On Tue, Apr 28, 2020 at 1:48 AM Adrian Schröter <adrian(a)suse.de> wrote:
On Dienstag, 28. April 2020, 06:44:08 CEST wrote Stasiek Michalski:
So as you might be aware, on 18. May Micro Focus finally cuts us off
from their infra, and that obviously also means new account system. SUSE
is preparing something themselves, but from what has been relayed to us,
it doesn't fulfill all of our requirements. So we need your help in some
areas while we transition to our own solution.
yes, the SUSE engiering infra team is currently on implementing the succesor
of that system...
We have deployed:
* FreeIPA, as a backend to all of the other systems internally
* Ipsilon, to provide us with sso capabilities to FreeIPA accounts
* Noggin, as a self-service portal, so people can register and modify
their FreeIPA accounts https://accounts.opensuse.org
(behind VPN for
now, just so we don't get any random people signing up)
The solution already works, albeit without the previous accounts, which
will be imported once we have recieved a cut-down dump of user data from
Sorry, but we won't use these for OBS and bugzilla at least. This because
I do not really invest in syncing accounts also with our other systems
(including also our internal build service).
We must guarantee full SUSE employee control for certifications there
with listed names. So an external authentification system is out
of questions there.
This doesn't make sense. Why does the _openSUSE Build Service_ need
this? My understanding is that the SUSE _Internal Build Service_
requires this and that's why it authenticates with the SUSE internal
system and why nobody outside can look at it. That is also the
justification given for having _two_ Build Service instances and why
SUSE Linux Enterprise (as in, the product!) cannot be built in the
_openSUSE Build Service_.
We are already working on a solution for Bugzilla, this was accounted
for when we decided to do this.
However to get
there, we need your help with getting all of the
usernames of the users that ever logged into any and all openSUSE
services. This dump will be sent to SUSE and based on it we will recieve
the final dump which we will import into this system.
It seems this is the same work as the eng-infra team (Daniel and Bernhard)
is doing atm...
sorry, it seems we do some duplicate work atm, we should have
coordinated this better before
Unfortunately, a split was going to be required no matter what,
especially if openSUSE was going to become its own legal entity
(w.r.t. the Foundation). It would be insane to not be able to be
responsible for our own accounts data.
真実はいつも一つ！/ Always, there's only one truth!
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org