[ https://ovirt-jira.atlassian.net/browse/OVIRT-2282?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=37380#comment-37380 ]
Barak Korren commented on OVIRT-2282: ------------------------------------- As discussed in an infra meeting the approach I think we should take here is to: # Have a group in Gerrit that defines who the infra team members are # Have a shell script that lists members of that group (can be done with {{ssh ... gerrit ls-members}}) and ## either: ### Create local accounts for those members ### Download SSH public keys from Gerrit and install in those accounts ### setup password-less sudo for those accounts ## or: ### Download SSH public keys from Gerrit and install in the root acocunt # Run that shell script from cron every 30 minutes on all slaves. # Setup this script and cron job on the slave via cloud-init. # On non-slave hosts we can choose to setup the script and cron job Discussion about why IMO it should be a script and not Ansible/Puppet/Some other thing: # This needs to be run locally on every slave - so doing this with a tool will require having that tool be pre-installed on the slave. # Arguments for using a tool may include the reasoning that it may be easier to add more functionality over time if we use a tool. My counter argument is that we're very much unlikely to add any more functionality, as most if not all other changes we may wish to make to a slave can affect the CI systems and therefore are better done in sync with it via {{globale_setup.sh}}, etc. > use SSH keys from gerrit for infra users > ---------------------------------------- > > Key: OVIRT-2282 > URL: https://ovirt-jira.atlassian.net/browse/OVIRT-2282 > Project: oVirt - virtualization made easy > Issue Type: Improvement > Reporter: Evgheni Dereveanchin > Assignee: infra > > Opening ticket to discuss possibility of managing user accounts through > gerrit as it has SSH pubkeys defined. -- This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100088) _______________________________________________ Infra mailing list -- infra@ovirt.org To unsubscribe send an email to infra-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/infra@ovirt.org/message/XXDCMPSSTOSBR3EBYZT2ADHBLNANOTL3/