[CentOS-devel] CERN pre-dojo meeting topic : build bots accounts for CBS

Tue Nov 14 14:11:25 UTC 2017
Honza Horak <hhorak at redhat.com>

On 10/24/2017 04:25 PM, Fabian Arrotin wrote:
> On 24/10/17 15:56, Karanbir Singh wrote:
>> On 24/10/17 09:45, Fabian Arrotin wrote:
>>> Here are some notes taken from the CERN pre-dojo meeting from last week :
>>>
>>> <paste>
>>> Allow SIGs to have separate accounts for build bots
>>>   - separate user accounts from "bot" accounts for security reasons
>>>   - [proposal] have an email alias (not list) per sig for the bots, like
>>> sig-<bla>@centos.org pointing to the SIG's chair
>>>   - [proposal] SIG chair must request or approve email alias requests/
>>> ACO account creation sent to CentOS Board chairman
>>> </paste>
>>>
>>> So, (as also discussed yesterday in the CBS meeting -
>>> https://www.centos.org/minutes/2017/October/centos-devel.2017-10-23-14.01.log.html)
>>>
>>> The proposal would be to create a @centosproject.org (or @centos.org)
>>> email alias, that would go to SIG chair, and that would be used to
>>> create an account on https://accounts.centos.org
>>> While we can manually generate x509 cert with longer validity period, we
>>> discussed the fact that using centos-cert just takes 2 seconds every 6
>>> months, so SIG members who were present didn't find it a real issue.
>>> (email notifications go to SIG chair - and/or other members ? - in
>>> advance so easy to follow)
>>>
>>> That's probably the workflow people use already anyway, while Brian
>>> confirmed that longer-term a proper credentials store would be on the
>>> roadmap, but soon.
>>>
>>>
>>
>> I'd like to see a better write up of the use cases for these bot's
>>
>>
> 
> As the requests came from SIGs, I'll let them explain their needs, but
> here are some points:
> 
> - SIG Cloud instance has already a "cloudinstance" bot that you approved
> for the Vagrant images
> - SIG Cloud / RDO people asked for such bot instead of using Haikel's
> "cert and key" in their existing workflow
> - SIG Storage (for Ceph) asked for the same thing :
> https://bugs.centos.org/view.php?id=13884

SCLo SIG would also like to have such an account:
https://bugs.centos.org/view.php?id=14000

The proposed email alias seems good to me, any news about that proposal?

Honza

> 
> 
> 
> _______________________________________________
> CentOS-devel mailing list
> CentOS-devel at centos.org
> https://lists.centos.org/mailman/listinfo/centos-devel
>