FYI, in case you want to try and propose a patch here we usually just do this in ansible:

• add the username to the fas blacklist (so no one makes an account with the same name later).

• add user via ansible user: module on the server

• add ssh key pair (in private repo, needs main person).

• add ssh pub key on target machine.

(look at the mirrormanager user for example)

Otherwise will try and get to this...

+1 - Will do, I was working with Patrick on this and we were sorting out the process but he had to duck out for the day. I would have assigned it to him so it didn't end up in queue but I lack permissions.

If you're curious, we have some notes in this etherpad about what we're doing.

Since we are probably going to add multiple of these kinds of users, I've added a specific role for it: http://infrastructure.fedoraproject.org/cgit/ansible.git/commit/?id=317550b .

I also decided to use loopabull_{{role}}, where role is for example "koji".

One big advantage of the underscore is that while it's a valid unix user name, FAS won't allow anyone to create it, meaning we don't need to blacklist it.

All good here, I like it!

:thumbsup:

:water_buffalo: