Bug 1368419

Summary: Reset authentication for Jenkins nodes
Product: [Community] GlusterFS Reporter: Nigel Babu <nigelb>
Component: project-infrastructureAssignee: Nigel Babu <nigelb>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: mainlineCC: bugs, gluster-infra
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-07-17 03:07:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nigel Babu 2016-08-19 10:37:06 UTC 
Let's do a full reset of authentication for Jenkins nodes:

1. Create users for misc and nigel with Ansible.
2. Remove SSH access via root user.
3. Create a method for creating new users and removing them when needed (ansible task would be easiest).
4. Remove all keys in /root/.ssh/ including private and public.
5. Remove all keys in /home/jenkins/.ssh/ including private and public.
6. Change the password for Jenkins user.
7. Change the password in Jenkins for node passwords.

I'm assigning this one to myself for now. Though, Michael and I will have to split responsibilities.
Comment 1 Nigel Babu 2016-09-12 14:24:27 UTC 
I'm going to start with these two steps on Monday

6. Change the password for Jenkins user.
7. Change the password in Jenkins for node passwords.
Comment 2 Nigel Babu 2016-09-16 13:16:19 UTC 
We've also missed out on one critical step - Cleaning out users on Jenkins master.

We cleaned out a whole bunch of users who we think aren't active any more or need not have access.
Comment 3 Nigel Babu 2016-09-19 05:05:33 UTC 
All Centos and freebsd nodes have had their password reset. I've run into some trouble with the netbsd nodes. I'll have to take one of them offline and figure out what files need permission to change the password.
Comment 4 Nigel Babu 2016-09-20 17:56:22 UTC 
Items 6 and 7 are now complete. All Jenkins nodes have had a password refresh.
Comment 5 Nigel Babu 2016-09-20 17:56:48 UTC 
Items 4 and 5 are also done.
Comment 6 Nigel Babu 2016-09-26 05:49:25 UTC 
Remaining tasks:

1. Create users for misc and nigel with Ansible.
2. Remove SSH access via root user.
3. Create a method for creating new users and removing them when needed (ansible task would be easiest).
Comment 7 Nigel Babu 2017-07-17 03:07:20 UTC 
Item 3 is sorted since we now directly use Github auth.

I'm deferring Item 1 and 2 to when we solve this on an infra wide scale rather than specific to Jenkins.