Hi Jonathan,For ci.debian.net we have several hosts at Huawei sponsored by them. We (Aron, who arranged the sponsorship and manages the account and the debian-ci team) would like to manage the resources in an account associated with Debian. I brought the subject up in the past (see some of the tread below) with the cloud team, and they deferred to you for the handling of the creation of an account. As I understand it, the account for AWS is "owned" by SPI. I guess we should do the same for the Huawei account. Can you help us forward? Huawei is now ready to transfer the credits to another account.
Paul On 24-08-2021 15:56, Bastian Blank wrote:
Hi Paul On Tue, Aug 24, 2021 at 11:31:24AM +0200, Paul Gevers wrote:As I understand, the account for AWS is "owned" by SPI.SPI "owns" several resources for Debian. This is primary relevant for the things that must not go away, like our published images.In your opinion, should we do the same for the Huawei platform?It will make it easier to have uninterupted access, esp as people in Debian are coming and going. So if we want to use it for longer, definitely.If yes, how does that work?- Get DPL involved, esp as most cloud providers want a credit card somewhere on signup. - Get SPI to sign-off on the contract details.I assume here that a single DD just created an account and signed the existing contract?Then the technical details needs to be figured out. I assume this account should then not be restricted to ci.debian.net, but others should be able to use resources as well.For AWS we have some Terraform code that configures the projects and permissions to it (yes, I did not forget the AWS account for youguys). Okay, AWS might be more complex, that's why it requires more stuff to work correctly. We might want to do something similar for Huawei.I just did a brief look in the documentation to see what our options are. A single Huawei account contains a global identity managementand can contain several projects. So all users and permissions can only be managed by a global admin user. But permissions can be specified on separate projects. That might work. Regards, Bastian
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature