My apologies for a delay in handling INFRA-240 <https://issues.jenkins-ci.org/browse/INFRA-240>. As the ticket indicates now, I've resolved the problem. The issue was that ldap daemon wasn't restarted when I installed a new certificate last week. So it continued running with the old certificate, and when it expired, Artifactory started refusing to talk to it.
Local apps on cucumber weren't affected because it was using unsecured communication. I need to figure out why JIRA and Confluence were unaffected by this. Perhaps they have the password locally cached, perhaps they have LDAP connections pooled and long-running, or perhaps they don't properly check the certificate. The next thing I want to talk about is that I think this is a symptom of a deeper issue, which is that the infra ops coverage has fallen way behind. Tyler isn't spending time on this project as he used to be, and the time I spend on Jenkins infra is not as much as it needs to be, too. In the last 6 months or so, we've handed out infra acecss right to a few more people (Daniel Beck and Oleg Nanoshev, IIRC), and that was good for better time zone coverage and what not. But the problem still remains that there is a leadership vacuum, that no one sufficiently "owns" the infra, and that's difficult to solve by adding more hands alone. So here's what I'd like to propose: - Formalize our ops team more by designating the lead that reports to the board. The lead shall be chosen in the discussion during the project meeting. - Under the new lead, accept another round of ops team members to help spread the workload. I know for example Kostasya is interested in helping. - Kohsuke (and Tyler if he can join) and the ops team will schedule a series of "transfer of information" sessions to bring the new ops lead and the team up to speed about how things are put together today. - Identify and remove single-point-of-failure in our infra. Off the top of my head: - I think I'm currently the only one who has the private key to sign update center root CA. - jenkins-ci.org domain name still appears to be registered under Tyler's personal account. As the ops lead, I'd like the project to consider Adam Papai <https://github.com/woohgit>. He's been a long time user of Jenkins and he is a member of the CloudBees ops team. I'm sensitive to the fact that he works for CloudBees and how that can come across, but OTOH this will be a part of his day job, and I think that ensures that he can allocate necessary time to the effort. What do people think? -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/fca1745f-2083-48f4-b94c-414be6796d6a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.