|
 |
12bb45 |
# Special Interest Groups
|
|
|
12bb45 |
|
|
|
12bb45 |
CentOS clearly defines what a SIG (Special Interest Group) is : a group of people sharing interest into a specific task/tech area, and willing to build/test/deliver artifacts (like RPM packages) that CentOS users can then consume.
|
|
|
12bb45 |
|
|
|
12bb45 |
Each SIG *must* be approved by the CentOS board, and no action should be taken before that. Once approved and CentOS board meeting minutes published, we can (Infra and Releng) proceed with next steps :
|
|
|
12bb45 |
|
|
|
12bb45 |
## SIG onboarding
|
|
|
12bb45 |
We first need to create the SIG group in IPA (if it doesn't exist yet) and it shouldn't of course conflict with any existing.
|
|
|
12bb45 |
Requirements:
|
|
|
12bb45 |
|
|
|
12bb45 |
* a user with `admin` right in IPA to be able to create the group
|
|
|
12bb45 |
* a shell account on an enrolled machine (like `ipa-shell.iad2.centos.org` but can be any enrolled node within the @FEDORAPROJECT.ORG REALM (verify that you have a `valid` krb5 ticket or next steps will fail)
|
|
|
12bb45 |
* a SIG name and description
|
|
|
12bb45 |
* at least one SIG member that will be the chair (meaning that he'll be himself then able to add/remove other SIG users in that group
|
|
|
12bb45 |
|
|
|
12bb45 |
We can use either the IPA UI, or for automation purposes,just use the ipa cli.
|
|
|
12bb45 |
Basicall three commands:
|
|
|
12bb45 |
|
|
|
12bb45 |
* `ipa group-add` : to create the group
|
|
|
12bb45 |
* `ipa group-add-member` : to add the first user
|
|
|
12bb45 |
* `ipa group-add-member-manager` : to grant "sponsor" right to sig chair, himself then able to add users
|
|
|
12bb45 |
|
|
|
12bb45 |
Here is a full output/example about creating the `sig-kmods` with one chair (valid IPA/FAS account) :
|
|
|
12bb45 |
|
|
|
12bb45 |
```
|
|
|
12bb45 |
# Defininig first some variables
|
|
|
12bb45 |
sig_name="sig-kmods"
|
|
|
12bb45 |
sig_description="The CentOS kmods SIG"
|
|
|
12bb45 |
sig_chair="pjgeorg"
|
|
|
12bb45 |
|
|
|
12bb45 |
# Now creating group and granting rights
|
|
|
12bb45 |
ipa group-add --desc="${sig_description}" --fasgroup ${sig_name}
|
|
|
12bb45 |
-----------------------
|
|
|
12bb45 |
Added group "sig-kmods"
|
|
|
12bb45 |
-----------------------
|
|
|
12bb45 |
Group name: sig-kmods
|
|
|
12bb45 |
Description: The CentOS kmods SIG
|
|
|
12bb45 |
GID: 1494370508
|
|
|
12bb45 |
FAS group: True
|
|
|
12bb45 |
|
|
|
12bb45 |
ipa group-add-member ${sig_name} --users=${sig_chair}
|
|
|
12bb45 |
Group name: sig-kmods
|
|
|
12bb45 |
Description: The CentOS kmods SIG
|
|
|
12bb45 |
GID: 1494370508
|
|
|
12bb45 |
Member users: pjgeorg
|
|
|
12bb45 |
Membership managed by users: pjgeorg
|
|
|
12bb45 |
-------------------------
|
|
|
12bb45 |
Number of members added 1
|
|
|
12bb45 |
-------------------------
|
|
|
12bb45 |
|
|
|
12bb45 |
ipa group-add-member-manager ${sig_name} --users=${sig_chair}
|
|
|
12bb45 |
Group name: sig-kmods
|
|
|
12bb45 |
Description: The CentOS kmods SIG
|
|
|
12bb45 |
GID: 1494370508
|
|
|
12bb45 |
Membership managed by users: pjgeorg
|
|
|
12bb45 |
-------------------------
|
|
|
12bb45 |
Number of members added 1
|
|
|
12bb45 |
-------------------------
|
|
|
12bb45 |
|
|
|
12bb45 |
```
|
|
|
12bb45 |
If you need to add later more "sponsor" user, just repeat the `ipa group-add-member-manager` operation with new user.
|
|
|
12bb45 |
|
|
|
12bb45 |
|
|
|
12bb45 |
At this stage, the group should appear throug portal on https://accounts.centos.org
|
|
|
12bb45 |
|
|
|
12bb45 |
Worth knowing also that in the next minutes, an automatic email alias is created for the group following the naming convention `sig-<name>@centosproject.org` and that will automatically include all sig members email addresses, once added (and removed when removed)
|
|
|
12bb45 |
|
|
|
12bb45 |
Same for SIG members : an email alias following the `<user>@centosproject.org` alias is also created for all SIG members (and pointing to the email address they used when they registered their ACO/FAS account)
|
|
|
12bb45 |
More informations about this in the [Ansible postfix role](https://github.com/CentOS/ansible-role-postfix/blob/master/defaults/main.yml#L71)
|
|
|
12bb45 |
|
|
|
12bb45 |
While not fully needed, it's now a good idea to send mail to that new SIG to welcome them.
|
|
|
12bb45 |
Something like this :
|
|
|
12bb45 |
|
|
|
12bb45 |
```
|
|
|
12bb45 |
To: <sig_name>@centosproject.org
|
|
|
12bb45 |
Subject: Welcome to the new <sig_name> SIG !
|
|
|
12bb45 |
|
|
|
12bb45 |
Hi,
|
|
|
12bb45 |
|
|
|
12bb45 |
This welcome email means that your new group <sig_name> was created and granted some management rights to at least the SIG Chair.
|
|
|
12bb45 |
The group should appear now on https://accounts.centos.org/group/<sig_name>/
|
|
|
12bb45 |
|
|
|
12bb45 |
Also worth knowing that each SIG member is also automatically granted an email alias following this convention : <user>@centosproject.org
|
|
|
12bb45 |
|
|
|
12bb45 |
If you have any needs, requests, feel free to contact the CentOS Infra and Releng team through https://pagure.io/centos-infra/issues.
|
|
|
12bb45 |
|
|
|
12bb45 |
Kind Regards,
|
|
|
12bb45 |
```
|
|
|
12bb45 |
|
|
|
12bb45 |
## Security GPG key for packages signing
|
|
|
12bb45 |
|
|
|
12bb45 |
Each SIG building RPM packages through https://cbs.centos.org community build service will need a GPG security key that will be then automatically be used by the signing service
|
|
|
12bb45 |
|
|
|
12bb45 |
|
|
|
12bb45 |
|
|
|
12bb45 |
## Koji tags creation
|