment #0) > > Filing the bug in releng to get signoff before moving over to an IT > > component for actioning. > > 1) Ack, and yes, this counts as signoff from RelEng. Over to relops for action

(In reply to John O'Duinn [:joduinn] from comment #2) > 2) Assuming that "vpn_sheriffs" group is RyanVM/KWierso/Tomcat/Philor, lets > use the ldap group as I agree thats easier to maintain. Going forward, who > owns that group, and can you ensure that RelEng is notified when people are > being added/removed from that group? vpn_sheriffs is currently {edmorley,RyanVM,KWierso,Tomcat}, I'm going to get philor added shortly. I'm happy to own vpn_sheriffs if that's ok with you - and I'll ensure we notify release@moco (or CC the bugzilla component email for releng; whichever is preferred) whenever the member list is changed. Thank you! :-)

This should be active now.

Unfortunately my LDAP credentials don't appear to work for https://secure.pub.build.mozilla.org/slavealloc/

Ah, you gave me the wrong group name, throwing me off the trail! Should be active in about an hour.

Oh my, memory fail in the time it took to switch tabs from bug 886078 to this when filing. Sorry about that! :-)

Sorry to be a pain - it doesn't seem to be working still. Do I just need to wait longer?

Ugh, this one's on me. "Sherrif" is one of those words I just can't see spelled right. And I double-checked it too! One r, Two f's, no trailing s. I can't very effectively test it since I'm in both of the other groups that have access, and not in vpn_sheriff (or vpn_sherrif, or vpn_sheriffs, or..) I pushed this change directly, so you should see satisfaction immediately.

Working great - thank you :-)