# Special Interest Groups

CentOS clearly defines what a SIG (Special Interest Group) is : a group of people sharing interest into a specific task/tech area, and willing to build/test/deliver artifacts (like RPM packages) that CentOS users can then consume.

Each SIG *must* be approved by the CentOS board, and no action should be taken before that. Once approved and CentOS board meeting minutes published, we can (Infra and Releng) proceed with next steps :

## SIG onboarding

We first need to create the SIG group in IPA (if it doesn't exist yet) and it shouldn't of course conflict with any existing.

Requirements:

 * a user with `admin` right in IPA to be able to create the group

 * a shell account on an enrolled machine (like `ipa-shell.iad2.centos.org` but can be any enrolled node within the @FEDORAPROJECT.ORG REALM (verify that you have a `valid` krb5 ticket or next steps will fail)

 * a SIG name and description

 * at least one SIG member that will be the chair (meaning that he'll be himself then able to add/remove other SIG users in that group

We can use either the IPA UI, or for automation purposes,just use the ipa cli.

Basicall three commands:

  * `ipa group-add` : to create the group

  * `ipa group-add-member` : to add the first user

  * `ipa group-add-member-manager` : to grant "sponsor" right to sig chair, himself then able to add users

Here is a full output/example about creating the `sig-kmods` with one chair (valid IPA/FAS account) :

```

# Defininig first some variables

sig_name="sig-kmods"

sig_description="The CentOS kmods SIG"

sig_chair="pjgeorg"

# Now creating group and granting rights

ipa group-add --desc="${sig_description}" --fasgroup ${sig_name}

-----------------------

Added group "sig-kmods"

-----------------------

  Group name: sig-kmods

  Description: The CentOS kmods SIG

  GID: 1494370508

  FAS group: True

ipa group-add-member ${sig_name} --users=${sig_chair}

  Group name: sig-kmods

  Description: The CentOS kmods SIG

  GID: 1494370508

  Member users: pjgeorg

  Membership managed by users: pjgeorg

-------------------------

Number of members added 1

-------------------------

ipa group-add-member-manager ${sig_name} --users=${sig_chair}

  Group name: sig-kmods

  Description: The CentOS kmods SIG

  GID: 1494370508

  Membership managed by users: pjgeorg

-------------------------

Number of members added 1

-------------------------

```

If you need to add later more "sponsor" user, just repeat the `ipa group-add-member-manager` operation with new user.

At this stage, the group should appear throug portal on https://accounts.centos.org

Worth knowing also that in the next minutes, an automatic email alias is created for the group following the naming convention `sig-<name>@centosproject.org` and that will automatically include all sig members email addresses, once added (and removed when removed)

Same for SIG members : an email alias following the `<user>@centosproject.org` alias is also created for all SIG members (and pointing to the email address they used when they registered their ACO/FAS account)

More informations about this in the [Ansible postfix role](https://github.com/CentOS/ansible-role-postfix/blob/master/defaults/main.yml#L71)

While not fully needed, it's now a good idea to send mail to that new SIG to welcome them.

Something like this : 

```

To: <sig_name>@centosproject.org

Subject: Welcome to the new <sig_name> SIG !

Hi,

This welcome email means that your new group <sig_name> was created and granted some management rights to at least the SIG Chair.

The group should appear now on https://accounts.centos.org/group/<sig_name>/

Also worth knowing that each SIG member is also automatically granted an email alias following this convention : <user>@centosproject.org

If you have any needs, requests, feel free to contact the CentOS Infra and Releng team through https://pagure.io/centos-infra/issues.

Kind Regards,

```

## Security GPG key for packages signing

Each SIG building RPM packages through https://cbs.centos.org community build service will need a GPG security key that will be then automatically be used by the signing service

## Koji tags creation