[Mageia-sysadm] About build system setup

[Michael scherer]

>  * to submit builds, packagers will use "mdvsys/repsys submit" from their
>    computer, or from Cauldron test nodes. mdvsys/repsys require ssh to
>    connect to valstar and run youri wrapper. We will setup a restricted
>    shell to only allow commands needed by mdvsys/repsys, and ssh/git
>    (valstar is also the svn/git server). On Mandriva svn server we used
>    this script as the default shell to restrict to only ssh/git commands :
>    http://svn.gna.org/svn/savane/trunk/backend/accounts/sv_membersh.pl
>    We can update this script to also allow commands used by mdvsys/repsys.

While I am obviously biased towards mdvsys, can we simplify everything by just keeping
mdvsys in the documentation ?

Can we also use some CNAME for valstar role ( if we need to move it on another server ).
Ie, we should not directly use the name of the servers anywhere, except when obviously required.


>  * On Mandriva build system we had one ~mandrake user doing everything
>    (build bots, scheduler, mirrors, sign packages ...). Now we can split
>    this to have one user for each task. We can have the following users :
>    - buildbot (to run iurt on build nodes)
>    - schedbot (youri/ulri/emi)
>    - signbot (sign packages)
>    However we already have a mirror user on valstar. Is it ok, or should
>    we rename it to "mirrorbot" ? Or remove the "bot" suffix from other
>    users ?

+1 for the split, that's a great idea.
And +1 for keeping the bot suffix to avoid clash. So for consistency,
I would vote "mirrorbot" too. ( even if I do not really think it will change much ).

( and in fact, I would even push to use _foo for system daemon user on the distro side, like
apple does, as this also prevent clash, but I disgress )
-- 
Michael Scherer