Hi all,

As announced, we started today the centos infra switch to new authentication source (merged with Fedora) So https://accounts.centos.org is now live and using same auth backend (IPA) than https://accounts.fedoraproject.org

This morning at 6:00am utc, I kicked the ansible roles to reflect new TLS/CA for https://cbs.centos.org koji systems and took it offline for sanity tests.

- kojihub/web were converted - tested authentication with new TLS cert - tested remote authentication with personal TLS cert - tested to submit koji tasks - verified that all builders were back on the hub and enabled - tested a tag-build/untag-build to test the signing process - tested the new sync script to fetch users/groups from IPA (through https://fasjson.fedoraproject.org , IPA API endpoint using kerberos auth)

As all was working, https://cbs.centos.org was then back online around 6:30am UTC

What do you need to do : Get your new TLS cert that will be used for cert authentication (new TLS cert as new CA, coming from IPA backend)

The SIGGuide (https://wiki.centos.org/SIGGuide) was updated to reflect the new way to retrieve your cert (anchor link : https://wiki.centos.org/SIGGuide#SIGGuide.2FSIGProcess.Community_Buildsystem)

PS : worth knowing that if you just had your account imported in new IPA backend, you have *first* to reset your own password (password salt/hash from ACO isn't compatible with the one from IPA, so just reset your password on portal https://accounts.centos.org)

PS2: as some users were skipped during import process , it can be that you're in a situation where you either don't exist, or your group membership wasn't reflected (and so you currently don't have build rights anymore in koji/cbs). If that's the case, just ask your SIG chair to get in touch

Now moving to other services to be converted