Hi folks, Last year I started a project to manage Koji resources with Ansible modules. The project is https://github.com/ktdreyer/koji-ansible There are several modules now: koji_archivetype koji_btype koji_call (in progress at https://github.com/ktdreyer/koji-ansible/pull/64) koji_cg koji_external_repo koji_host koji_tag_inheritance koji_tag koji_target koji_user I'm using this to manage a couple different Koji instances, and it's going well so far. Here are some things I've learned along the way. I have some playbooks that use these modules, and I maintain those playbooks using Git pull requests. I don't have administrator access to some of the important Koji instances, so this is a great way for the administrators to delegate some of the configuration to myself and other non-admins. In the past there have been some discussions about increasing the granularity of Koji's ACLs in order to delegate more configuration to wider groups of users. I think that capturing these configurations in Ansible is a great way to meet that need without increasing the complexity of the Koji Hub codebase. In a typical workflow, I can modify a playbook, run it in "check" mode to verify that my changes are going to do what I expect, and then I submit the playbook pull request to the admins to review and merge. Ansible provides a level of automation that makes large Koji changes much easier. For some products in Red Hat we have several hundred tags in Koji that we're managing with Ansible now. With the level of automation Ansible provides, the accident blast radius can be large. It's important to have good CI testing here so we don't destroy things on the hub and fail to notice until it's much too late. I've found it's tricky to mock or fake Koji's behavior in an accurate way for anything but the simplest of cases. We do have fakes and unit tests in koji-ansible for simple test cases, and these are good for development velocity, but we really need assurance that these modules will continue to work against real Koji hubs. To that end, I'm developing an integration test suite for the koji-ansible project. This integration suite sets up a Koji hub on Travis CI's environment using Apache, mod_wsgi, SSL authentication, and a Git clone of Koji's master branch. Once the hub is online, the test suite runs many different playbooks against the hub, verifying that the playbooks are doing what I expect. I plan to merge this integration test suite into master in a week or two. If you are interested in Koji, please take a look at the modules and the inline documentation there. This project has taught me a lot about how Koji's tags, inheritance, external repos, etc fit together, and I've tried to provide plenty of examples in the module documentation. - Ken