Re: [JIRA] (OVIRT-408) migrate mailman from linode to PHX and upgrade to mailman 3

[Duck]

Quack,

On 06/21/2016 06:30 PM, Barak Korren wrote:

> Probably not FreeIPA as it is based around its own LDAP, but maybe
> something like Keycloak working against external providers.
> (We have OVIRT-527 in Jira for this)

Thanks for the info.

> We'd probably better support GitHub too.

Ok, will look into it.

> Also we need to make sure we know how to converge credentials when the
> same users use different providers to login. (We have a detailed
> procedure on how to do this with Gerrit...)

Agreed.

\_o<




signature.asc
Description: OpenPGP digital signature
___
Infra mailing list
Infra@ovirt.org
http://lists.ovirt.org/mailman/listinfo/infra

Re: [JIRA] (OVIRT-408) migrate mailman from linode to PHX and upgrade to mailman 3

[Barak Korren]

On 21 June 2016 at 12:14, Marc Dequènes (Duck)  wrote:
>
> Maybe freeipa could help building this. I think Misc as more experience
> with this; he could probably give some advice.

Probably not FreeIPA as it is based around its own LDAP, but maybe
something like Keycloak working against external providers.
(We have OVIRT-527 in Jira for this)

> So as for now:
>   - Google OAuth: enabled but not working yet, waiting to have access to
> data to create the API credentials
>   - Fedora: works well, tested with Misc's account
>   - Persona: works well
>   - OpenID: tested with LaunchPad/UbuntuOne, works well but URL has to
> be entered manually, so maybe the page could be tweaked to have links
> like in Gerrit
>
> Would it be sufficient to begin with?

We'd probably better support GitHub too.
Also we need to make sure we know how to converge credentials when the
same users use different providers to login. (We have a detailed
procedure on how to do this with Gerrit...)

> I think we should warn users they would need to have their email address
> registered on some provider if not already done (in the announcement).

No harm in accounting.
Since most users already need this to use Gerrit the impact will
probably not be huge.


-- 
Barak Korren
bkor...@redhat.com
RHEV-CI Team
___
Infra mailing list
Infra@ovirt.org
http://lists.ovirt.org/mailman/listinfo/infra

Re: [JIRA] (OVIRT-408) migrate mailman from linode to PHX and upgrade to mailman 3

[Duck]

Quack,

On 06/17/2016 04:55 PM, Barak Korren wrote:

> As long as we allow more then one provider, and also allow for some free
> ones like Fedora its not bad at all IMO. And it has the nice benofit of
> not having to secure any user credential database on our infra.

It's not bad, just better to have choice not to rely on them if you (as
a user) wish IMO.

Also I though having a direct compatibility with MM2 would ease
transition (as pointed out by Evgheni), but this is not an option right now.

> We've been using that approach on oVirt Gerrit forever, and are looking
> at ways to expand it to other parts of the infra.

Forever is irrelevant. If it suits the projects' needs in the contrary,
then let's do this way.

> Long term we would probaly like all authentication done against
> prividers via some sort of an sso layer, while authorization will be
> based on group assignments in Gerrit.

Maybe freeipa could help building this. I think Misc as more experience
with this; he could probably give some advice.

So as for now:
  - Google OAuth: enabled but not working yet, waiting to have access to
data to create the API credentials
  - Fedora: works well, tested with Misc's account
  - Persona: works well
  - OpenID: tested with LaunchPad/UbuntuOne, works well but URL has to
be entered manually, so maybe the page could be tweaked to have links
like in Gerrit

Would it be sufficient to begin with?

I think we should warn users they would need to have their email address
registered on some provider if not already done (in the announcement).

\_o<



signature.asc
Description: OpenPGP digital signature
___
Infra mailing list
Infra@ovirt.org
http://lists.ovirt.org/mailman/listinfo/infra

Re: [JIRA] (OVIRT-408) migrate mailman from linode to PHX and upgrade to mailman 3

[Barak Korren]

בתאריך 17 ביוני 2016 10:09,‏ "Marc Dequènes (Duck)"  כתב:
>
> I don't think allowing only external auth like Google OAuth2 would be
> nice at all.
>

I respectfully disagree.

As long as we allow more then one provider, and also allow for some free
ones like Fedora its not bad at all IMO. And it has the nice benofit of not
having to secure any user credential database on our infra.

We've been using that approach on oVirt Gerrit forever, and are looking at
ways to expand it to other parts of the infra.

