Closed Bug 1009348 Opened 11 years ago Closed 10 years ago

Remove secrets for ceph from puppet

Categories

(Infrastructure & Operations :: RelOps: Puppet, task)

task
Not set
minor

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: Callek, Assigned: Callek)

References

Details

(Whiteboard: [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/857] )

After Bug 1007976 is resolved we should remove the ceph secrets from eyaml since they will no longer be used. that is: ceph_access_key_id and ceph_secret_access_key. As is prudent we should wait a few days min before doing the removal incase there is a need for a backout.
[22:26:51] glandium Callek: fwiw, the ceph secrets are still needed for windows, although i have no clue if the gpo uses the same secrets base [22:28:25] Callek glandium: not yet, but probably should rope markco in on that then [22:28:29] Callek will cc him on the other bug [22:28:39] Callek since mark is working to get puppet working on windows for us So, cc'ing him and adding a bug dep incase the puppet work is gaining traction faster than that GPO work.
Depends on: 1007981
The blocker was resolved about a month ago. Is this something that's going to be cleaned up soon?
Whiteboard: [kanban:engops:https://kanbanize.com/ctrl_board/6/366]
Whiteboard: [kanban:engops:https://kanbanize.com/ctrl_board/6/366] → [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/857] [kanban:engops:https://kanbanize.com/ctrl_board/6/366]
Whiteboard: [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/857] [kanban:engops:https://kanbanize.com/ctrl_board/6/366] → [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/857]
Is c#1 still accurate, and a remaining action item?
Flags: needinfo?(mh+mozilla)
Flags: needinfo?(mcornmesser)
I did: $ grep ceph /etc/hiera/secrets.eyaml > /etc/hiera/secrets.eyaml.ceph-backup And then removed the secrets from the actual eyaml and saved. (the backup is incase there is fallout), I'll remove the backup after I get the n-i's back and there is proven no fallout
Summary: Remove secrets for ceph → Remove secrets for ceph from puppet
I'd have seen fallout from puppet here, so did not save the secrets for that. rm -f /etc/hiera/secrets.eyaml.ceph-backup - done
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Flags: needinfo?(mcornmesser)
(In reply to Justin Wood (:Callek) from comment #3) > Is c#1 still accurate No, ceph secrets are not useful anymore, if they are really ceph secrets (that is, if they are not aws secrets with a name saying they're ceph secrets)
Flags: needinfo?(mh+mozilla)
You need to log in before you can comment on or make changes to this bug.