Re: [webkit-dev] Build Slave Shutdown
On Thu, Dec 16, 2010 at 3:05 PM, William Siegrist wsiegr...@apple.com wrote: Our buildbot allows for anonymous people to trigger things on the slaves, and it is like this on purpose for ease of use. However, that means it is possible for a malicious person to do things like shutdown all of the slaves. That is what happened last night around 10:30pm PST, from 66.57.13.12, and that is why the slaves are offline. Something weird happened when the EFL slave was shut down. It runs as an unprivileged user, but for some reason, the log file (twisted.log) and various other files inside the SVN checkout were owned by root. I initially thought the other admin restarted the buildslave service as root by mistake, but this isn't the case. I've fixed the permissions and the buildslave is up and running again, but I'm still a bit worried about this. chkrootkit does not ring any bells, and disk corruption is unlikely as this is both pontual and the slave is an Amazon EC2 instance. Quick searches on Google didn't return anything useful, so I ask: have things like this happened before? Thanks, Leandro ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] Build Slave Shutdown
On Dec 17, 2010, at 11:53 AM, Leandro Pereira wrote: On Thu, Dec 16, 2010 at 3:05 PM, William Siegrist wsiegr...@apple.com wrote: Our buildbot allows for anonymous people to trigger things on the slaves, and it is like this on purpose for ease of use. However, that means it is possible for a malicious person to do things like shutdown all of the slaves. That is what happened last night around 10:30pm PST, from 66.57.13.12, and that is why the slaves are offline. Something weird happened when the EFL slave was shut down. It runs as an unprivileged user, but for some reason, the log file (twisted.log) and various other files inside the SVN checkout were owned by root. I initially thought the other admin restarted the buildslave service as root by mistake, but this isn't the case. I've fixed the permissions and the buildslave is up and running again, but I'm still a bit worried about this. chkrootkit does not ring any bells, and disk corruption is unlikely as this is both pontual and the slave is an Amazon EC2 instance. Quick searches on Google didn't return anything useful, so I ask: have things like this happened before? No, it sounds like buildbot was run as root at some point. Maybe the owner(s) of the other slaves can chime in about this happening. -Bill ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
[webkit-dev] Build Slave Shutdown
Our buildbot allows for anonymous people to trigger things on the slaves, and it is like this on purpose for ease of use. However, that means it is possible for a malicious person to do things like shutdown all of the slaves. That is what happened last night around 10:30pm PST, from 66.57.13.12, and that is why the slaves are offline. If you own a build slave that is shutdown, you need to restart the buildbot process on it and check that it reconnects to the master. If you have trouble, email me or ping _wms on irc. I landed http://trac.webkit.org/changeset/74194 to disable the shutdown feature for now. We can move to having user accounts, possibly even use trac/svn or bugs credentials, if we feel we need more fine-grained permissions. -Bill___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] Build Slave Shutdown
I've used the shutdown/restart functionality before to try to unwedge a broken bot. The most useful feature, though, is the force build feature, which I use occasionally late at night when the tree is quiet to probe for flakiness. Adam On Thu, Dec 16, 2010 at 9:05 AM, William Siegrist wsiegr...@apple.com wrote: Our buildbot allows for anonymous people to trigger things on the slaves, and it is like this on purpose for ease of use. However, that means it is possible for a malicious person to do things like shutdown all of the slaves. That is what happened last night around 10:30pm PST, from 66.57.13.12, and that is why the slaves are offline. If you own a build slave that is shutdown, you need to restart the buildbot process on it and check that it reconnects to the master. If you have trouble, email me or ping _wms on irc. I landed http://trac.webkit.org/changeset/74194 to disable the shutdown feature for now. We can move to having user accounts, possibly even use trac/svn or bugs credentials, if we feel we need more fine-grained permissions. -Bill ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] Build Slave Shutdown
On Thu, Dec 16, 2010 at 9:05 AM, William Siegrist wsiegr...@apple.comwrote: Our buildbot allows for anonymous people to trigger things on the slaves, and it is like this on purpose for ease of use. However, that means it is possible for a malicious person to do things like shutdown all of the slaves. That is what happened last night around 10:30pm PST, from 66.57.13.12, and that is why the slaves are offline. Do you know when Mac bots become online again? - Ryosuke ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] Build Slave Shutdown
Forced builds are still enabled. But you normally shutdown slaves you do not have shell access to? -Bill On Dec 16, 2010, at 11:50 AM, Adam Barth wrote: I've used the shutdown/restart functionality before to try to unwedge a broken bot. The most useful feature, though, is the force build feature, which I use occasionally late at night when the tree is quiet to probe for flakiness. Adam On Thu, Dec 16, 2010 at 9:05 AM, William Siegrist wsiegr...@apple.com wrote: Our buildbot allows for anonymous people to trigger things on the slaves, and it is like this on purpose for ease of use. However, that means it is possible for a malicious person to do things like shutdown all of the slaves. That is what happened last night around 10:30pm PST, from 66.57.13.12, and that is why the slaves are offline. If you own a build slave that is shutdown, you need to restart the buildbot process on it and check that it reconnects to the master. If you have trouble, email me or ping _wms on irc. I landed http://trac.webkit.org/changeset/74194 to disable the shutdown feature for now. We can move to having user accounts, possibly even use trac/svn or bugs credentials, if we feel we need more fine-grained permissions. -Bill ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] Build Slave Shutdown
In the past, we've had trouble where one of the two Leopard slaves (or whatever) would consistently be failing a dozen or so tests and the other one would be fine. This causes the tree to be very confusing because the tests appear to fail randomly half the time. I've used the shutdown button to solve those problems, but perhaps I should have just talked with you directly instead. Adam On Thu, Dec 16, 2010 at 2:39 PM, William Siegrist wsiegr...@apple.com wrote: Forced builds are still enabled. But you normally shutdown slaves you do not have shell access to? On Dec 16, 2010, at 11:50 AM, Adam Barth wrote: I've used the shutdown/restart functionality before to try to unwedge a broken bot. The most useful feature, though, is the force build feature, which I use occasionally late at night when the tree is quiet to probe for flakiness. Adam On Thu, Dec 16, 2010 at 9:05 AM, William Siegrist wsiegr...@apple.com wrote: Our buildbot allows for anonymous people to trigger things on the slaves, and it is like this on purpose for ease of use. However, that means it is possible for a malicious person to do things like shutdown all of the slaves. That is what happened last night around 10:30pm PST, from 66.57.13.12, and that is why the slaves are offline. If you own a build slave that is shutdown, you need to restart the buildbot process on it and check that it reconnects to the master. If you have trouble, email me or ping _wms on irc. I landed http://trac.webkit.org/changeset/74194 to disable the shutdown feature for now. We can move to having user accounts, possibly even use trac/svn or bugs credentials, if we feel we need more fine-grained permissions. -Bill ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
Re: [webkit-dev] Build Slave Shutdown
You should talk to the slave owner in that case. I just own the master. For example, according to http://build.webkit.org/buildslaves/apple-xserve-5, apple-xserve-5 is owned by bdash. We should probably make sure there are contact details for each slave. -Bill On Dec 16, 2010, at 2:42 PM, Adam Barth wrote: In the past, we've had trouble where one of the two Leopard slaves (or whatever) would consistently be failing a dozen or so tests and the other one would be fine. This causes the tree to be very confusing because the tests appear to fail randomly half the time. I've used the shutdown button to solve those problems, but perhaps I should have just talked with you directly instead. Adam On Thu, Dec 16, 2010 at 2:39 PM, William Siegrist wsiegr...@apple.com wrote: Forced builds are still enabled. But you normally shutdown slaves you do not have shell access to? On Dec 16, 2010, at 11:50 AM, Adam Barth wrote: I've used the shutdown/restart functionality before to try to unwedge a broken bot. The most useful feature, though, is the force build feature, which I use occasionally late at night when the tree is quiet to probe for flakiness. Adam On Thu, Dec 16, 2010 at 9:05 AM, William Siegrist wsiegr...@apple.com wrote: Our buildbot allows for anonymous people to trigger things on the slaves, and it is like this on purpose for ease of use. However, that means it is possible for a malicious person to do things like shutdown all of the slaves. That is what happened last night around 10:30pm PST, from 66.57.13.12, and that is why the slaves are offline. If you own a build slave that is shutdown, you need to restart the buildbot process on it and check that it reconnects to the master. If you have trouble, email me or ping _wms on irc. I landed http://trac.webkit.org/changeset/74194 to disable the shutdown feature for now. We can move to having user accounts, possibly even use trac/svn or bugs credentials, if we feel we need more fine-grained permissions. -Bill ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev ___ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev