Bug 1368419 - Reset authentication for Jenkins nodes
Summary: Reset authentication for Jenkins nodes
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: GlusterFS
Classification: Community
Component: project-infrastructure
Version: mainline
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Nigel Babu
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-19 10:37 UTC by Nigel Babu
Modified: 2017-07-17 03:07 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-07-17 03:07:20 UTC
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:


Attachments (Terms of Use)

Description Nigel Babu 2016-08-19 10:37:06 UTC
Let's do a full reset of authentication for Jenkins nodes:

1. Create users for misc and nigel with Ansible.
2. Remove SSH access via root user.
3. Create a method for creating new users and removing them when needed (ansible task would be easiest).
4. Remove all keys in /root/.ssh/ including private and public.
5. Remove all keys in /home/jenkins/.ssh/ including private and public.
6. Change the password for Jenkins user.
7. Change the password in Jenkins for node passwords.

I'm assigning this one to myself for now. Though, Michael and I will have to split responsibilities.

Comment 1 Nigel Babu 2016-09-12 14:24:27 UTC
I'm going to start with these two steps on Monday

6. Change the password for Jenkins user.
7. Change the password in Jenkins for node passwords.

Comment 2 Nigel Babu 2016-09-16 13:16:19 UTC
We've also missed out on one critical step - Cleaning out users on Jenkins master.

We cleaned out a whole bunch of users who we think aren't active any more or need not have access.

Comment 3 Nigel Babu 2016-09-19 05:05:33 UTC
All Centos and freebsd nodes have had their password reset. I've run into some trouble with the netbsd nodes. I'll have to take one of them offline and figure out what files need permission to change the password.

Comment 4 Nigel Babu 2016-09-20 17:56:22 UTC
Items 6 and 7 are now complete. All Jenkins nodes have had a password refresh.

Comment 5 Nigel Babu 2016-09-20 17:56:48 UTC
Items 4 and 5 are also done.

Comment 6 Nigel Babu 2016-09-26 05:49:25 UTC
Remaining tasks:

1. Create users for misc and nigel with Ansible.
2. Remove SSH access via root user.
3. Create a method for creating new users and removing them when needed (ansible task would be easiest).

Comment 7 Nigel Babu 2017-07-17 03:07:20 UTC
Item 3 is sorted since we now directly use Github auth.

I'm deferring Item 1 and 2 to when we solve this on an infra wide scale rather than specific to Jenkins.


Note You need to log in before you can comment on or make changes to this bug.