[CentOS-devel] Status update on the Central Auth project

Wed May 27 04:01:18 UTC 2015
Brian Stinson <brian at bstinson.com>

Hi All,

I thought I would give a quick update on the status of the Central
Authentication project. Most of these items are being tested in a
staging environment and are not yet in production. Here's what I've
worked on so far:

User DB
=======
FAS (https://github.com/fedora-infra/fas) was chosen as our
authentication system, but it needed some work to remove the bits
specific to The Fedora Project. That debranding work can be found here:
https://github.com/bstinsonmhk/fas

These are the major things that happened:
- Replaced Fedora branding/assets with CentOS branding/assets
- Patched out bugzilla operations
- Patched out the CLA/FPCA 

Tool Integration - Gitblit
==========================
git.centos.org is a public-facing gitblit (http://gitblit.com) instance,
and needed a plugin to authenticate with FAS. That work was a chance for
me to brush up on some Java :) and can be found here:
https://github.com/bstinsonmhk/gitblit-fas-plugin

As of now, this plugin is functional but some optimizations are still
needed in jFAS2 (the component that communicates with the FAS instances)

Tool Integration - Lookaside
============================
The lookaside is for non-text sources necessary for building RPMs in the
CBS (e.g. upstream source tarballs). Some modifications were needed to
the upload script from Fedora to accommodate our infrastructure. Special
thanks to Howard Johnson for getting us started:
https://github.com/bstinsonmhk/centos-lookaside

Staging Instance
================
Very soon, a staging setup will be complete and running in devcloud
(http://wiki.centos.org/DevCloud). This will include shadow instances of
each of our services (koji, gitblit, FAS, etc.) for testing purposes.
Mostly this has been infrastructure work, but I'm happy to talk about
the details if anyone is interested. 

Outstanding action-items I'm working on for the staging instance:
- Put shadow-gitblit behind a servlet container (Tomcat)
- Add the test CA to shadow-koji
- Write up an easy testing workflow (connecting to the private network)

How to help
===========
As soon as we have a staging instance up and running I'd like a bit of
help testing the whole workflow, from initial signup to joining a group
to building a package. If you're a member of a SIG and would like to
spend a couple of minutes going through this please let me know and I'll
contact you when we're ready. 


Feel free to look through the repositories listed above, and add
comments or patches here on the mailing list. 

Cheers!
Brian