Special Interest Groups

CentOS clearly defines what a SIG (Special Interest Group) is : a group of people sharing interest into a specific task/tech area, and willing to build/test/deliver artifacts (like RPM packages) that CentOS users can then consume.

Each SIG must be approved by the CentOS board, and no action should be taken before that. Once approved and CentOS board meeting minutes published, we can (Infra and Releng) proceed with next steps :

SIG onboarding

We first need to create the SIG group in IPA (if it doesn't exist yet) and it shouldn't of course conflict with any existing. Requirements:

• a user with admin right in IPA to be able to create the group
• a shell account on an enrolled machine (like ipa-shell.iad2.centos.org but can be any enrolled node within the @FEDORAPROJECT.ORG REALM (verify that you have a valid krb5 ticket or next steps will fail)
• a SIG name and description
• at least one SIG member that will be the chair (meaning that he'll be himself then able to add/remove other SIG users in that group

We can use either the IPA UI, or for automation purposes,just use the ipa cli. Basicall three commands:

• ipa group-add : to create the group
• ipa group-add-member : to add the first user
• ipa group-add-member-manager : to grant "sponsor" right to sig chair, himself then able to add users

Here is a full output/example about creating the sig-kmods with one chair (valid IPA/FAS account) :

# Defininig first some variables
sig_name="sig-kmods"
sig_description="The CentOS kmods SIG"
sig_chair="pjgeorg"

# Now creating group and granting rights
ipa group-add --desc="${sig_description}" --fasgroup ${sig_name}
-----------------------
Added group "sig-kmods"
-----------------------
  Group name: sig-kmods
  Description: The CentOS kmods SIG
  GID: 1494370508
  FAS group: True

ipa group-add-member ${sig_name} --users=${sig_chair}
  Group name: sig-kmods
  Description: The CentOS kmods SIG
  GID: 1494370508
  Member users: pjgeorg
  Membership managed by users: pjgeorg
-------------------------
Number of members added 1
-------------------------

ipa group-add-member-manager ${sig_name} --users=${sig_chair}
  Group name: sig-kmods
  Description: The CentOS kmods SIG
  GID: 1494370508
  Membership managed by users: pjgeorg
-------------------------
Number of members added 1
-------------------------

If you need to add later more "sponsor" user, just repeat the ipa group-add-member-manager operation with new user.

At this stage, the group should appear throug portal on https://accounts.centos.org

Worth knowing also that in the next minutes, an automatic email alias is created for the group following the naming convention sig-<name>@centosproject.org and that will automatically include all sig members email addresses, once added (and removed when removed)

Same for SIG members : an email alias following the <user>@centosproject.org alias is also created for all SIG members (and pointing to the email address they used when they registered their ACO/FAS account) More informations about this in the Ansible postfix role

While not fully needed, it's now a good idea to send mail to that new SIG to welcome them. Something like this :

To: <sig_name>@centosproject.org
Subject: Welcome to the new <sig_name> SIG !

Hi,

This welcome email means that your new group <sig_name> was created and granted some management rights to at least the SIG Chair.
The group should appear now on https://accounts.centos.org/group/<sig_name>/

Also worth knowing that each SIG member is also automatically granted an email alias following this convention : <user>@centosproject.org

If you have any needs, requests, feel free to contact the CentOS Infra and Releng team through https://pagure.io/centos-infra/issues.

Kind Regards,

Security GPG key for packages signing

Each SIG building RPM packages through https://cbs.centos.org community build service will need a GPG security key that will be then automatically be used by the signing service

Koji tags creation