Commit Graph

6 Commits (master)

Author SHA1 Message Date
Zuul cc095128c4 Merge "Retire mordred as infra-root" 2023-05-27 09:03:26 +00:00
Jeremy Stanley 193014847f Allow opendev/ project on bridge
The DNS deployment jobs need to be able to connect to the
zuul user on bridge in order to trigger updates.

Change-Id: Id469274cad6b267c1e54eb787460fda313573220
2023-04-17 15:55:01 +00:00
Monty Taylor d95144e43b Retire mordred as infra-root
It has been over two years since I stopped working on OpenDev as
part of my job, and in that time I haven't found enough time to
keep up with the project as much as I otherwise might have hoped.
As a result, it's really not appropriate to continue to hold
elevated privileges, as I no longer have sufficient context to
be helpful.

Best wishes to everyone! Maybe one day I'll be lucky enough to
be able to return.

Change-Id: If2be80520a0c121698c586e3fa93d94d58a41943
2022-12-06 11:04:08 -06:00
Clark Boylan 9a9af41e48 Disable distro cloud image users more forcefully
This updates our user management system to use the userdel --force flag
when disabling and removing distro cloud image users like 'ubuntu',
'centos' and 'admin'. The reason for this is when we switch from using
the distro user to boot strap launchnode over to root the distro user
may still have running processes that prevent userdel from succeeding.
This should address that problem and delete the user anyway.

The last step in the launch node process is to reboot which should clear
out any stale processes.

We don't do this for normal users as they aren't removed at node launch
time and this may be too forceful for them. It would be better for us to
error in that case and clean up any stale processes.

Change-Id: I79caf2a996566ecaec4cb4a70941bb3f03a5fb73
2022-10-03 09:21:42 -07:00
Clark Boylan 76a03f111d Cleanup users might have used
Cloud images bake in an ubuntu/centos/admin user then prevent root
logins. Early on in our boot process we copy authorized keys to root
then logout and back in again as root and proceed from there. This means
it should be safe to remove these "helpful" user accounts that we don't
use. Clean them up as they can only cause problems.

Change-Id: I9dc1e580cb69004f071370c21c2a5fda09e0cf5b
2021-11-04 16:57:54 -07:00
Monty Taylor 83ced7f6e6 Split inventory into multiple dirs and move hostvars
Make inventory/service for service-specific things, including the
groups.yaml group definitions, and inventory/base for hostvars
related to the base system, including the list of hosts.

Move the exisitng host_vars into inventory/service, since most of
them are likely service-specific. Move group_vars/all.yaml into
base/group_vars as almost all of it is related to base things,
with the execption of the gerrit public key.

A followup patch will move host-specific values into equivilent
files in inventory/base.

This should let us override hostvars in gate jobs. It should also
allow us to do better file matchers - and to be able to organize
our playbooks move if we want to.

Change-Id: Iddf57b5be47c2e9de16b83a1bc83bee25db995cf
2020-06-04 07:44:36 -05:00