This repository has been archived by the owner on Feb 7, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 52
Prod Jenkins User_Management
swatiseagate edited this page Aug 17, 2020
·
5 revisions
- As of now we are using Jenkins’ own user database as Security Realm which is basically used for authentication.
- For Users to use their ldap credentials for authentication we need to change security Realm to LDAP option
Currently on prod jenkins, below list of users and their permissions is used:
| Users | permissions |
|---|---|
| admin | Overall administrator |
| Anonymous | Overall Read, Job Read, View Read |
| Authenticated | Overall Read, Job Build, Job Read, View Read |
| Hare | Overall Read, Credentials Create, Job Build, Job Cancel, Job Read , Job Workspace, View Read |
| eos-core | Overall Read, Credentials Create, Agent Build, Agent Configure, Agent Create, Agent Disconnect, Job, Build, Job Cancel, Job Configure, Job Read View Read |
| CSM-Team | Overall Read, Credentials Create, Job Build, Job Cancel, Job Read, Job Workspace, View Read |
| eos-qa | Overall Read, Credentials Create, Credentials Manage domains, Credentails View, Credentials Update, Agent Build, Agent Configure, Agent create, Agent Delete, Agent Disconnect, Job Build, Job Cancel, Job Configure, Job Create, Job Delete, Job Move, Job Read, Job Workspace, Run Update, Configure View, View Read, SCM Tag, Lockable Resources Reserve, Lockable Unlock, Lockable Resources View |
| eos-ras | Overall Read, Credentials Create, Credentials Update, Credentials View, Agent Build, Agent Configure, Agent create, Agent Delete, Agent Disconnect, Job Build, Job Cancel, Job Configure, Job Create, Job Delete, View read, SCM Tag |
| eos-s3server | Overall Read, Credentials Create, Job Build, Job Cancel, Job read , Job Workspace, View Read |
As LDAP will be enabled for security every user will be able to login with their GID and password to Prod jenkins URL http://eos-jenkins.mero.colo.seagate.com/ And by default will get read-only access. Apart from Read-only access if User need access to trigger job then they have to raise a JIRA ticket as mentioned below.
| Roles | permissions |
|---|---|
| Administrator | Full Access |
| DevOps | create/modify/trigger Jenkins job, Add/remove/configure agents etc. |
| QA | create/modify/trigger Jenkins job in QA Folder only.. Add/remove/configure agents etc. |
| Developer | View/Trigger Jenkins jobs. Should not be able to trigger Jenkins jobs from Dev/Release Builds. |
You need to create a JIRA ticket, mentioning component as RE team and assign it to {Shailesh Vaidya, Gowthaman Chinnathambi, Swati Magar}. The ticket should contain details like which folder user want access and type of access also like create, modify this way.
-
RE CI Process
- CI System Info
- CI Pipeline Info
- Release Info
- Automation Jobs
- Custom OS ISO
- Local CORTX build
-
RE Docker Usage
-
RE Internal