We had some discussion today of this in the infra meeting.

Some concerns about srpm creation were mentioned, and further discussion was called for.

The main issue has been reported in https://pagure.io/fedora-ci/simple-koji-ci/issue/1

Fixing it would make @mizdebsk happy(ier) :)

That issue is being fixed (PR up for review).

Since the service is potentially security fragile, I think having a simple Fedora box, with no vpn access and potentially outside of most of our infra would be good. To reduce to the minimum the risk if the box ever gets owned.

The PR has been merged, so I think we're ready to get a small stg instance to test this further :)

ok, what OS and stats do you need on it? Fedora / 2cpus / 4gb ram/ 40gb disk?

Sounds good :)

simple-koji-ci-dev.fedorainfracloud.org is ready for your testing needs.

There's a playbook in hosts/ if you want to use that, or just install stuff manually.

Let us know if you need anything further and how the testing goes...

:horse_racing:

I would also need a keytab to make build in koji (stg in this case). Does it need a dedicated user or should we re-use an existing one?

As discussed on IRC, if you set the box up with Ansible, you can use the keytab/service role.
You can look in playbooks/groups/koji-hub.yml for example.
Do not set the host option to the role, as that will make it default to the hostname of the server.
Also, you will want to set owner_user probably so your services' user can read the generated keytab.

To get a ticket from the staging environment, set the env of the server to staging.