When you want to run an application that is not part of the offered services (like a demo setup of your project), you need to request a dedicated virtual machine (vm). It is not possible to request a physical machine. Physical machines are shared resources for all ASF projects.
Infra maintains hosts in different computer centers around the world. Most of these hosts are used to run virtual machines, so your vm can be relocated as requirements change without you having to reinstall anything.
To request a virtual machine, open a Jira ticket with at least the following information:
CPU and RAM are expensive resources, so unless you make a really compelling case we will start the vm with default values. If you/we see problems later we can always add more. We can add CPU cores and RAM can without reinstalling anything.
The operating system needs to be supported by our standard applications like Puppet, therefore we currently only offer Ubuntu.
Important: the ticket must be acknowledged by a PMC member.
Infra may ask questions to clarify the request. When all is clear, we will create the vm according to specifications, install the OS and the mandatory standard (infra) applications. The mandatory application guarantee a level of security and provide ssh access common to all vms.
Once we have tested the vm, we will ask a project maintainer to do ssh to the vm.
The project maintainers are responsible for maintaining the vm. Infra will normally not maintain the vm, but will check on security from time to time.
Each project maintainer needs to have ssh keys uploaded to
id.a.o before requesting the vm. Maintainers use the ssh keys stored in LDAP to log in to the vm.
When the vm is created, each maintainer gets karma to access the vm (ldap add host to userid). Once that has been tested, it is time to get sudo karma if it is required.
To prepare for sudo karma follow the OPIE guidelines.
When OPIE works, contact us on #asfinfra, or by commenting on the issue, and sudo karma will be granted (ldap add userid to sudoer group).
To use key-based login, you need to generate a key on your local desktop (do not use a publicly accessible server for this) and then add your public key to LDAP using the self-service app at
Once you have done this, wait at least 10 mins. You should then be able to log in as follows:
:::shell $ ssh [username]@$project-vm.apache.org
Depending on your client setup, you may need to run the following command to ensure the key(s) are made available to the SSH client on your system:
:::shell $ ssh-add
If you use PuTTY, make sure it is configured to force SSH v2 protocol. And use keyboard-interactive.
Once you have logged in, there are few tasks best performed right away. Please take care when using your shell account.
Check that your umask is set in a group-friendly fashion. This ensures that the documents you create are editable by your fellow committers. To do this, (depending on which shell you use) edit the
.cshrc file or
.profile (sh derivatives) so the umask is set as follows:
If a umask line already exists, modify it. Otherwise, add a new line. You will need to use a
*nix command-line editor such as
Tip: You can review the files of some other committer:
ls -al ~mymentor; cat ~mymentor/.cshrc.
There are no mandatory rules, but here are some suggestions:
Before doing something, you are always welcome to join #asfinfra on Slack and ask about it.