On Tue, 8 May 2012 10:48:06 +0200, Alexander Sack <[email protected]> wrote: > On Tue, May 8, 2012 at 3:21 AM, Michael Hudson-Doyle > <[email protected]> wrote: > > On Mon, 7 May 2012 12:26:00 +0200, Alexander Sack <[email protected]> wrote: > >> On Mon, May 7, 2012 at 12:19 PM, Loïc Minier <[email protected]> > >> wrote: > >> > On Mon, May 07, 2012, Michael Hudson wrote: > >> >> 2) Another way is to create a user that does not correspond to a user on > >> >> LP (gfx-daily-job-submitter or somethign) and add it to the linaro > >> >> group on v.l.o. This feels a bit better, but it's not very 'self > >> >> service' -- the only way to create such a user is via the admin panel > >> >> afaik. > >> > > >> > This seems fine to me; creating a machine-to-machine account/setup > >> > seems like a one-off action which doesn't need to involve LP. > >> > We could share a single set of LAVA credentials for all jobs coming > >> > from ci.linaro.org. > >> > > >> > If this isn't automated enough, we could have a way to create new LAVA > >> > credentials for anyone in a specific Launchpad team? > >> > > >> Yes, machine to machine is the way to go... > >> > >> But, I don't think we need specific users like gfx-... we just need > >> _one_ user shared by all @linaro.org protected jobs. This should be > >> configured on the backend side for all @linaro.org transparently so > >> the user (alf) does not need to bother about it... > >> > >> That should be simple to setup and shouldn't require lot's of > >> maintenance nor any further sophistication. > > > > I think that makes sense. The necessity of the infrastructure team > > sharing the password of this user still doesn't seem like a great thing, > > but maybe that's OK for now. > > > > (In the medium term, maybe we should be able to associate tokens with > > groups, and any member of the group can manage tokens associated with > > the group?) > > Why does the infrastructure team need to share the password? I > anticipate them to setup the job for alf and ensure that the proper > password is seeded on the build host that submits the tests.
They would need to log on to v.l.o as the "_one_ user shared by all @linaro.org protected jobs" to generate/manage the tokens used. Cheers, mwh _______________________________________________ linaro-validation mailing list [email protected] http://lists.linaro.org/mailman/listinfo/linaro-validation
