Describe what you need us to do: bodhi-3.6.0 has the ability to use skopeo to push containers from the candidate registry into the production registry. The production registry requires certificate based authentication for it's write APIs. We need to give bodhi-backend01 a certificate that will allow skopeo to push to the registry. I am not familiar with how to configure the certificate itself - I think Patrick told me there was a way to configure skopeo to use a certificate directly (i.e., without Bodhi being aware of the configuration), so it's some kind of skopeo-specific configuration we will need.
bodhi-backend01
When do you need this? (YYYY/MM/DD) Before release engineering enables containers in Bodhi.
When is this no longer needed or useful? (YYYY/MM/DD) It will remain useful as long as we want to ship containers in Bodhi.
If we cannot complete your request, what is the impact? Release engineering will have to continue manually publishing containers.
Metadata Update from @cverna: - Issue assigned to cverna
I added the certificates needed by bodhi to push to the container registry [0]. This was successfully tested in staging.
[0] - https://infrastructure.fedoraproject.org/cgit/ansible.git/tree/playbooks/groups/bodhi-backend.yml#n71
Metadata Update from @cverna: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.