On 06/26/2014 06:26 PM, Thomas Oulevey wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi All,
The initial idea is to configure Koji and make it available to the community.
Thanks to Karanbir/Fabian we already got the hardware and installation is on going.
But first, we would like to ask for feedback:
1/ PKI setup, a proposal:
- koji-web use a certificate signed by an external CA (and obviously
trusted)
- the rest of the koji architecture (hub and kojid) will use a
self-signed CA that we'll use to also generate other certs. The proposal is to gpg encrypt the CA within a non-public GIT repo. Talking with Fabian, he already use this method for other infrastructure project.
- the clients (at the beginning git.c.o) will use self-signed CA.
This need to be discussed in the light of future integration of different user facing tools (koji, git, etc...) and if we want to provide koji client accesses, as Fedora project does.
2/ Hostnames to use:
- After a round on #centos-devel, cbs.centos.org was the best we can
come up with. Comments ?
- For the builders machine, we should decide on a decent naming as
this info appears in RPM metadata. i.e : builder01.cbs.centos.org, builder02.cbs.centos.org, etc... Do we want to deal with different "architecture family" within the name (e.g ARM) ? i.e : x86-builder01.cbs.centos.org, arm-builder01.cbs.centos.org
Your comments are very welcome!
What would the workflow of RPMs after they are created in koji. How would they land up in respective repos? Will it be a automated method or manual method? This is done using Bodhi in Fedora, so looking for a similar or better solution here too.
Thanks, Lala