[Haskell-cafe] Help wanted for the architecture backing perf-service.haskell.org

[Sebastian Graf]

Hi all,

I'm about to wrap up my work for the Haskell committee (think half a summer 
of code): feed-gipeda <https://github.com/sgraf812/feed-gipeda>

It's basically a daemon which will spawn benchmarking jobs for every commit 
of registered repositories. Much like Travis CI, but for benchmarks. You 
can see a simple web server, hosting the gipeda 
<https://github.com/nomeata/gipeda/>-generated 
sites, at http://perf-service.haskell.org/ghc/#all.

While the Haskell part is working smoothly enough for now, I'd really like 
some help setting up proper sandboxing environments for the benchmark 
slaves, in such a way that security isn't as much a concern as it currently 
is. We can go over the details on a less publicly shared medium, but I 
doubt the current solution (invoking shell scripts from a non-root user) is 
safe. So, some concrete points I need help with:

   1. Administrative expertise: Which part of the architecture runs has 
   which rights, setting up proper sandboxing environments for benchmark slaves
   2. Ops stuff: Creating master and slave containers for a low barrier to 
   entry and reproducible environments
   3. Distributed protocols: Someone with experience in stuff like 
   SSH-tunneling/CloudHaskell/other useful things I should make the 
   communication protocol of feed-gipeda aware of
   4. Some Haskellers which want to take a look at my code and contribute 
   criticism or even code to it :)

Thanks in advance! So long,
Sebastian Graf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/haskell-cafe/attachments/20161012/e8d4f074/attachment.html>