I tried to play with enabling sudo on copr-fe-dev, and this error stopped me:
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: If you are using a module and expect the file to exist on the remote, see the remote_src option fatal: [copr-fe-dev.cloud.fedoraproject.org]: FAILED! => {"changed": false, "msg": "Could not find or access '/srv/private/ansible/files/2fa-certs/keys/copr-fe-dev.cloud.fedoraproject.org.pem' on the Ansible Controller.\nIf you are using a module and expect the file to exist on the remote, see the remote_src option"}
So missing /srv/private/ansible/files/2fa-certs/keys/copr-fe-dev.cloud.fedoraproject.org.pem. I suppose we need to have this generated for
/srv/private/ansible/files/2fa-certs/keys/copr-fe-dev.cloud.fedoraproject.org.pem
copr-fe-dev.cloud.fedoraproject.org copr-be-dev.cloud.fedoraproject.org copr-dist-git-dev.fedorainfracloud.org copr-keygen-dev.cloud.fedoraproject.org
copr-fe.cloud.fedoraproject.org copr-be.cloud.fedoraproject.org copr-dist-git.fedorainfracloud.org copr-keygen.cloud.fedoraproject.org
Or should I setup sudo without 2fa? Is there some hint?
I can generate certs for you if you like.
Typically on cloud instances we add ssh keys for everyone with root access to the root users ssh keys, and then they just login as root.
If you would like to have folks login to accounts and sudo, we can make the certs, it's up to you.
Metadata Update from @kevin: - Issue priority set to: Waiting on Reporter (was: Needs Review)
Let me discuss this with copr team then, first.
Any thoughts about this from the copr team?
We originally wanted 2fa because we plan to make the Copr supported infra service, and we thought 2fa is sort of requirement for that to happen. @mizdebsk, this probably was your idea, what do you think?
From our perspective, we prefer root ssh keys anyways since it is more comfortable for maintenance (and turning the 2fa on is mostly about adding one missing role + generating the keys by infra, at least I think).
ok then, lets close this for now and revisit when/if we want later.
Metadata Update from @kevin: - Issue close_status updated to: Insufficient data - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.