Greetings, We had a voice discussion on pbx.o.o today, wanted to give a summary for people following at home.
jeblair, mordred, fungi and myself held it on sip:6...@pbx.openstack.org. The initial question posed by myself was how to best organize our tarballs.o.o publisher for tox jobs. This came as a result of me working on the new zuulv3 jobs to handle this. The main issue was because we need to add_host (ansible) for tarballs.o.o within a playbook / role, where would this best be done. Adding it to our base job didn't make much sense, since not all jobs need access to tarballs.o.o. After a quick discussion, it was decided we'd create a new job (trusted playbook) in project-config called 'tox-publisher' (name open to bike shed), that would parent to tox-tarball. This then evolved into if we actually need to upload a tarball to tarballs.o.o, before then publishing to pypi, eventually we agreed it is still useful because of master branch tarballs. We then realized we needed to GPG sign our tarball files, but quickly found our length of 4096 bits limit [1] would be an issue for our GPG sub keys. jeblair propose we revisit and implement our solution for the 4096 limitation[2]. However mordred / fungi believe breaking our secret up into 4096 chucks and creating a secret object / list would also allow us to work around the limit. It was proposed that zuulv3 would already know how to read this list of secrets and concat them together a job run time creating the whole secret. We agree this might be worth doing. This is very high level of the discussion we had. [1] https://docs.openstack.org/infra/zuul/feature/zuulv3/user/encryption.html#encryption [2] http://lists.openstack.org/pipermail/openstack-dev/2017-March/114398.html _______________________________________________ OpenStack-Infra mailing list OpenStack-Infra@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
