Hi all,
I'd like to have another DevOps meeting with as topics:
* Gitlab status / ToS
* Mailman 3 progress
* CDN status
* Gluebuddy
* DBScripts debug packages deployment
More information is available in the pad [1]
[1] https://md.archlinux.org/2H6y_4lFTOyOmw61VrEMnA
Hi all,
Yesterday anthraxx and I hacked together on getting gluebuddy ready for
production. Gluebuddy is a tool to automatically put Arch Linux Staff in
the correct Gitlab organization/teams and can later be expanded to
enforce more repository settings.
The open pull request was updated to not remove our archceo Arch Linux
group owner and handles our three devops onboarding/offboarding tasks of
adding users to the Staff team, Infrastructure Team and Arch Linux
group. [1]
There are a few open questions:
We match on extern_id which is the username in Gitlab and not the
keycloak id, is that correct and is that an issue?
For keycloak access we now use the admin account, we should rather use
an openid client which has “realm-management roles” such as
“query-groups, query-users, view-users”
The gitlab personal token used for changing
For deploying it to a live server we need:
Setup a new VPS for running gluebuddy
Create a systemd/service with timer so gluebuddy runs every X minutes
Find a way to distribute gluebuddy, an option is to use Gitlab release
where we upload a signed locally build gluebuddy (retrieve and veriy
this in the ansible role). As packaging doesn’t make much sense here.
Create an ansible role for gluebuddy
[1] https://gitlab.archlinux.org/archlinux/gluebuddy/-/merge_requests/2
Greetings,
Jelle van der Waa