Closed
Bug 1009348
Opened 11 years ago
Closed 10 years ago
Remove secrets for ceph from puppet
Categories
(Infrastructure & Operations :: RelOps: Puppet, task)
Infrastructure & Operations
RelOps: Puppet
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: Callek, Assigned: Callek)
References
Details
(Whiteboard: [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/857] )
After Bug 1007976 is resolved we should remove the ceph secrets from eyaml since they will no longer be used.
that is: ceph_access_key_id and ceph_secret_access_key.
As is prudent we should wait a few days min before doing the removal incase there is a need for a backout.
Assignee | ||
Comment 1•11 years ago
|
||
[22:26:51] glandium Callek: fwiw, the ceph secrets are still needed for windows, although i have no clue if the gpo uses the same secrets base
[22:28:25] Callek glandium: not yet, but probably should rope markco in on that then
[22:28:29] Callek will cc him on the other bug
[22:28:39] Callek since mark is working to get puppet working on windows for us
So, cc'ing him and adding a bug dep incase the puppet work is gaining traction faster than that GPO work.
Depends on: 1007981
Comment 2•11 years ago
|
||
The blocker was resolved about a month ago. Is this something that's going to be cleaned up soon?
Updated•10 years ago
|
Whiteboard: [kanban:engops:https://kanbanize.com/ctrl_board/6/366]
Updated•10 years ago
|
Whiteboard: [kanban:engops:https://kanbanize.com/ctrl_board/6/366] → [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/857] [kanban:engops:https://kanbanize.com/ctrl_board/6/366]
Updated•10 years ago
|
Whiteboard: [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/857] [kanban:engops:https://kanbanize.com/ctrl_board/6/366] → [kanban:engops:https://mozilla.kanbanize.com/ctrl_board/6/857]
Assignee | ||
Comment 3•10 years ago
|
||
Is c#1 still accurate, and a remaining action item?
Flags: needinfo?(mh+mozilla)
Flags: needinfo?(mcornmesser)
Assignee | ||
Comment 4•10 years ago
|
||
I did:
$ grep ceph /etc/hiera/secrets.eyaml > /etc/hiera/secrets.eyaml.ceph-backup
And then removed the secrets from the actual eyaml and saved. (the backup is incase there is fallout), I'll remove the backup after I get the n-i's back and there is proven no fallout
Summary: Remove secrets for ceph → Remove secrets for ceph from puppet
Assignee | ||
Comment 5•10 years ago
|
||
I'd have seen fallout from puppet here, so did not save the secrets for that.
rm -f /etc/hiera/secrets.eyaml.ceph-backup - done
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Updated•10 years ago
|
Flags: needinfo?(mcornmesser)
Comment 6•10 years ago
|
||
(In reply to Justin Wood (:Callek) from comment #3)
> Is c#1 still accurate
No, ceph secrets are not useful anymore, if they are really ceph secrets (that is, if they are not aws secrets with a name saying they're ceph secrets)
Flags: needinfo?(mh+mozilla)
You need to log in
before you can comment on or make changes to this bug.
Description
•