CI: Use skc-ci-aio user for aio jobs#943
Conversation
|
If ci-builder needs to be able to push, why not just use the release train user for it? |
It uses the release train user as the docker registry user, but not for package repos. |
This user only has read-only access to the package and container repositories, so is safer than using the release-train-ci user which has read/write permissions. For the container image build job we can use the skc-ci-aio user to access the package repositories, but must use the release-train-ci user to push container images.
markgoddard
force-pushed
the
yoga-aio-user
branch
from
6d3d2ce to
c338dd9
Compare
|
Fixed up trailing newline in password 🤦 |
|
Looks like container access is not working. Doing a bit of local debugging, the skc-ci-aio user cannot pull images in the stackhpc-dev namespace, even though it is in the |
This issue does not seem to affect the stackhpc namespace. The main difference is that it does not contain container-push repositories. |
|
Manually fixed permissions in Ark with the following command: This is necessary due to RBAC changes in pulp_container 2.11 |
2 participants
This user only has read-only access to the package and container
repositories, so is safer than using the release-train-ci user which has
read/write permissions.
For the container image build job we can use the skc-ci-aio user to
access the package repositories, but must use the release-train-ci user
to push container images.