On 11.05.16 12:46, Fabien Boucher wrote: >>> * or other suggestion is to recommend the creation of a specific >>> Github user with the Gerrit public key registered. This specific user >>> should be configured as collaborator or owner of the repositories SF >>> will replicate. But the issue here is how to register that specific >>> user: SF need its own mail recipient ... >> >> There can be only a single Github user with that key (because each key >> has to be unique in Github), and now this Github user must maintain all >> repos that SF wants to replicate.That makes it very difficult if > > Yes only one (the Github identify of a SF deployment). > >> several independent teams or users want to use SF - each of them will >> now need their own SF instance. That is a huge overhead then. > > I didn't get you because today that's the case several teams use our > SF deployment with the replication setup and the use of the deploy keys. > All the keys are inside the SF node and I did see the benefit to have a > bunch of deploy keys instead of only one.
Ah, I misunderstood - I thought these teams would no longer use a deploy key, but only one key (the Gerrit public key; that one can only used once for Github). So this comes down to: 1. Remove the replication setup in managesf 2. Add another section how to use a common key for replication with Github (in addition to the deploy keys) >> For example, the Gerrit public key is already registered by someone, and >> now I want to manage some of my projects using SF. Then I need to figure >> out which Github user I need to add as a collaborator, but this might be >> not what I want - because it can be misused easily. > > This Github user is created by the SF admin (manually), it has an username > and it is up the repo owner to add this username as a collaborator > with write access. > >> >> I don't have a better idea, but not using the Github deploy keys sounds >> like a regression. > > What I propose is just recommendation that could land in the SF documentation. > > The use of deploy keys can still be used with the on going refactoring, but > I haven't wrote any helper scripts. So key provisioning, ssh config change, > gerrit restart should be done manually by an admin. Oh, ok, now I understand. Well, maybe a short ansible playbook is the easiest workaround and also more stable? I can write on to automate these tasks. -- Christian _______________________________________________ Softwarefactory-dev mailing list [email protected] https://www.redhat.com/mailman/listinfo/softwarefactory-dev
