[CentOS-devel] Signing and promoting CBS content

Wed Nov 11 12:29:42 UTC 2015
Karanbir Singh <mail-lists at karan.org>

Hi,

Attached here is a macro level overview on how the sign services is
getting setup. I've been working on this recently, and its the process
being adopted for SIG's moving to release ( eg. RDO folks rely on this
for the openstack release work into the Cloud SIG repos ).

Couple of highlights :

Each box indicates a physical entity; the Sign Box is a HA pair of 2
nodes, dedicated for this purpose. The main sign service is a dedicated
machine hosted near the CBS infra for performance reasons.

Read this alongside http://www.karan.org/CBS_ContentPromotion.png which
lays out what tag's go where and how this maps to buildlogs and the
mirror / CDN side of things.

The PreFlight testing and Validation steps only do some basic work at
the moment, including validating that rpms are not already signed, they
come from and are going into the right path maps ( eg. virt sig content
going into the /virt/ subdirs etc ), and the rpm headers are valid. Lots
of potential to expand on this steps. I will aim to extract these
scripts out and into git.centos.org for more eyes and contribution options.

The push to buildlogs runs every 2 hrs at this point, and does not
include a sign step. buildlogs content is pushed as is, from the right
tags, for projects and SIGs that have opted in ( ideally, everyone
should! if you are not doing this already please get in touch ). Content
for the sign and push to mirror.centos.org runs a report every 48 hrs,
and needs a manual ack. In the coming weeks, we will move to perhaps a
12 hr cycle with better round the clock cover.

Regards

-- 
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
GnuPG Key : http://www.karan.org/publickey.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CentOS-Sign-Service.png
Type: image/png
Size: 46791 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20151111/a5eae107/attachment-0007.png>