[JIRA] (OVIRT-2282) use SSH keys from gerrit for infra users

Sun, 08 Jul 2018 01:00:50 -0700 

    [ 
https://ovirt-jira.atlassian.net/browse/OVIRT-2282?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=37380#comment-37380
 ] 

Barak Korren commented on OVIRT-2282:
-------------------------------------

As discussed in an infra meeting the approach I think we should take here is to:
# Have a group in Gerrit that defines who the infra team members are
# Have a shell script that lists members of that group (can be done with {{ssh 
... gerrit ls-members}}) and
##  either:
### Create local accounts for those members
### Download SSH public keys from Gerrit and install in those accounts
### setup password-less sudo for those accounts 
##  or:
### Download SSH public keys from Gerrit and install in the root acocunt
# Run that shell script from cron every 30 minutes on all slaves.
# Setup this script and cron job on the slave via cloud-init.
# On non-slave hosts we can choose to setup the script and cron job 

Discussion about why IMO it should be a script and not Ansible/Puppet/Some 
other thing:
# This needs to be run locally on every slave - so doing this with a tool will 
require having that tool be pre-installed on the slave.
# Arguments for using a tool may include the reasoning that it may be easier to 
add more functionality over time if we use a tool. My counter argument is that 
we're very much unlikely to add any more functionality, as most if not all 
other changes we may wish to make to a slave can affect the CI systems and 
therefore are better done in sync with it via {{globale_setup.sh}}, etc.

> use SSH keys from gerrit for infra users
> ----------------------------------------
>
>                 Key: OVIRT-2282
>                 URL: https://ovirt-jira.atlassian.net/browse/OVIRT-2282
>             Project: oVirt - virtualization made easy
>          Issue Type: Improvement
>            Reporter: Evgheni Dereveanchin
>            Assignee: infra
>
> Opening ticket to discuss possibility of managing user accounts through 
> gerrit as it has SSH pubkeys defined.



--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100088)
_______________________________________________
Infra mailing list -- infra@ovirt.org
To unsubscribe send an email to infra-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/infra@ovirt.org/message/XXDCMPSSTOSBR3EBYZT2ADHBLNANOTL3/

Reply via email to