Page MenuHomePhabricator
Create Task
Maniphest T396902

Create service account user for OpenTofu automation
Closed, ResolvedPublic
Actions

Description

Create a "ZuulDevOpsBot" service account to run tofu for the zuul Cloud VPS project.

Related Objects
Search...

Event Timeline

bd808 created this task.Jun 13 2025, 8:40 PM
Restricted Application added a project: User-bd808. · View Herald TranscriptJun 13 2025, 8:40 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
bd808 added a parent task: T396247: Set up new project for Zuulv3+ pre-merge and non-image-build workloads.Jun 13 2025, 8:40 PM
bd808 added a comment.Jun 13 2025, 10:21 PM
  • Created ZuulDevOpsBot Developer account using idp.wikimedia.org
  • Created ZuulDevOpsBot SUL account using meta.wikimedia.org
  • Added ZuulDevOpsBot Developer account as a member+reader for the zuul project via Horizon
  • Created OpenStack credentials for ZuulDevOpsBot via Horizon.
    • NOTE: Application credentials need to include the "Unrestricted (dangerous)" permission or things will blow up when Magnum tries to create a service account related to the cluster (T372365#10063201)
  • Created ec2 credentials for S3 gateway
bd808 changed the task status from Open to In Progress.Jun 13 2025, 10:24 PM
bd808 triaged this task as Medium priority.
bd808 added a subscriber: thcipriani.

Many of these creds will end up in the GitLab project's CI secrets. @thcipriani is getting me access to the Release-Engineering-Team's 1Password vault so I can stick a copy in there too.

bd808 closed this task as Resolved.Jul 16 2025, 12:32 AM

Credentials added to Release Engineering 1password vault as:

  • ZuulDevOpsBot Developer account
  • ZuulDevOpsBot SUL account
  • ZuulDevOpsBot OpenStack API credentials
  • ZuulDevOpsBot AWS/ec2 credentials
bd808 mentioned this in T403125: Investigate WMCS Magnum for GitLab runners.Aug 27 2025, 9:09 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits