fedora-infrastructure

Clone
Source Code
GIT

#6254 Service keytab for issuing scratch builds against koji
Closed: Fixed 6 years ago Opened 6 years ago by bpeck.

Closed: Fixed
Reopen Issue

Requesting a service account keytab for jenkins-continuous-infra.apps.ci.centos.org to be able to submit scratch builds against koji. No commit access is required.

Users who will have access to the key:
bstinson
jbieren
alivigni
robnester
bpeck
shebert

Ultimately I bpeck will be responsible for this key.

For now we only expect to use this key temporarily for about a month to issue scratch builds. We will then compare build times from koji with local build times for the same package. I know it will take a little longer in koji but we are looking to get a better idea. But if this works well we would hopefully transition to using the MBS to build the packages in the future. But we can re-assess if we need this key still then.

Thanks!

Metadata Update from @puiterwijk:
- Issue assigned to puiterwijk
- Issue tagged with: security
6 years ago

I am unable to use your PGP key as specified in FAS, as it has been expired for about 9 years at this point:
sub 2048g/0x71BE799EA35A3BED created: 2007-03-15 expired: 2008-03-14 usage: E

Please give me a GPG key that I can use to encrypt the keytab for.

This keytab has now been sent. I am keeping this ticket open to remember to check in in a month to see if I can revoke it or if you still need it.

Hey look. It's been a month. ;)

Do you still need this? How is your testing going?

Thanks in advance for any status update...

Yes we are still actively using this and may switch permanently over to using Koji

Hey,

It's been another 4 months.
Is this keytab still being used?
Also, you seemed to indicate you want to look at switching over permanently to koji?

On Mon, 2018-01-08 at 14:02 +0000, Patrick

puiterwijk added a new comment to an issue you are following:
``
Hey,

It's been another 4 months.
Is this keytab still being used?
Also, you seemed to indicate you want to look at switching over
permanently to koji?
``

To reply, visit the link below or just reply to this email
https://pagure.io/fedora-infrastructure/issue/6254

Adding Stef and Dominik to get a more official solution in place. :-)

Right now this keytab is associated with me and is used here https://je
nkins-continuous-infra.apps.ci.centos.org/job/continuous-infra-ci-
pipeline-f27/ to build atomic images.

Thoughts?

Bill

ok. I guess as long as everything is working, lets just close this.

If we get more requests for this we can write up a formal policy, or if you need to change things we can address it more then, but for the mean time if all is working for you, great!

:key:

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)
6 years ago

We need koji that is how we build now.

-== @ri ==-

On Fri, Apr 20, 2018, 5:19 PM Kevin Fenzi pagure@pagure.io wrote:

The status of the issue: Service keytab for issuing scratch builds against koji of project: fedora-infrastructure has been updated to:
Closed as Fixed by kevin.

https://pagure.io/fedora-infrastructure/issue/6254

We need koji that is how we build now.

yes, you can keep using the existing keytab to do koji builds...
unless there's something else you need which I am not understanding?

Yes that is all sorry for the confusion

-== @ri ==-

On Fri, Apr 20, 2018, 6:59 PM Kevin Fenzi pagure@pagure.io wrote:

kevin added a new comment to an issue you are following:
``

We need koji that is how we build now.

yes, you can keep using the existing keytab to do koji builds...
unless there's something else you need which I am not understanding?

``

To reply, visit the link below or just reply to this email
https://pagure.io/fedora-infrastructure/issue/6254

Log in to comment on this ticket.

Metadata

security

None
None
None
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.