{"id":18666964,"url":"https://github.com/adoptium/infrastructure","last_synced_at":"2025-08-19T22:32:44.648Z","repository":{"id":37035024,"uuid":"92376954","full_name":"adoptium/infrastructure","owner":"adoptium","description":"This repo contains all information about machine maintenance.","archived":false,"fork":false,"pushed_at":"2024-05-01T10:53:10.000Z","size":21831,"stargazers_count":85,"open_issues_count":286,"forks_count":99,"subscribers_count":26,"default_branch":"master","last_synced_at":"2024-05-01T11:30:30.800Z","etag":null,"topics":["ansible","backup","hacktoberfest","infrastructure","infrastructure-systems","nagios"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/adoptium.png","metadata":{"funding":{"github":"adoptium","custom":["eclipse.org/donate/adoptium"]},"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-05-25T07:24:40.000Z","updated_at":"2024-05-02T11:38:09.533Z","dependencies_parsed_at":"2024-05-02T11:37:48.759Z","dependency_job_id":"3772993d-7feb-4212-8ff0-cb04dcf97fe7","html_url":"https://github.com/adoptium/infrastructure","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adoptium%2Finfrastructure","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adoptium%2Finfrastructure/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adoptium%2Finfrastructure/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adoptium%2Finfrastructure/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/adoptium","download_url":"https://codeload.github.com/adoptium/infrastructure/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230374126,"owners_count":18216042,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","backup","hacktoberfest","infrastructure","infrastructure-systems","nagios"],"created_at":"2024-11-07T08:35:03.833Z","updated_at":"2025-08-19T22:32:44.642Z","avatar_url":"https://github.com/adoptium.png","language":"Shell","funding_links":["https://github.com/sponsors/adoptium","eclipse.org/donate/adoptium"],"categories":[],"sub_categories":[],"readme":"# Infrastructure\n\n## Mission Statement\n\nTo provide infrastructure for the Adoptium farm that is:\n\n* **Secure** - Infrastructure is private by default and access is granted in a\ntime and access control limited manner.\n* **Consistent** - Infrastructure is consistent in order to produce consistent\nAdoptOpenJDK binaries.\n* **Repeatable** - Infrastructure can be reproduced by our _infrastructure as code_.\nWe embrace the Chaos Monkey.\n* **Auditable** - What each host/platform is made up of is publicly accessible\n_infrastructure as code_.\n\nThe end result should be **immutable** hosts, which can be destroyed and reproduced from Ansible playbooks. See\nour [Contribution\nGuidelines](https://github.com/adoptium/infrastructure/blob/master/CONTRIBUTING.md)\non how we implement these goals.\n\n## Can we Chaos Monkey it\n\nSee our current [Chaos Monkey Status](CHAOS_MONKEY.md).\n\n## Related Repositories\n\n* [secrets](https://www.github.com/adoptium/secrets/) - A private repo containing encrypted secrets.\n* [openjdk-jenkins-helper](https://www.github.com/adoptopenjdk/openjdk-jenkins-helper/) - A repo containing helper scripts for out Jenkins CI.\n\n## Important Documentation\n\n* [hosts](https://github.com/adoptium/infrastructure/blob/master/ansible/inventory.yml) - Our inventory, [visualized](https://github.com/adoptium/infrastructure/blob/master/docs/adoptopenjdk.pdf).\n* [Ansible at AdoptOpenJDK](https://github.com/adoptium/infrastructure/blob/master/ansible/README.md) - Our hosts are built using Ansible Playbooks.\n\n## Contributing\n\nPlease visit our `#infrastructure` [Slack Channel](https://www.adoptopenjdk.net/slack.html) and say hello.\nPlease read our [Contribution\nGuidelines](https://github.com/adoptium/infrastructure/blob/master/CONTRIBUTING.md) before\nsubmitting Pull Requests.\n\n## Members\n\nWe list administrative members and their organisation affiliation for maximum transparency.\nWant to add a new member? Please follow our [Onboarding Process](ONBOARDING.md).\nIf you want access for yourself, raise an issue in this repository for the\nteam to consider it - if you are working on an issue here we will generally\nbe happy to add you to the triage team.\n\n`*` Indicates access to the secrets repo\n\n## [@infrastructure-core](https://github.com/orgs/AdoptOpenJDK/teams/infrastructure-core)\n\nMembers of this team that holds super user access to our machines to perform maintenance\n\n* [@karianna](https://github.com/karianna) - Martijn Verburg (Microsoft) - *\n* [@gdams](https://github.com/gdams) - George Adams (Microsoft) - *\n* [@johnoliver](https://github.com/johnoliver) - John Oliver (Microsoft / LJC) - *\n* [@sxa](https://github.com/sxa) - Stewart X Addison (Red Hat) - *\n* [@willsparker](https://github.com/Willsparker) - Will Parker (Red Hat)\n* [@Haroon-Khel](https://github.com/Haroon-Khel) - Haroon Khel (Red Hat)\n* [@aahlenst](https://github.com/aahlenst) - Andreas Ahlenstorf (ZHAW)\n* [@steelhead31](https://github.com/steelhead31) - Scott Fryer (Red Hat)\n\n## [@infrastructure](https://github.com/orgs/AdoptOpenJDK/teams/infrastructure)\n\nThe primary infrastructure team who manage issues and PRs in this\nrepository.  People in this team are committers and able to merge pull requests\nin this repository.  In general if you need assistance from a committer,\nplease post a message into the `#infrastructure` slack channel where one of\nthe committers should be able to help rather than attempting to contact\nsomeone directly.\n\n## [@adoptopenjdk-triage](https://github.com/orgs/AdoptOpenJDK/teams/adoptopenjdk-triage)\n\nThis team is the starting point for new members.\n\nPeople in this team can take ownership of issues but do not have the\nprivileges to merge pull requests.  In general new people in the team will\ngo into this group for a while before being granted additional access.\n\n## Infrastructure Providers\nThe Adoptium project is proud to receive contributions from many companies, both in the form of monetary contributions in exchange for membership or in-kind contributions for required resources. The Infrastructure collaborates with the following companies who contribute various kinds of cloud and physical hardware to the Adoptium project.\n\n![Infra Sponsors Page](https://user-images.githubusercontent.com/20224954/141327230-04524d09-ebd2-4e07-9c74-6c9ae9bdfc11.png)\n\n### Host Information\n\nMost information about our machines can be found at\n[Inventory](ansible/inventory.yml) This file is important not only as a\nreference for the team, but is used by AWX which we often use to deploy\nansible playbooks so it is important that it is kept up to date\n\n### Maintenance Window Schedule\n\nWe will aim to perform routine maintenance on the first Tuesday of each\nmonth, generally between 1000-1200 (UTC).  This will be announced in the\ninfrastructure channel on slack on the day prior to the maintenance.  This\ntiming should typically avoid coinciding with release work, although if a\nrelease in the previous month is ongoing then the window can be delayed til\nthe following Tuesday.\n\nJenkins and it's plugins will be updated to the latest LTS every month. \nOther services such as Bastillion, AWX, and Nagios will be updated as\nrequired on a quarterly basis (On the first month of each quarter) during\nthe same window if required for security reasons. In some cases we may wish\nto do an out-of-bound patch if a sufficientl sever issue is identified.\n\n### Standard Action Items\n\n### Jenkins\n\n1. Ensure off-machine backups are working!\n1. Ensure that no non-pipeline jobs are running on the server as they\n   will often hold up restarts\n1. Create a tarball backup of the main config.xml and plugins.xml so they\n   can be quickly restored in the event of upgrade problems: `tar czf /home/jenkins/jenkinsbackup.$(date +%Y%m%d).tar.gz -C ~jenkins config.xml plugins`\n1. Check for plugin updates that will apply to the current version of\n   jenkins (Each plugin should be checked for potential issues in the readme)\n1. Repeat step 1 if necessary until jenkins does not offer any more plugins\n1. Identify new LTS level - check [the release upgrade guide](https://www.jenkins.io/doc/upgrade-guide/)\n   for the version and the [LTS changelog](https://www.jenkins.io/changelog-stable/) \n   to identify any potential problems. Allow jenkins to upgrade itself\n1. Redo step 1/2 so that any plugins that were unable to be updated due to\n   the older jenkins level can update themselves.\n1. If necessary, and the remediation cannot be performed within the\n   maintenance window, identify potentially risky plugins that were held\n   back and create an issue to deal with them in the next cycle.\n1. Backup the main `.war` file in /usr/share/jenkins to a name with a version suffix\n   in case of corruption to the main jar.\n1. Once the upgrade is done, restart agents which do not auto-restart such as the Windows ones not running as a service\n1. Once the upgrade is done, check the Azure cloud plugin configuration, particularly the network security group configuration\n1. Post a message in the #infrastructure slack channel announcing the completion of the upgrade and including a link to the appropriate \"upgrade guide(s)\" with the change information.\n\n### Backups\n\nThese are taken on a daily basis, and one per month is currently kept\n\"forever\" on our backup server. Details are now in a\n[separate document](docs/Backups.md)\n\n### OS Patch Management\n\n* Nagios is configured to monitor each system and report on the status of OS patches required so we can identify if any system is not self-updating\n* Non-infrastructure systems are configured by ansible to automatically apply all patches. (Sundays at 5am local host time) where possible\n* Infrastructure systems are configured to automatically apply security patches only. (Sundays at 5am local host time) This information is logged on the localhost: /var/log/apt-security-updates\n* We do not currently schedule outages to reboot to pick up new kernels.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadoptium%2Finfrastructure","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fadoptium%2Finfrastructure","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadoptium%2Finfrastructure/lists"}