This is kind of an oddball situation.
For modularity, we need to do some development on a tool that needs read-only access to staging /mnt/koji.
Ideally, we would create a cloud node for development tasks like this, but we can't mount the staging version of /mnt/koji in the cloud, right?
If we can't do that, can we create a staging machine for this development? We would need to grant access to it for some non-sysadmin users, notably lkocman and psabata.
Sure. Could we just reuse composer.stg ?
If not, I guess we could make a composer02.stg or something?
We should ask @lsedlar and @ausil about re-using composer.stg. It may be that they are trying to test stable releases of pungi there before moving them to prod, and we wouldn't want to disrupt it.. (we're doing some crazy off-branch pungi experiments that might collide).
All the tests I did there were using a git checkout of pungi and the composes went to /mnt/koji/compose.
While I don't know how crazy you want to go, I don't think using the existing composer box would be a problem.
It looks like we have to be apache or root to write back to /mnt/koji on that box.
If we give some developers access so they can hack in their homedirs, they should be able to read /mnt/koji but not write to it, so long as we don't give them sudo.
If they don't have sudo, they can't mess anything up that would prevent lsedlar and ausil from testing pungi changes pre-production.. and that's our main concern, right?
I think the following commit should give them access to the box.
They shouldn't have sudo rights.
It is expected that they'll be able to share the box with fedora-releng and the primary purpose of the box is to be able to test changes to the production compose toolchain before deployment. If the modularity-wg members need more control than that, then we'll double back on this and create them their own box.
My mistake, that commit was incorrect.
This should do it:
For the record, we had to also allow them on bastion here:
At some point in the future, we'll want to roll this back and remove the access rights granted to the modularity-wg.
to comment on this ticket.