Re: [JIRA] (OVIRT-408) migrate mailman from linode to PHX and upgrade to mailman 3
Quack, On 06/21/2016 06:30 PM, Barak Korren wrote: > Probably not FreeIPA as it is based around its own LDAP, but maybe > something like Keycloak working against external providers. > (We have OVIRT-527 in Jira for this) Thanks for the info. > We'd probably better support GitHub too. Ok, will look into it. > Also we need to make sure we know how to converge credentials when the > same users use different providers to login. (We have a detailed > procedure on how to do this with Gerrit...) Agreed. \_o< signature.asc Description: OpenPGP digital signature ___ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
Re: [JIRA] (OVIRT-408) migrate mailman from linode to PHX and upgrade to mailman 3
On 21 June 2016 at 12:14, Marc Dequènes (Duck)wrote: > > Maybe freeipa could help building this. I think Misc as more experience > with this; he could probably give some advice. Probably not FreeIPA as it is based around its own LDAP, but maybe something like Keycloak working against external providers. (We have OVIRT-527 in Jira for this) > So as for now: > - Google OAuth: enabled but not working yet, waiting to have access to > data to create the API credentials > - Fedora: works well, tested with Misc's account > - Persona: works well > - OpenID: tested with LaunchPad/UbuntuOne, works well but URL has to > be entered manually, so maybe the page could be tweaked to have links > like in Gerrit > > Would it be sufficient to begin with? We'd probably better support GitHub too. Also we need to make sure we know how to converge credentials when the same users use different providers to login. (We have a detailed procedure on how to do this with Gerrit...) > I think we should warn users they would need to have their email address > registered on some provider if not already done (in the announcement). No harm in accounting. Since most users already need this to use Gerrit the impact will probably not be huge. -- Barak Korren bkor...@redhat.com RHEV-CI Team ___ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
Re: [JIRA] (OVIRT-408) migrate mailman from linode to PHX and upgrade to mailman 3
Quack, On 06/17/2016 04:55 PM, Barak Korren wrote: > As long as we allow more then one provider, and also allow for some free > ones like Fedora its not bad at all IMO. And it has the nice benofit of > not having to secure any user credential database on our infra. It's not bad, just better to have choice not to rely on them if you (as a user) wish IMO. Also I though having a direct compatibility with MM2 would ease transition (as pointed out by Evgheni), but this is not an option right now. > We've been using that approach on oVirt Gerrit forever, and are looking > at ways to expand it to other parts of the infra. Forever is irrelevant. If it suits the projects' needs in the contrary, then let's do this way. > Long term we would probaly like all authentication done against > prividers via some sort of an sso layer, while authorization will be > based on group assignments in Gerrit. Maybe freeipa could help building this. I think Misc as more experience with this; he could probably give some advice. So as for now: - Google OAuth: enabled but not working yet, waiting to have access to data to create the API credentials - Fedora: works well, tested with Misc's account - Persona: works well - OpenID: tested with LaunchPad/UbuntuOne, works well but URL has to be entered manually, so maybe the page could be tweaked to have links like in Gerrit Would it be sufficient to begin with? I think we should warn users they would need to have their email address registered on some provider if not already done (in the announcement). \_o< signature.asc Description: OpenPGP digital signature ___ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
Re: [JIRA] (OVIRT-408) migrate mailman from linode to PHX and upgrade to mailman 3
בתאריך 17 ביוני 2016 10:09, "Marc Dequènes (Duck)"כתב: > > I don't think allowing only external auth like Google OAuth2 would be > nice at all. > I respectfully disagree. As long as we allow more then one provider, and also allow for some free ones like Fedora its not bad at all IMO. And it has the nice benofit of not having to secure any user credential database on our infra. We've been using that approach on oVirt Gerrit forever, and are looking at ways to expand it to other parts of the infra. Long term we would probaly like all authentication done against prividers via some sort of an sso layer, while authorization will be based on group assignments in Gerrit. We have a ticket about this somewhere... (Appologies for last blank message) ___ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
Re: [JIRA] (OVIRT-408) migrate mailman from linode to PHX and upgrade to mailman 3
בתאריך 17 ביוני 2016 10:09, "Marc Dequènes (Duck)"כתב: > > > We could also wait for him to finish releasing MM 3.1 and then harass > him (or bribe him with nice beers). > > I don't think allowing only external auth like Google OAuth2 would be > nice at all. > > So before acting I'm going to have a look at Persona more deeply, but I > wanted to have your opinion on this too. > > \_o< > > > ___ > Infra mailing list > Infra@ovirt.org > http://lists.ovirt.org/mailman/listinfo/infra > ___ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
Re: [JIRA] (OVIRT-408) migrate mailman from linode to PHX and upgrade to mailman 3
Quack, On 03/23/2016 06:53 PM, eyal edri [Administrator] (oVirt JIRA) wrote: >> migrate mailman from linode to PHX and upgrade to mailman 3 >> --- >> >> Key: OVIRT-408 >> URL: https://ovirt-jira.atlassian.net/browse/OVIRT-408 >> Project: oVirt - virtualization made easy >> Issue Type: Task >> Components: Hosting >>Reporter: eyal edri [Administrator] >>Assignee: Marc Dequènes (Duck) >> This subject is still ongoing. I was finally able to talk to abompard about a few things related to the migration and auth (more details in the ticket). I'd just like to raise a specific point here. So the local auth using email addresses, like was used on MM2, is not working at the moment. abompard is working on it but he has other things in his plate and no idea when it will be finished. abompard suggested using Persona. So I don't know Persona well, but it is being decommissioned by Mozilla next October. He also heard some people would be willing to revive it (need more info on this). So this could be a path to handle the email address credentials and ease the migration from the previous installation. We could also wait for him to finish releasing MM 3.1 and then harass him (or bribe him with nice beers). I don't think allowing only external auth like Google OAuth2 would be nice at all. So before acting I'm going to have a look at Persona more deeply, but I wanted to have your opinion on this too. \_o< signature.asc Description: OpenPGP digital signature ___ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
[JIRA] (OVIRT-408) migrate mailman from linode to PHX and upgrade to mailman 3
[ https://ovirt-jira.atlassian.net/browse/OVIRT-408?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] eyal edri [Administrator] updated OVIRT-408: Assignee: Marc Dequènes (Duck) (was: infra) Status: Accepted (was: New) starting with installing new VM in PHX lab: mail.phx.ovirt.org. > migrate mailman from linode to PHX and upgrade to mailman 3 > --- > > Key: OVIRT-408 > URL: https://ovirt-jira.atlassian.net/browse/OVIRT-408 > Project: oVirt - virtualization made easy > Issue Type: Task > Components: Hosting >Reporter: eyal edri [Administrator] >Assignee: Marc Dequènes (Duck) > -- This message was sent by Atlassian JIRA (v7.2.0-OD-04-029#72002) ___ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
[JIRA] (OVIRT-408) migrate mailman from linode to PHX and upgrade to mailman 3
Title: Message Title eyal edri [Administrator] created an issue oVirt - virtualization made easy / OVIRT-408 migrate mailman from linode to PHX and upgrade to mailman 3 Issue Type: Task Assignee: infra Components: Hosting Created: 10/Feb/16 4:25 PM Priority: Medium Reporter: eyal edri [Administrator] Add Comment This message was sent by Atlassian JIRA (v7.1.0-OD-06-005#71002-sha1:1d15c98)