I am working on the Fedora Minimization project with Adam Samalik. There are many times that I need to make packages, images and containers for public testing an prototyping. I think using the Fedora Infra AWS resources seems like the best way to do that.
So I don't become a burden, I think getting a certain level of access so I can spin up instances and manage these instances would work best. I definitely do not want wider permissions than this. Possibly having a minimization group with limited access would work.
By the end of next week 2019/11/22
I think I would need to look for alternative solutions next month. I'd say 2019/12/10
I'd need to look for an alternative solution.
Adding @asamalik
ok, we can set this up, but I need to get some other changes pushed out to do it. Hopefully will just be a day or two... possibly later today.
Could these test builds be done in koji as scratch builds? I guess you still need a place to test them...
Metadata Update from @kevin: - Issue priority set to: Waiting on Assignee (was: Needs Review)
ok, a few questions:
Is web access sufficent? Or do you need cli as well?
I see @asamalik has a instance called 'docs-import'. Is that still needed? Is it seperate from this I assume?
I see @asamalik has a instance called 'Minimization Test Machine' is that still needed? Is it part of this/should it be under this role?
ok, a few questions: Is web access sufficent? Or do you need cli as well?
I'm ok building them either way. If web access is easier to setup, then I'm fine with that. If it's not too much trouble, I'd like web and cli.
That is seperate from docs-import, except ... see below.
That was created using his docs-import credentials as a quick proof of concept for minimization. It is still being actively used. I'll let him reply, but my opinion. If it can be switched to this role without killing the machine, that would be great. If it has to be destroyed and rebuilt, then just leave it as it is, and at some point we'll re-create it under the new role.
ok, a few questions: Is web access sufficent? Or do you need cli as well? I see @asamalik has a instance called 'docs-import'. Is that still needed? Is it seperate from this I assume?
That is separate, yes. That's for the docs search prototype.
This is still needed, yes, builds the Feedback Pipeline
We can join those together. It's been set up for me, so I can't really manage it myself. Having access to AWS directly and being able to manage instances — with this one added — would be helpful, yes.
Metadata Update from @mizdebsk: - Issue tagged with: aws
ok. I have created a fas aws-min group with both of you in it.
You can login to the aws ec2 console via the SAML2 link in the aws sop: https://docs.pagure.org/infra-docs/sysadmin-guide/sops/aws-access.html From there you should be able to spin up instances. NOTE: per the sop, as soon as you spin up an instance you should tag it with "FedoraGroup" "min"
(well, my changes to the sop are still in a PR: https://pagure.io/infra-docs/pull-request/173.patch )
I added the tag to the existing minimization test machine, so you should be able to manage it via this role.
I can get you the token for the cli... can both of you send me your current gpg public keys? Or some other secure way to get it to you...
Thank you so much, @kevin!
I make sure I follow the SOP.
I should be all right with the web UI only, so no need to set up the cli.
Cheers!
Closing this out as cli is not needed.
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.