[Discuss] Seeking new GCT source tarball host

Frank Scheiner scheiner at hlrs.de
Fri Jun 3 16:45:02 CEST 2022 

Dear Bejanmin, dear Mat,

On 25.05.22 11:43, Benjamin Jacobs wrote:
> On 24/05/2022, Frank Scheiner <scheiner at hlrs.de> wrote:
>> On 23.05.22 08:49, Alessandro Paolini via discuss wrote:
>> Or is this contact just needed for finalizing the setup of the new HTTP
>> repo. Then this should most likely be Mat.
> 
> Contact is only needed for technical communications and follow-up
> operations.  I'm writing down both Mattias' name and yours, for now :)

Ok, fine. :-)

> [...]
>> Having direct access to the repo would be useful, too. I created a new
>> key pair for that and my corresponding public key is attached. This
>> message is signed with my DFN Grid cert. If you can't verify my
>> signature, the CA/signer certificate should be included in [1].
> 
> Ok. You should be able to verify your access using:
> 
> $ sftp gridcf at repo-gridcf.redir.ops.egi.eu
> Certificate invalid: name is not a listed principal
> Connected to repo-gridcf.redir.ops.egi.eu.
> sftp> cd gct6
> sftp> put test
> Uploading test to /gct6/test
> test                                          100%    6     0.3KB/s   00:00
> sftp> rm test
> Removing /gct6/test
> 
> Please note that only the SFTP protocol is available, not SCP (not to
> confuse with with the "scp" binary which works as well over SFTP).

Understood. And it works for me, and I already copied over the packages 
from the current repo.

> You only have write access to the gct6 and uberftp subdirectories, we
> can create other directories as needed of course.
> 
> I counted the current space usage on your server to be only around
> 600-700MB, so if you expect a dramatic increase, please let me know :)

Sure.

>> For the transfers from the CI builds we can (1) either reuse the
>> existing keys in which case Mat needs to only provide the public key for
>> the ID_GRIDCF_UPLOADER key or (2) create a new one from scratch. 1.
>> might be the easiest way.

@Mat:
Can you still provide the public key for the ID_GRIDCF_UPLOADER key 
(maybe best in a signed email) we have configured in GitHub or should I 
create a new one for this purpose?

>>> and someone to update the gridcf.org
>>> <http://gridcf.org/> dns zone.
>>
>> I cannot do that. But Mat could maybe do that? But I assume he needs the
>> new IP address?
> 
> The following 2 records will have to be added/changed:
> 
> 1. First, to enable us to issue certificates for repo.gridcf.org:
> _acme-challenge.repo.gridcf.org. 7200 IN CNAME
> _acme-challenge.repo.gridcf.org.acme-egi.ops.egi.eu. ; mind the
> trailing dots
> 
> 2. Then, to switch over  our host:
> repo.gridcf.org. 7200 IN CNAME repo-gridcf.redir.ops.egi.eu. ; mind
> the trailing dots
> 
> All records associated with that label, i.e. both A & AAAA, have
> to be removed.
> 
> Please only do 2 when you have tested and uploaded everything, of course :)

I propose to take care of the DNS changes after the upcoming GCT release 
(should happen next week or so).

Cheers,
Frank

-- 
Frank Scheiner

High Performance Computing Center Stuttgart (HLRS)
Department Project User Management & Accounting

Email: scheiner at hlrs.de
Phone: +49 711 685 68039
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2837 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.egi.eu/pipermail/discuss/attachments/20220603/4d76a165/attachment.p7s>

More information about the discuss mailing list