On Sat, Nov 17, 2018 at 2:37 PM John Florian <jflorian(a)doubledog.org> wrote:
On 11/17/18 12:40 PM, Neal Gompa wrote:
> On Sat, Nov 17, 2018 at 10:42 AM John Florian <jflorian(a)doubledog.org> wrote:
>> On 11/16/18 9:38 PM, Neal Gompa wrote:
>>> On Fri, Nov 16, 2018 at 8:02 PM John Florian <jflorian(a)doubledog.org>
wrote:
>>>> On 10/31/18 6:29 PM, Ken Dreyer wrote:
>>>>> Hi folks,
>>>>>
>>>>> I'm working on some native Ansible modules to manage Koji
resources.
>>>>>
>>>>>
https://github.com/ktdreyer/koji-ansible
>>>>>
>>>>> (This is not about installing Koji, it's just a way to
declaratively
>>>>> define things within Koji, where you might normally use the koji
CLI.)
>>>> Since we're on the subject, I should mention that I have a pretty
>>>> complete Puppet module[1] for managing my entire Koji installation.
The
>>>> documentation is only sufficient if you're already familiar with
Koji
>>>> deployments and Puppet, but otherwise should look quite familiar.
>>>>
>>>> [1]
https://github.com/jflorian/doubledog-koji
>>>>
>>> This is neat! Does your puppet module support configuring Koji with
>>> Kerberos auth as an alternative to SSL cert auth?
>>>
>>>
>>>
>> Not ATM, but I've been intending to add that support. It should be
>> quite easy, but it's just a matter of finding time. I have two Koji
>> deployments: the day job and at home. Home is the only one where I have
>> the opportunity to explore and play and once I've worked out the kinks I
>> sneak it into work as it's generally an overall improvement. My home
>> setup is never what I want though for my time is torn in a thousand
>> different directions and that's just the IT side of my life. That all
>> said, I'm easily manipulated to sway my priorities! ;-)
>>
> There are three reasons for my interest:
>
> * I'm trying to find a good method for building a self-contained Koji
> appliance image that will set up Koji systems properly. I've not found
> a good Ansible playbook for doing this, so I'm considering using
> Puppet for this instead.
>
> * I'm trying to find a good module/manifest for setting up Koji for
> Mageia that supports Kerberos and configuring stuff properly. Mageia
> infrastructure is managed with Puppet, so it's ideal to have a good
> module for that. The other manifests/modules I've found so far are
> either horribly underdocumented (at which point I don't know how to
> use them) or lack the necessary capability to set up a Fedora-like
> Koji system.
>
> * One of the places I'd like to set up Koji uses Puppet as well, so it
> works out well if there's a complete module that can be leveraged.
>
>
I think my module would be a great starting point then. Once I started
using Puppet, I went all in so that all my servers and workstations are
100% managed from a minimal install. It was shortly after the RH bought
Ansible and Fedora went that way, but I was too deep already, though I
very much like Ansible, if not actually prefer it. I know Puppet deep
enough to know where the warts are and there's quite a few.
Anyway, my Koji setup mimics Fedora's in many ways because that was the
example I had to learn from ... and it wasn't all that long ago they did
x509 auth too. So, if you interested, I'd love to team up and knock in
the Kerberos support because I've seen plenty of evidence of how active
you are in FOSS and I'm always trying to give back more myself.
Consider me inspired. I think you'll find my module docs good but not
excellent ... they really would benefit from some examples, but as you
know there's a lot of ways a Koji deployment can be put together.
Still, an all-in-one setup for small sites is probably the best example
because bigger sites are going to know how/where they want to be
different. I think my module is flexible enough for just about any use
case -- I'd aimed for that with the auth parts being the one exception
because if I'm not using it, I'm not testing it.
I also have a Sigul module for signing at
https://github.com/jflorian/doubledog-sigul.
I'm rather new to the Puppet thing, but I'll help however I can. But,
yeah I'm interested. And it's awesome there's a sigul module too,
since that'd really be part of any useful Koji setup anyway. :)
--
真実はいつも一つ!/ Always, there's only one truth!