[Discuss] Seeking new GCT source tarball host

Benjamin Jacobs benjamin.jacobs at egi.eu
Wed May 25 11:43:30 CEST 2022 

Hi Frank,

On 24/05/2022, Frank Scheiner <scheiner at hlrs.de> wrote:
> Dear Alessandro, Benjamin, Mattias, Mat,
>
> On 23.05.22 08:49, Alessandro Paolini via discuss wrote:
>> Dear all,
>>
>> We agreed to provide a simple http repo with sftp access.
>> To finalize the setup, we would need a person of contact
>
> I'd go with two persons from the GridCF so we're also covered during
> vacations or so.

Perfect.

> I'd volunteer to be one of it. And maybe Mattias wants to be the other
> one, assuming we both as maintainers for EPEL/Fedora7Debian/Ubuntu and
> SUSE work the most with these files?
>
> Or is this contact just needed for finalizing the setup of the new HTTP
> repo. Then this should most likely be Mat.

Contact is only needed for technical communications and follow-up
operations.  I'm writing down both Mattias' name and yours, for now :)

>>, one or more
>> ssh public keys,
>
> Having direct access to the repo would be useful, too. I created a new
> key pair for that and my corresponding public key is attached. This
> message is signed with my DFN Grid cert. If you can't verify my
> signature, the CA/signer certificate should be included in [1].

Ok. You should be able to verify your access using:

$ sftp gridcf at repo-gridcf.redir.ops.egi.eu
Certificate invalid: name is not a listed principal
Connected to repo-gridcf.redir.ops.egi.eu.
sftp> cd gct6
sftp> put test
Uploading test to /gct6/test
test                                          100%    6     0.3KB/s   00:00
sftp> rm test
Removing /gct6/test

Please note that only the SFTP protocol is available, not SCP (not to
confuse with with the "scp" binary which works as well over SFTP).

You only have write access to the gct6 and uberftp subdirectories, we
can create other directories as needed of course.

I counted the current space usage on your server to be only around
600-700MB, so if you expect a dramatic increase, please let me know :)

You can access it over HTTP and HTTPS at
https://repo-gridcf.redir.ops.egi.eu/, and once the DNS setup is done
(see below) it should be available directly at repo.gridcf.org


> [1[]:
> https://dl.igtf.net/distribution/igtf/current/accredited/SRPMS/ca_DFN-GridGermany-Root-1.116-1.src.rpm
>
> For the transfers from the CI builds we can (1) either reuse the
> existing keys in which case Mat needs to only provide the public key for
> the ID_GRIDCF_UPLOADER key or (2) create a new one from scratch. 1.
> might be the easiest way.

Whatever works for you is good, we can set as many keys as you'd need.
It is indeed better to have dedicated keys for CI.

>
>> and someone to update the gridcf.org
>> <http://gridcf.org/> dns zone.
>
> I cannot do that. But Mat could maybe do that? But I assume he needs the
> new IP address?

The following 2 records will have to be added/changed:

1. First, to enable us to issue certificates for repo.gridcf.org:
_acme-challenge.repo.gridcf.org. 7200 IN CNAME
_acme-challenge.repo.gridcf.org.acme-egi.ops.egi.eu. ; mind the
trailing dots

2. Then, to switch over  our host:
repo.gridcf.org. 7200 IN CNAME repo-gridcf.redir.ops.egi.eu. ; mind
the trailing dots

All records associated with that label, i.e. both A & AAAA, have
to be removed.

Please only do 2 when you have tested and uploaded everything, of course :)


Cheers,
Benjamin

More information about the discuss mailing list