Skip to content Skip to navigation

REVIEW-23: SDIACT-244 Upgrade and transition JIRA for XSEDE - Design/Security Review

Overview

General design and security risk review for transitioning XSEDE JIRA to an upgraded version for expanded use in XSEDE 2.

Review Summary

  • (Jay) Staff members should be able to create issues
    • Changed text to "Each XSEDE staff member will be able to create, view, and manage their assigned activities in all of their funded project areas using JIRA."
  • (Jay) ESTEO and Training can help develop training materials.
    • Changed text to "This training module will be developed by XSEDE project management with help from ESTEO and Training."
  • (Karla) Suggested changing PM requirement to "Each XSEDE PM will have the ability to create and manage activities for their area."
    • Consolidated requirements and distinguished difference from staff members to "Each XSEDE L2 manager, L3 manager, and project manager will have administrative access for the projects in their area."
  • (Dave) What about Confluence?
    • Added sentence "This document specifically precludes inclusion of Atlassian Confluence for the XSEDE 2 Staff Wiki, which will be addressed in a separate activity and design document. "
  • (JP) Provide details on MySQL replication/failover
    • Revised text in F.1 to "A script will be developed to detect when the primary JIRA service has been unavailable at least 15 minutes. At that point, replication will be shut off (to prevent further updates from the primary if it is partially available) and the backup JIRA server will be started up using the latest database replica. When the backup server is up, the DNS server will be automatically updated to point the jira.dyn.xsede.org name to the backup server (using Shava Smallen’s key provided by XSEDE networking). This script will be based on one used to manage Inca’s primary and backup servers."
  • (JP) Add requirement of MySQL ports need to be accessible from software.xsede.org and software2.xsede.org
    • Added sentence "MySQL ports need to be open to software.xsede.org and its replacement software2.xsede.org" to F.1 and F.2 Also added sentence to E.2.7, "The MySQL ports need to be accessible from software.xsede.org and software2.xsede.org (for SD&I read-only views)."

Review Output Documents (Final)

https://software.xsede.org/svn/sdi/activities/sdiact-244/trunk/Plans/SDIACT-244_DesignDocument_v1.1.pdf

Review Input Documents

https://software.xsede.org/svn/sdi/activities/sdiact-244/trunk/Plans/SDIACT-244_DesignDocument_v1.0.pdf

Review Criteria

  1. Does the described user behavior address known user requirements?
  2. Is ownership of administrative and support responsibilities spelled out so that they satisfy service availability and support needs?
  3. Are administrative procedures secure and mitigate risk appropriately?
  4. Are the service interfaces secure enough?

Schedule

Current Date: 2019-01-18
Current Status: Closed (Design and Security Review)
Target Date Actual Date Activity Milestone
  2016-05-03 Review launch date
2016-05-13 2016-05-17 Written feedback due (Reviewers)
2016-05-18 2016-05-17 Written response date (Review Material Developers)
2016-05-20 2016-05-17 Final approval due and completion date (Reviewers)
Review Created: 2016-05-03 8:11 am
Review Last Updated: 2016-05-17 12:37 pm

 

Reviewers

If you are a reviewer, please login to sign or withdraw from this review.

Required

  • Jay Alameda
    SIGNED: 2016-05-11 13:37
  • Karla Gendler
    SIGNED: 2016-05-16 14:39
  • JP Navarro
    SIGNED: 2016-05-16 14:20

Optional

  • Maytal Dahan
  • David Hart
    SIGNED: 2016-05-11 11:01
  • Victor Hazlewood
  • David Lifka
    SIGNED: 2016-05-11 10:33
  • Marlon Pierce
  • Tabitha Samuel
  • Amy Schuele

Review Material Developers

Shava Smallen

Review Facilitator

JP Navarro

 

Please post your comments using the "New topic" or "Post reply" buttons in the forum below.