Hi Bastian, Aron, On 24-08-2021 15:56, Bastian Blank wrote: > On Tue, Aug 24, 2021 at 11:31:24AM +0200, Paul Gevers wrote: >>> As I >>> understand, the account for AWS is "owned" by SPI. > > SPI "owns" several resources for Debian. This is primary relevant for > the things that must not go away, like our published images. Which we don't have (yet) at the Huawei infrastructure. >>> In your opinion, >>> should we do the same for the Huawei platform? > > It will make it easier to have uninterupted access, esp as people in > Debian are coming and going. So if we want to use it for longer, > definitely. That's exactly the reason why I wanted to bring this up. I'm not sure how long Huawei wants to sponsor, but I didn't Aron mention anything about this stopping in the foreseeable future. >>> If yes, how does that work? > > - Get DPL involved, esp as most cloud providers want a credit card > somewhere on signup. In CC. Aron, I guess you'll need to align with Jonathan. > - Get SPI to sign-off on the contract details. > > I assume here that a single DD just created an account and signed the > existing contract? No, in order to get Antonio and me access to the controlling interface, we are now in the position where we want to create a new account and transfer the existing resources. So no, the new account doesn't exist yet and no contract is signed (AFAIK). That's why I brought this up *now*. > Then the technical details needs to be figured out. I assume this > account should then not be restricted to ci.debian.net, but others > should be able to use resources as well. Aron, can you comment on this? I assume that the current resources are earmarked for ci.d.n? > For AWS we have some Terraform code that configures the projects and > permissions to it (yes, I did not forget the AWS account for you guys). > Okay, AWS might be more complex, that's why it requires more stuff to > work correctly. We might want to do something similar for Huawei. Again, I defer to Aron. > I just did a brief look in the documentation to see what our options > are. A single Huawei account contains a global identity management and > can contain several projects. So all users and permissions can only be > managed by a global admin user. But permissions can be specified on > separate projects. That might work. Good. Paul
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature