[CentOS-devel] CERN pre-dojo meeting topic : build bots accounts for CBS

Tue Oct 24 14:25:13 UTC 2017
Fabian Arrotin <arrfab at centos.org>

On 24/10/17 15:56, Karanbir Singh wrote:
> On 24/10/17 09:45, Fabian Arrotin wrote:
>> Here are some notes taken from the CERN pre-dojo meeting from last week :
>>
>> <paste>
>> Allow SIGs to have separate accounts for build bots
>>  - separate user accounts from "bot" accounts for security reasons
>>  - [proposal] have an email alias (not list) per sig for the bots, like
>> sig-<bla>@centos.org pointing to the SIG's chair
>>  - [proposal] SIG chair must request or approve email alias requests/
>> ACO account creation sent to CentOS Board chairman
>> </paste>
>>
>> So, (as also discussed yesterday in the CBS meeting -
>> https://www.centos.org/minutes/2017/October/centos-devel.2017-10-23-14.01.log.html)
>>
>> The proposal would be to create a @centosproject.org (or @centos.org)
>> email alias, that would go to SIG chair, and that would be used to
>> create an account on https://accounts.centos.org
>> While we can manually generate x509 cert with longer validity period, we
>> discussed the fact that using centos-cert just takes 2 seconds every 6
>> months, so SIG members who were present didn't find it a real issue.
>> (email notifications go to SIG chair - and/or other members ? - in
>> advance so easy to follow)
>>
>> That's probably the workflow people use already anyway, while Brian
>> confirmed that longer-term a proper credentials store would be on the
>> roadmap, but soon.
>>
>>
> 
> I'd like to see a better write up of the use cases for these bot's
> 
> 

As the requests came from SIGs, I'll let them explain their needs, but
here are some points:

- SIG Cloud instance has already a "cloudinstance" bot that you approved
for the Vagrant images
- SIG Cloud / RDO people asked for such bot instead of using Haikel's
"cert and key" in their existing workflow
- SIG Storage (for Ceph) asked for the same thing :
https://bugs.centos.org/view.php?id=13884


-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20171024/bbdacf0b/attachment-0008.sig>