On Fri, Nov 25, 2022 at 01:07:50PM +0100, darknao wrote: > I like C too. > Currently, when something breaks on the websites (the most common issue is > outdated content), the websites team needs to reach out to infra to > understand what's happening and ask them to check the build logs. > Using Openshift is not a widespread skill, and it can be a bit difficult to > debug anything when you don't know where to look, how to trigger a new > build, or just don't have any access. Yeah, although it works the other way too... if we move to gitlab it would need someone who understands that setup to debug and fix. > With C, we are offloading that task to the website team, who are then able > to use the tools they know to deploy and solve any issues related to the > build process that may arise. Sure, but we are then saying that there would be someone available to fix things for... all the time we are still running things there. ;) > Now, the real question is, are we going to allow that? > Giving access to such s3 storage to a third party (I'm talking about GitLab > here since the s3 access key will be stored on their platform) can be a > potential security concern. Sure, but we should hopefully be able to make sure nothing else would be accessable to that key. > If this key gets stolen, it basically gives direct access to our proxies. True, we would need to make sure it was as secure as we could make it. > I feel like I've somewhat answered my own question, but I would love your > opinion on this :) kevin -- > > -darknao > > On 2022-11-24 18:59, Ahmed Almeleh wrote: > > My vote is for C. If we can reduce the amount of steps required to > > implement service redundancy. Deployment to S3 provides out of the > > box access to the public domain and is straightforward. > > > > Regards, > > Ahmed Al-meleh > > Fedora QA Contributor > > > > On Thu, 24 Nov 2022, 17:28 Francois Andrieu, > > <darknao@xxxxxxxxxxxxxxxxx> wrote: > > > > > B) Same as before, with a twist > > > We build on Openshift, but instead of going through NFS and > > > sundries with rsync, we store the websites on S3 storage provided by > > > Openshift, then we sync the proxies using `s3cmd sync`. > > > > > > C) Same as B, but with an external builder > > > We already build the new websites on Gitlab CI, and since the S3 > > > gateway is accessible from the outside, we could just push the build > > > artifacts to s3 directly from GitLab CI. Then sync the proxies from > > > it. > > > > > > -darknao > _______________________________________________ > infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
