On Thu, Jun 26, 2014 at 5:56 AM, Thomas Oulevey <thomas.oulevey at cern.ch> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi All, > > The initial idea is to configure Koji and make it available to the > community. > > Thanks to Karanbir/Fabian we already got the hardware and installation > is on going. > > But first, we would like to ask for feedback: > > 1/ PKI setup, a proposal: > - - koji-web use a certificate signed by an external CA (and obviously > trusted) > - - the rest of the koji architecture (hub and kojid) will use a > self-signed CA that we'll use to also generate other certs. The > proposal is to gpg encrypt the CA within a non-public GIT repo. > Talking with Fabian, he already use this method for other > infrastructure project. > - - the clients (at the beginning git.c.o) will use self-signed CA. > > This need to be discussed in the light of future integration of > different user facing tools (koji, git, etc...) and if we want to > provide koji client accesses, as Fedora project does. > > 2/ Hostnames to use: > - - After a round on #centos-devel, cbs.centos.org was the best we can > come up with. Comments ? > - - For the builders machine, we should decide on a decent naming as > this info appears in RPM metadata. > i.e : builder01.cbs.centos.org, builder02.cbs.centos.org, etc... > Do we want to deal with different "architecture family" within the > name (e.g ARM) ? > i.e : x86-builder01.cbs.centos.org, arm-builder01.cbs.centos.org > > Your comments are very welcome! > > cheers, > > +1 on the PKI setup. For the hostnames, I don't see a reason the architecture is needed in the hostname. -Jeff -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20140626/2398e19b/attachment-0007.html>