[JIRA] (OVIRT-2282) use SSH keys from gerrit for infra users

[ https://ovirt-jira.atlassian.net/browse/OVIRT-2282?page=com.atlassian.jir... ] Barak Korren commented on OVIRT-2282: ------------------------------------- As discussed in an infra meeting the approach I think we should take here is to: # Have a group in Gerrit that defines who the infra team members are # Have a shell script that lists members of that group (can be done with {{ssh ... gerrit ls-members}}) and ## either: ### Create local accounts for those members ### Download SSH public keys from Gerrit and install in those accounts ### setup password-less sudo for those accounts ## or: ### Download SSH public keys from Gerrit and install in the root acocunt # Run that shell script from cron every 30 minutes on all slaves. # Setup this script and cron job on the slave via cloud-init. # On non-slave hosts we can choose to setup the script and cron job Discussion about why IMO it should be a script and not Ansible/Puppet/Some other thing: # This needs to be run locally on every slave - so doing this with a tool will require having that tool be pre-installed on the slave. # Arguments for using a tool may include the reasoning that it may be easier to add more functionality over time if we use a tool. My counter argument is that we're very much unlikely to add any more functionality, as most if not all other changes we may wish to make to a slave can affect the CI systems and therefore are better done in sync with it via {{globale_setup.sh}}, etc. -- This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100088)