Support #23233

Create a "policy" in the machine to control the changes that might be done by other members

Added by Lorena Lobato Pardavila about 1 year ago. Updated 12 months ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:


Quite often, any member of the GlideinWMS team has access to different machines owned by another member. In order to have control and awareness of all the changes being done in that particular machine, I propose to have some kind of “policy” which can be:

  • Create a specific file (for example glideinwms_changes or something like that) that will stay in the machine. It will be updated by any member who has access to and makes any changes over the machine.
  • Inform directly to the owner about the changes that might be done. It's the responsibility of the owner also to follow-up the changes and makes sure that he/she's aware of what's happening in the machine.

In any of the cases, the person who's making the changes MUST notify either of the ways, the changes that it's going to do, in order to avoid conflicts in the future.

Any better proposal for the "policy" is very welcome


#1 Updated by Lorena Lobato Pardavila about 1 year ago

  • Description updated (diff)

#2 Updated by Marco Mambelli about 1 year ago

I added the following to the main wiki:

For machines shared across the team, i.e. machines listed in the GlideinwmsTestInfrastructure, please abide by the directives listed in the operation policy to avoid stepping over the work of fellow developers; this applies also to the machine owner/main maintainer.
For machines shared on a personal level, i.e. the owner gave you access, please follow whatever the owner suggested.

Please edit it if needed and add the policy text in the section in GlideinwmsTestInfrastructure
My suggestion is to add and use 2 files in /root/:
  • glideinwms_notify, with a list of emails of people that should be notified each time a change affecting others is performed
  • glideinems_eventlog, a file where changes to the machine and other activities should be written. This file should be checked also before applying disruptive changes to check if there are tests in progress or other activities that could be disrupted

#3 Updated by Leonardo Lai about 1 year ago

To inform new users about the presence of the aforementioned files (notify and eventlog) in shared machines, I suggest to append few lines to /etc/motd too.
MOTD (message of the day) shows up every time a user logs into the machine.
The new lines could be something like this:

NOTE: this machine is shared across the team, hence it is important
      to keep track of all the changes in the machine configuration.
      Please be aware of the following files in /root/:
        - glideinwms_notify   -> people to notify about changes
        - glideinems_eventlog -> list of changes
      Update them every time you modify something in the machine

I think it's ok, provided that the already existing message ("this is a federal computer...") is not overwritten.

#4 Updated by Lorena Lobato Pardavila about 1 year ago

I like your ideas! Thank you both

I have added the corresponding comments to ITB Frontend (fermicloud308) to GlideinwmsTestInfrastructure. To start with an example, I put here the two files suggested that I have added to the machine:

  • glideinwms_notify:
    #List of emails of people that should be notified each time a change affecting others is performed in this machine:
  • glideinems_eventlog
    #List of changes (starting by the newest) to this machine and other activities to inform the administrator if there are tests or other activities in progress that could be disrupted
    #Please indicate the date, your username <email> and the change in the corresponding block: i.e:
    * Wed Sep 6 2019 Lorena Lobato <>
    - Change_activity_or_test_done

And also I have added Leo' suggestion in MOTD.

llobato@mac-126950:~$ ssh
Last login: Fri Sep  6 18:18:33 2019 from
                              NOTICE TO USERS

       This  is a Federal computer (and/or it is directly connected to a
       Fermilab local network system) that is the property of the United
       States Government.  It is for authorized use only.  Users (autho-
       rized or unauthorized) have no explicit or  implicit  expectation
       of privacy.

       Any  or  all uses of this system and all files on this system may
       be intercepted, monitored, recorded,  copied, audited, inspected,
       and  disclosed  to authorized site, Department of Energy  and law
       enforcement personnel, as  well as authorized officials of  other
       agencies,  both  domestic and foreign.  By using this system, the
       user consents to such interception, monitoring, recording,  copy-
       ing,  auditing,  inspection,  and disclosure at the discretion of
       authorized site or Department of Energy personnel.

       Unauthorized or improper use of this system may result in  admin-
       istrative  disciplinary  action and civil and criminal penalties.
       By continuing to use this system you indicate your  awareness  of
       and  consent to these terms and conditions of use.  LOG OFF IMME-
       DIATELY if you do not agree to  the  conditions  stated  in  this

       Fermilab  policy  and  rules for computing, including appropriate
       use, may be found at

      NOTE: This is the ITB Frontend for FIFE and GlideinWMS. This machine
      is shared across both teams, hence it is important to keep track of
      all the changes in the machine configuration.
      Please be aware of the following files in /root/ and modify them if
        - glideinwms_notify   -> List of people to notify about changes
        - glideinems_eventlog -> List of changes, activities or tests done
          in this machine
-bash: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory

#5 Updated by Marco Mambelli about 1 year ago

  • Target version changed from v3_5_x to v3_6_1

#6 Updated by Lorena Lobato Pardavila about 1 year ago

  • Status changed from Work in progress to Resolved

I think we can close this since every GlideinWMS member is aware of it. Hope this "policy" remains for future VMs creation (especially the critical ones)

#7 Updated by Marco Mambelli 12 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF