Content preview: On Thu, Jun 22, 2017 at 12:17:34PM +0900, Marc Dequènes (Duck) wrote: >Quack, > >So I'm setting up admin users for infra-ansible and the associated >machines to give you root access. I need some help to understand how >this list is defined. > >In Puppet I could find 23 users (not counting the devel and system >accounts). If I log onto backup I can only find 18 of them deployed. So >for example account 'dfediuck' is not created while I can't find any >difference with other properly created ones. It does not seem there are >Puppet groups defined either. [...] Content analysis details: (-1.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-SA-Exim-Connect-IP: 2a02:1398:804::199 X-SA-Exim-Mail-From: ewoud+ovirt@kohlvanwijngaarden.nl X-SA-Exim-Scanned: No (on mail.xentower.nl); SAEximRunCond expanded to false X-BeenThere: infra@ovirt.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "List for ovirt.org infrastructure team" <infra.ovirt.org> List-Unsubscribe: <http://lists.ovirt.org/mailman/options/infra>, <mailto:infra-request@ovirt.org?subject=unsubscribe> List-Archive: <http://lists.ovirt.org/pipermail/infra/> List-Post: <mailto:infra@ovirt.org> List-Help: <mailto:infra-request@ovirt.org?subject=help> List-Subscribe: <http://lists.ovirt.org/mailman/listinfo/infra>, <mailto:infra-request@ovirt.org?subject=subscribe> X-List-Received-Date: Thu, 22 Jun 2017 06:30:18 -0000 On Thu, Jun 22, 2017 at 12:17:34PM +0900, Marc Dequènes (Duck) wrote:
Quack,
So I'm setting up admin users for infra-ansible and the associated machines to give you root access. I need some help to understand how this list is defined.
In Puppet I could find 23 users (not counting the devel and system accounts). If I log onto backup I can only find 18 of them deployed. So for example account 'dfediuck' is not created while I can't find any difference with other properly created ones. It does not seem there are Puppet groups defined either.
As I recall it there's a puppet class for every user. Then in Foreman these classes can be added to a host. Mostly they will have the ensure set to present, but absent can work too if you want to remove them.
On the contrary if I log into resources I can find extra users like 'rafaelmartins' and they are nowhere to be found into Puppet. So I guess they were added manually. This makes removing users no more in the project very difficult, so I think we should audit user accounts.
Auditing makes sense. Given my lack of involvement I think my accounts could be cleaned up as well.