Long term we would probaly like all authentication done against prividers
via some sort of an sso layer, while authorization will be based on group
assignments in Gerrit.
We have a ticket about this somewhere...

(Appologies for last blank message)
___
Infra mailing list
Infra@ovirt.org
http://lists.ovirt.org/mailman/listinfo/infra

Re: [JIRA] (OVIRT-408) migrate mailman from linode to PHX and upgrade to mailman 3

[Barak Korren]

בתאריך 17 ביוני 2016 10:09,‏ "Marc Dequènes (Duck)"  כתב:
>

>
> We could also wait for him to finish releasing MM 3.1 and then harass
> him (or bribe him with nice beers).
>
> I don't think allowing only external auth like Google OAuth2 would be
> nice at all.
>
> So before acting I'm going to have a look at Persona more deeply, but I
> wanted to have your opinion on this too.
>
> \_o<
>
>
> ___
> Infra mailing list
> Infra@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/infra
>
___
Infra mailing list
Infra@ovirt.org
http://lists.ovirt.org/mailman/listinfo/infra

Re: [JIRA] (OVIRT-408) migrate mailman from linode to PHX and upgrade to mailman 3

[Duck]

Quack,

On 03/23/2016 06:53 PM, eyal edri [Administrator] (oVirt JIRA) wrote:

>> migrate mailman from linode to PHX and upgrade to mailman 3
>> ---
>>
>> Key: OVIRT-408
>> URL: https://ovirt-jira.atlassian.net/browse/OVIRT-408
>> Project: oVirt - virtualization made easy
>>  Issue Type: Task
>>  Components: Hosting
>>Reporter: eyal edri [Administrator]
>>Assignee: Marc Dequènes (Duck)
>>

This subject is still ongoing. I was finally able to talk to abompard
about a few things related to the migration and auth (more details in
the ticket). I'd just like to raise a specific point here.

So the local auth using email addresses, like was used on MM2, is not
working at the moment. abompard is working on it but he has other things
in his plate and no idea when it will be finished.

abompard suggested using Persona. So I don't know Persona well, but it
is being decommissioned by Mozilla next October. He also heard some
people would be willing to revive it (need more info on this). So this
could be a path to handle the email address credentials and ease the
migration from the previous installation.

We could also wait for him to finish releasing MM 3.1 and then harass
him (or bribe him with nice beers).

I don't think allowing only external auth like Google OAuth2 would be
nice at all.

So before acting I'm going to have a look at Persona more deeply, but I
wanted to have your opinion on this too.

\_o<



signature.asc
Description: OpenPGP digital signature
___
Infra mailing list
Infra@ovirt.org
http://lists.ovirt.org/mailman/listinfo/infra

[JIRA] (OVIRT-408) migrate mailman from linode to PHX and upgrade to mailman 3

[eyal edri [Administrator] (oVirt JIRA)]

 [ 
https://ovirt-jira.atlassian.net/browse/OVIRT-408?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

eyal edri [Administrator] updated OVIRT-408:

Assignee: Marc Dequènes (Duck)  (was: infra)
  Status: Accepted  (was: New)

starting with installing new VM in PHX lab: mail.phx.ovirt.org.

> migrate mailman from linode to PHX and upgrade to mailman 3
> ---
>
> Key: OVIRT-408
> URL: https://ovirt-jira.atlassian.net/browse/OVIRT-408
> Project: oVirt - virtualization made easy
>  Issue Type: Task
>  Components: Hosting
>Reporter: eyal edri [Administrator]
>Assignee: Marc Dequènes (Duck)
>




--
This message was sent by Atlassian JIRA
(v7.2.0-OD-04-029#72002)
___
Infra mailing list
Infra@ovirt.org
http://lists.ovirt.org/mailman/listinfo/infra

[JIRA] (OVIRT-408) migrate mailman from linode to PHX and upgrade to mailman 3

[eyal edri [Administrator] (oVirt JIRA)]

Title: Message Title


 
 
 
 

 
 
 

 
   
 eyal edri [Administrator] created an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 oVirt - virtualization made easy /  OVIRT-408  
 
 
  migrate mailman from linode to PHX and upgrade to mailman 3   
 

  
 
 
 
 

 
Issue Type: 
  Task  
 
 
Assignee: 
 infra  
 
 
Components: 
 Hosting  
 
 
Created: 
 10/Feb/16 4:25 PM  
 
 
Priority: 
  Medium  
 
 
Reporter: 
 eyal edri [Administrator]  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian JIRA (v7.1.0-OD-06-005#71002-sha1:1d15c98)