Page MenuHomePhabricator
Create Task
Maniphest T233685

Tracking task for DCOps privileged commands
Closed, ResolvedPublic
Actions

Description

Main tracking task to audit and list all privileged commands required by DCOps to operate, in order to prioritize automation effort towards removing the needs of running privileged commands. (see T233189#5512761).

  • Puppet repo +2 on Gerrit to modify DHCP/partman/site.pp
  • DNS repo +2 on Gerrit to add/remove mgmt and host interfaces
  • Switch access to modify port labels, open/close ports
  • pwstore for a subset of passwords
  • ...

Related Objects
Search...

Event Timeline

Volans created this task.Sep 24 2019, 7:45 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 24 2019, 7:45 AM
Volans mentioned this in T233189: Requesting access to Ops Group for papaul@.Sep 24 2019, 7:47 AM
MoritzMuehlenhoff subscribed.Sep 24 2019, 7:52 AM

I don't think the pwstore part is still accurate? pwstore has separate permission groups and passwords relevant to DC ops are granted permission with "access: @dcops". E.g. Papaul is in @dcops and TTBOMK there's nothing missing for DC ops work currently? If that's not the case, please let me know and we can update the "access:" stanza for the file in question.

MoritzMuehlenhoff updated the task description. (Show Details)Sep 24 2019, 7:53 AM
wiki_willy added a subtask: T249916: access request on cumin[1-2]001 for John Clark.Apr 13 2020, 5:19 PM
Dzahn changed the status of subtask T249916: access request on cumin[1-2]001 for John Clark from Open to Stalled.Jul 9 2020, 5:36 PM
herron closed subtask T249916: access request on cumin[1-2]001 for John Clark as Resolved.Jul 28 2020, 4:54 PM
Dzahn subscribed.Jan 29 2021, 10:11 PM

Seems like switch access was resolved by homer, DNS by netbox automation and only puppet is left. Should we move all dcops into the dcops admin group?

wiki_willy added a subtask: T279721: Dc-Ops Commands for Cumin.May 21 2021, 8:02 PM
MoritzMuehlenhoff closed subtask T279721: Dc-Ops Commands for Cumin as Resolved.Jun 7 2021, 11:52 AM
Aklapper added a project: Infrastructure-Foundations.Jun 21 2021, 8:59 PM
MoritzMuehlenhoff closed this task as Resolved.Dec 4 2023, 4:19 PM
MoritzMuehlenhoff claimed this task.

This was handled in various other tasks.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL