Use fedcloud secrets #347

enolfc · 2024-06-21T14:03:30Z

Summary

Change the approach for managing records, avoiding sending the long lived ones in cloud-init. At the same time move the ansible role to this repository instead of relying on a external role (EGI-Federation/ansible-role-fedcloud-ops) that makes no sense as an independent thing.

Related issue : 341

Instead use fedcloud secret command with a locker that can only be used 2 times (one for putting the secret, another for getting it) and for 1 hour max.

Instead of having this externally managed as it is a pain to update and to keep properly aligned

enolfc · 2024-06-21T14:04:06Z

Lots of testing happened here: #344

github-actions · 2024-06-21T14:04:39Z

Terraform Format and Style 🖌`success`

Terraform Initialization ⚙️`success`

Terraform Plan 📖`success`

Show Plan

terraform
Acquiring state lock. This may take a few moments...
openstack_compute_instance_v2.cloud-info: Refreshing state... [id=237fb5c1-51a2-479e-8cb1-f3ebe302b8f5]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # openstack_compute_instance_v2.cloud-info must be replaced
-/+ resource "openstack_compute_instance_v2" "cloud-info" {
      ~ access_ip_v4        = "192.168.1.99" -> (known after apply)
      + access_ip_v6        = (known after apply)
      ~ all_metadata        = {} -> (known after apply)
      ~ all_tags            = [] -> (known after apply)
      ~ availability_zone   = "nova" -> (known after apply)
      ~ created             = "2024-06-21 10:58:27 +0000 UTC" -> (known after apply)
      ~ flavor_name         = "svc1.m" -> (known after apply)
      ~ id                  = "237fb5c1-51a2-479e-8cb1-f3ebe302b8f5" -> (known after apply)
      ~ image_name          = "ubuntu-22.04-amd64-raw" -> (known after apply)
        name                = "cloud-info"
      + region              = (known after apply)
      - tags                = [] -> null
      ~ updated             = "2024-06-21 10:58:39 +0000 UTC" -> (known after apply)
      ~ user_data           = "b0cb1e987e712d14374d63b16a7834873800d456" -> "0b01d814d2a3670725b49bead8ff97d4fddc05e1" # forces replacement
        # (6 unchanged attributes hidden)

      ~ network {
          ~ fixed_ip_v4    = "192.168.1.99" -> (known after apply)
          + fixed_ip_v6    = (known after apply)
          + floating_ip    = (known after apply)
          ~ mac            = "fa:16:3e:91:47:46" -> (known after apply)
          ~ name           = "cloud_egi_net" -> (known after apply)
          + port           = (known after apply)
            # (2 unchanged attributes hidden)
        }
    }

Plan: 1 to add, 0 to change, 1 to destroy.

Changes to Outputs:
  ~ instance-id = "237fb5c1-51a2-479e-8cb1-f3ebe302b8f5" -> (known after apply)

Warning: Argument is deprecated

  with provider["registry.terraform.io/terraform-provider-openstack/openstack"],
  on backend.tf line 10, in provider "openstack":
  10: provider "openstack" {

Users not using loadbalancer resources can ignore this message. Support for
neutron-lbaas will be removed on next major release. Octavia will be the only
supported method for loadbalancer resources. Users using octavia will have to
remove 'use_octavia' option from the provider configuration block. Users
using neutron-lbaas will have to migrate/upgrade to octavia.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Releasing state lock. This may take a few moments...

Pusher: @enolfc, Action: pull_request

gwarf

LGTM (but mostly blind/direct approval to not block things, maybe it would be good to have some more people as reviewers of this)

github-actions · 2024-06-24T06:32:06Z

Ansible deployment: `success`

Deployment log


PLAY [all] *********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [localhost]

TASK [catchall : Ensure cron is available] *************************************
ok: [localhost]

TASK [catchall : Install docker] ***********************************************
included: /var/tmp/egi/deploy/roles/catchall/tasks/docker.yml for localhost

TASK [catchall : Install dependencies] *****************************************
changed: [localhost]

TASK [catchall : Docker repo key] **********************************************
changed: [localhost]

TASK [catchall : Add docker repo] **********************************************
changed: [localhost]

TASK [catchall : Install docker] ***********************************************
changed: [localhost]

TASK [catchall : Ensure docker config dir is present] **************************
changed: [localhost]

TASK [catchall : Configure docker] *********************************************
changed: [localhost]

TASK [catchall : Restart docker] ***********************************************
changed: [localhost]

TASK [catchall : Load site configuration] **************************************
ok: [localhost] => (item=/var/tmp/egi/deploy/../sites/TR-FC1-ULAKBIM.yaml)
ok: [localhost] => (item=/var/tmp/egi/deploy/../sites/DESY-CC.yaml)
ok: [localhost] => (item=/var/tmp/egi/deploy/../sites/CLOUDIFIN.yaml)
ok: [localhost] => (item=/var/tmp/egi/deploy/../sites/IISAS-FedCloud-cloud.yaml)
ok: [localhost] => (item=/var/tmp/egi/deploy/../sites/UA-BITP.yaml)
ok: [localhost] => (item=/var/tmp/egi/deploy/../sites/CENI.yaml)
ok: [localhost] => (item=/var/tmp/egi/deploy/../sites/CESGA.yaml)
ok: [localhost] => (item=/var/tmp/egi/deploy/../sites/CSTCLOUD-EGI.yaml)
ok: [localhost] => (item=/var/tmp/egi/deploy/../sites/INFN-CLOUD-CNAF.yaml)
ok: [localhost] => (item=/var/tmp/egi/deploy/../sites/NCG-INGRID-PT.yaml)
ok: [localhost] => (item=/var/tmp/egi/deploy/../sites/EODC.yaml)
ok: [localhost] => (item=/var/tmp/egi/deploy/../sites/CYFRONET-CLOUD.yaml)
ok: [localhost] => (item=/var/tmp/egi/deploy/../sites/WALTON-CLOUD.yaml)
ok: [localhost] => (item=/var/tmp/egi/deploy/../sites/ILIFU-UCT.yaml)
ok: [localhost] => (item=/var/tmp/egi/deploy/../sites/SCAI.yaml)
ok: [localhost] => (item=/var/tmp/egi/deploy/../sites/IFCA-LCG2.yaml)
ok: [localhost] => (item=/var/tmp/egi/deploy/../sites/BIFI.yaml)
ok: [localhost] => (item=/var/tmp/egi/deploy/../sites/IN2P3-IRES.yaml)
ok: [localhost] => (item=/var/tmp/egi/deploy/../sites/fedcloud.srce.hr.yaml)
ok: [localhost] => (item=/var/tmp/egi/deploy/../sites/INFN-CLOUD-BARI.yaml)
ok: [localhost] => (item=/var/tmp/egi/deploy/../sites/CESNET-MCC.yaml)
ok: [localhost] => (item=/var/tmp/egi/deploy/../sites/GRNET-OPENSTACK.yaml)
ok: [localhost] => (item=/var/tmp/egi/deploy/../sites/ELKH-CLOUD.yaml)
ok: [localhost] => (item=/var/tmp/egi/deploy/../sites/CETA-GRID.yaml)
ok: [localhost] => (item=/var/tmp/egi/deploy/../sites/CESGA-CLOUD.yaml)

TASK [catchall : Set site configuration variable] ******************************
ok: [localhost] => (item=site_incl_vars_TR-FC1-ULAKBIM)
ok: [localhost] => (item=site_incl_vars_DESY-CC)
ok: [localhost] => (item=site_incl_vars_CLOUDIFIN)
ok: [localhost] => (item=site_incl_vars_IISAS-FedCloud-cloud)
ok: [localhost] => (item=site_incl_vars_UA-BITP)
ok: [localhost] => (item=site_incl_vars_CENI)
ok: [localhost] => (item=site_incl_vars_CESGA)
ok: [localhost] => (item=site_incl_vars_CSTCLOUD-EGI)
ok: [localhost] => (item=site_incl_vars_INFN-CLOUD-CNAF)
ok: [localhost] => (item=site_incl_vars_NCG-INGRID-PT)
ok: [localhost] => (item=site_incl_vars_EODC)
ok: [localhost] => (item=site_incl_vars_CYFRONET-CLOUD)
ok: [localhost] => (item=site_incl_vars_WALTON-CLOUD)
ok: [localhost] => (item=site_incl_vars_ILIFU-UCT)
ok: [localhost] => (item=site_incl_vars_SCAI)
ok: [localhost] => (item=site_incl_vars_IFCA-LCG2)
ok: [localhost] => (item=site_incl_vars_BIFI)
ok: [localhost] => (item=site_incl_vars_IN2P3-IRES)
ok: [localhost] => (item=site_incl_vars_fedcloud.srce.hr)
ok: [localhost] => (item=site_incl_vars_INFN-CLOUD-BARI)
ok: [localhost] => (item=site_incl_vars_CESNET-MCC)
ok: [localhost] => (item=site_incl_vars_GRNET-OPENSTACK)
ok: [localhost] => (item=site_incl_vars_ELKH-CLOUD)
ok: [localhost] => (item=site_incl_vars_CETA-GRID)
ok: [localhost] => (item=site_incl_vars_CESGA-CLOUD)

TASK [catchall : Create directories] *******************************************
changed: [localhost] => (item=/etc/egi)
changed: [localhost] => (item=/etc/egi/vos)
changed: [localhost] => (item=/etc/egi/cloud-info)
changed: [localhost] => (item=/var/lock/cloud-info)
changed: [localhost] => (item=/var/log/cloud-info)
[WARNING]: The value "1999" (type int) was converted to "'1999'" (type string).
If this does not look like what you expect, quote the entire value to ensure it
does not change.

TASK [catchall : Site specific config] *****************************************
included: /var/tmp/egi/deploy/roles/catchall/tasks/cloud-info.yml for localhost => (item={'gocdb': 'TR-FC1-ULAKBIM', 'endpoint': 'https://bulut.truba.gov.tr:5000/v3', 'vos': [{'name': 'dteam', 'auth': {'project_id': '208e4da6c3c249cdab269cb5b645cceb'}}, {'name': 'eiscat.se', 'auth': {'project_id': '4b607492b48c4d9c9942ca243ae16a58'}}, {'name': 'enmr.eu', 'auth': {'project_id': '261e58163d204beb8d6ee82cca385771'}}, {'name': 'fedcloud.egi.eu', 'auth': {'project_id': 'c2ffb5336de9467c8a588038e2c06750'}}, {'name': 'fusion', 'auth': {'project_id': '0606cbf2743c4bbc8680227247f4d616'}}, {'name': 'ops', 'auth': {'project_id': '64abd71f8a1e42b6a3be1d1a172d96b6'}}, {'name': 'vo.access.egi.eu', 'auth': {'project_id': '2fa316a05d364de9b5a55ac78a45f8bf'}}, {'name': 'vo.enes.org', 'auth': {'project_id': 'a59bd0a9ed754941962846c4a081d6ca'}}, {'name': 'vo.nbis.se', 'auth': {'project_id': 'b0159e11cb4b470eba90d113593e90c9'}}, {'name': 'vo.imagine-ai.eu', 'auth': {'project_id': '3c1f7074ad974024849cfd01a4b3858d'}}]})
included: /var/tmp/egi/deploy/roles/catchall/tasks/cloud-info.yml for localhost => (item={'gocdb': 'DESY-CC', 'endpoint': 'https://ccmi-api.desy.de:5000/v3', 'vos': [{'name': 'fedcloud.egi.eu', 'auth': {'project_id': '84ef898d6bdc4d01aaabdf1dda2ca791'}}, {'name': 'vo.panosc.eu', 'auth': {'project_id': 'ac06d127fc14463c9bd283f08e731eb2'}}, {'name': 'vo.cite.gr', 'auth': {'project_id': 'cf702115862145869d78aadab4021f81'}}, {'name': 'vo.openrdm.eu', 'auth': {'project_id': '270eaf591c4b489a8f6dc1400fe2ed3c'}}, {'name': 'peachnote.com', 'auth': {'project_id': '27f37f6027eb490f9d4994b57e08054e'}}]})
included: /var/tmp/egi/deploy/roles/catchall/tasks/cloud-info.yml for localhost => (item={'gocdb': 'CLOUDIFIN', 'endpoint': 'https://cloud-ctrl.nipne.ro:443/v3', 'vos': [{'name': 'dteam', 'auth': {'project_id': 'f726c16f3e2346bf891021c89b4dc58d'}}, {'name': 'fedcloud.egi.eu', 'auth': {'project_id': '245cdfdce0c84227b9b60d247618f635'}}, {'name': 'ops', 'auth': {'project_id': '21440821c8904e5b8ce5ec101a1ca879'}}]})
included: /var/tmp/egi/deploy/roles/catchall/tasks/cloud-info.yml for localhost => (item={'gocdb': 'IISAS-FedCloud', 'endpoint': 'https://cloud.ui.savba.sk:5000/v3/', 'vos': [{'name': 'cloud.egi.eu', 'auth': {'project_id': '982ce52d45fe4e33a1c952ab9484c711'}}, {'name': 'covid19.eosc-synergy.eu', 'auth': {'project_id': 'a22bbffb007745b2934bf308b0a4d186'}}, {'name': 'eosc-synergy.eu', 'auth': {'project_id': '51f736d36ce34b9ebdf196cfcabd24ee'}}, {'name': 'mswss.ui.savba.sk', 'auth': {'project_id': 'a3684e7440aa42f287cf5e9e85ea4cae'}}, {'name': 'mteam.data.kit.edu', 'auth': {'project_id': '071a2c4b52494bccbc3606d59d0e6951'}}, {'name': 'ops', 'auth': {'project_id': '06f5a36f70684fd7b27518625458b69d'}}, {'name': 'training.egi.eu', 'auth': {'project_id': 'ba233ccdb3a84ecb961ad340f4b34369'}}, {'name': 'vo.access.egi.eu', 'auth': {'project_id': '71dc9c3785cc4876bfb1a4bfc681e0f3'}}, {'name': 'vo.bd4nrg.eu', 'auth': {'project_id': '74128e581e6941ad91c7fce06f14e6c8'}}, {'name': 'vo.oipub.com', 'auth': {'project_id': 'e188494f39564812987a4ee5f58084a7'}}, {'name': 'vo.ai4eosc.eu', 'auth': {'project_id': '4d40037774784f22907d537070e85f42'}}, {'name': 'vo.usegalaxy.eu', 'auth': {'project_id': '7a23c4fa956a499c854eb215f3a95218'}}]})
included: /var/tmp/egi/deploy/roles/catchall/tasks/cloud-info.yml for localhost => (item={'gocdb': 'UA-BITP', 'endpoint': 'https://openstack.bitp.kiev.ua:5000/v3', 'vos': [{'name': 'dteam', 'auth': {'project_id': '1305de6b15384e0c8d77251ab6f703af'}}, {'name': 'fedcloud.egi.eu', 'auth': {'project_id': '8d48556b378549a3a3f02ce933096c1f'}}, {'name': 'ops', 'auth': {'project_id': 'ea6e7637552d476d8247b5d42a07df7d'}}, {'name': 'vo.access.egi.eu', 'auth': {'project_id': '8d48556b378549a3a3f02ce933096c1f'}}]})
included: /var/tmp/egi/deploy/roles/catchall/tasks/cloud-info.yml for localhost => (item={'gocdb': 'CENI', 'endpoint': 'https://openstack.ceni.org.cn:5000/v3', 'vos': [{'name': 'ops', 'auth': {'project_id': '90c0ce1b2f1545c0b9a05d9a8fd45102'}}, {'name': 'vo.access.egi.eu', 'auth': {'project_id': 'b106744c783543518f505dda45632697'}}, {'name': 'vo.cnic.cn', 'auth': {'project_id': '3105c59401794130821a68e219726ccc'}}]})
included: /var/tmp/egi/deploy/roles/catchall/tasks/cloud-info.yml for localhost => (item={'gocdb': 'CESGA', 'endpoint': 'https://fedcloud-osservices.egi.cesga.es:5000/v3', 'vos': [{'name': 'covid19.eosc-synergy.eu', 'auth': {'project_id': '972298c557184a2192ebc861f3184da8'}}, {'name': 'd4science.org', 'auth': {'project_id': '69522b33d33a4c53a471eb269e069d5b'}}, {'name': 'enmr.eu', 'auth': {'project_id': '7f23f4323ff54359964d3afdd1f2a8c7'}}, {'name': 'eosc-synergy.eu', 'auth': {'project_id': '57bcb0efcba4467fa225add92fdc194c'}}, {'name': 'fusion', 'auth': {'project_id': '11b8dbe34f9f4379bf2339121a1429e0'}}, {'name': 'lagoproject.net', 'auth': {'project_id': '50a0ce2d050048c68bc3094b6682d837'}}, {'name': 'mswss.ui.savba.sk', 'auth': {'project_id': 'a91154f2803b4414a4f34039539833fa'}}, {'name': 'o3as.data.kit.edu', 'auth': {'project_id': '4a22f140a5fb4678aa1599fbf0b44b2f'}}, {'name': 'ops', 'auth': {'project_id': '707711a8c2154caab35fa9ccdf38434a'}}, {'name': 'vo.access.egi.eu', 'auth': {'project_id': '3a8e9d966e644405bf19b536adf7743d'}}, {'name': 'vo.clarin.eu', 'auth': {'project_id': 'f5575c54231747109d6b2466334085bb'}}, {'name': 'vo.emso-eric.eu', 'auth': {'project_id': '916506ac136741c28e4326975eef0bff'}}, {'name': 'vo.envri-fair.eu', 'auth': {'project_id': 'c1c9c25774fe418599bced1d45862c60'}}, {'name': 'vo.nextgeoss.eu', 'auth': {'project_id': 'b1d2ef2cc2284c57bcde21cf4ab141e3'}}, {'name': 'vo.notebooks.egi.eu', 'auth': {'project_id': 'fcaf23d103c1485694e7494a59ee5f09'}}, {'name': 'vo.stars4all.eu', 'auth': {'project_id': 'ed8399d460a44bde9c69484ccc6a53b6'}}, {'name': 'vo.deltares.nl', 'auth': {'project_id': '6808ae202f6044f8aea95495ac3588b9'}}, {'name': 'vo.plocan.eu', 'auth': {'project_id': '7d4e7efd1eab46fb949aa06c35aeb60d'}}, {'name': 'bioisi', 'auth': {'project_id': 'f6c8441325e040e39a79a41cf39d3066'}}]})
included: /var/tmp/egi/deploy/roles/catchall/tasks/cloud-info.yml for localhost => (item={'gocdb': 'CSTCLOUD-EGI', 'endpoint': 'https://federation.cstcloud.cn:5000/v3', 'vos': [{'name': 'ops', 'auth': {'project_id': '6788216d161747d085ec60cacb6f8543'}}, {'name': 'vo.access.egi.eu', 'auth': {'project_id': '16d983af7ac84860acbddbc7e395a3fd'}}, {'name': 'vo.cnic.cn', 'auth': {'project_id': 'a46c8e0acd9e4a01ad413f5654d7aae9'}}, {'name': 'enmr.eu', 'auth': {'project_id': 'ddf1ddbcdfaf4e42b722719b964b5fab'}}, {'name': 'eiscat.se', 'auth': {'project_id': 'be43e5f92b3e49c387a5b00549938770'}}, {'name': 'fedcloud.egi.eu', 'auth': {'project_id': 'b33f036b6a584c4d844df5a505f53d16'}}]})
included: /var/tmp/egi/deploy/roles/catchall/tasks/cloud-info.yml for localhost => (item={'gocdb': 'INFN-CLOUD-CNAF', 'endpoint': 'https://cloud-api-pub.cr.cnaf.infn.it:5000/v3', 'region': 'sdds', 'vos': [{'name': 'dteam', 'auth': {'project_id': 'a8af02aad2894e9e8b5d4775c9736b8a'}}, {'name': 'fedcloud.egi.eu', 'auth': {'project_id': 'a8af02aad2894e9e8b5d4775c9736b8a'}}, {'name': 'fermi-lat.infn.it', 'auth': {'project_id': 'd20b02f7f6254acab37b29a0e74015c2'}}, {'name': 'ops', 'auth': {'project_id': '8b6a8afe225344dea808ec17a26de56d'}}, {'name': 'vo.i-nergy.eu', 'auth': {'project_id': 'ce2be245c0a24b52a0d31ede99c0bd63'}}, {'name': 'vo.projectescape.eu', 'auth': {'project_id': '1f3ff0902d554384a5af936e6643695f'}}]})
included: /var/tmp/egi/deploy/roles/catchall/tasks/cloud-info.yml for localhost => (item={'gocdb': 'NCG-INGRID-PT', 'endpoint': 'https://stratus.ncg.ingrid.pt:5000/v3', 'vos': [{'name': 'aquamonitor.c-scale.eu', 'auth': {'project_id': '8258f24c93b14473ba58892f5f2748f4'}}, {'name': 'bioisi', 'auth': {'project_id': 'fa764d911b1d4e5eab8e51a186d813ee'}}, {'name': 'cloud.egi.eu', 'auth': {'project_id': '6b042927bcfa466cb9eb56d3ea679987'}}, {'name': 'dev.intertwin.eu', 'auth': {'project_id': '7e08ed7db02847a1858ce8ed0f93be3c'}}, {'name': 'eosc-synergy.eu', 'auth': {'project_id': 'ddf0c468c8af4e0bbb9808bfc0288381'}}, {'name': 'fedcloud.egi.eu', 'auth': {'project_id': 'bd5a81e1670b48f18af33b05512a9d77'}}, {'name': 'opencoast.eosc-hub.eu', 'auth': {'project_id': 'b0cea6bd85844b0693ceda70d9f94a09'}}, {'name': 'ops', 'auth': {'project_id': 'bd5a81e1670b48f18af33b05512a9d77'}}, {'name': 'training.egi.eu', 'auth': {'project_id': 'e51b8a89b30945adbf52a5d568912e4c'}}, {'name': 'vo.access.egi.eu', 'auth': {'project_id': 'bd5a81e1670b48f18af33b05512a9d77'}}, {'name': 'vo.ai4eosc.eu', 'auth': {'project_id': 'c61c1bb323414a248cb142eb6183d4b2'}}, {'name': 'vo.envrihub.eu', 'auth': {'project_id': 'e6d00f696beb482c8d6900f8a88ddd69'}}, {'name': 'vo.imagine-ai.eu', 'auth': {'project_id': '009f77df459b4a6389910e0fb20ddcaf'}}, {'name': 'vo.lifewatch.eu', 'auth': {'project_id': 'f0c662a2d69d4072bdd9334ff9852c2d'}}, {'name': 'worsica.vo.incd.pt', 'auth': {'project_id': 'a53ca78c534046e5b13f4537ae698411'}}]})
included: /var/tmp/egi/deploy/roles/catchall/tasks/cloud-info.yml for localhost => (item={'gocdb': 'EODC', 'endpoint': 'https://cloud.eodc.eu:5000/v3/', 'vos': [{'name': 'eval.c-scale.eu', 'auth': {'project_id': '9197366d7240406c9fcb7431bee8e569'}}, {'name': 'ops', 'auth': {'project_id': '9197366d7240406c9fcb7431bee8e569'}}]})
included: /var/tmp/egi/deploy/roles/catchall/tasks/cloud-info.yml for localhost => (item={'gocdb': 'CYFRONET-CLOUD', 'endpoint': 'https://panel.cloud.cyfronet.pl:5000/v3/', 'vos': [{'name': 'culturalheritage.vo.egi.eu', 'auth': {'project_id': '0a9d5dd734854a15a4b5d1c8a21772bc'}}, {'name': 'dteam', 'auth': {'project_id': '9b40bb40431c4f4180c280b6675f9bb9'}}, {'name': 'fedcloud.egi.eu', 'auth': {'project_id': '1295728b1ce747fb96c043c6e254ad6f'}}, {'name': 'ops', 'auth': {'project_id': 'c030e7317150482d920717888e82ce5f'}}, {'name': 'vo.access.egi.eu', 'auth': {'project_id': '7635176e4f9b4cb4b3f4192a5bf901a3'}}]})
included: /var/tmp/egi/deploy/roles/catchall/tasks/cloud-info.yml for localhost => (item={'gocdb': 'WALTON-CLOUD', 'endpoint': 'https://horizon.waltoncloud.eu:5000/v3', 'vos': [{'name': 'ops', 'auth': {'project_id': '786ae008b6694cfca45e04001fe2054c'}}, {'name': 'vo.eurosea.marine.ie', 'auth': {'project_id': '30e1e1ad790043108f18a627474296df'}}, {'name': 'vo.access.egi.eu', 'auth': {'project_id': '18f97f15a8374f5eb7e8cc0258eace99'}}, {'name': 'vo.imagine-ai.eu', 'auth': {'project_id': '08c98a7449444c7a8103eb7521b82dfa'}}]})
included: /var/tmp/egi/deploy/roles/catchall/tasks/cloud-info.yml for localhost => (item={'gocdb': 'ILIFU-UCT', 'endpoint': 'https://openstack.ilifu.ac.za:5000/v3', 'vos': [{'name': 'ops', 'auth': {'project_id': '668927725bfa4b87a8f02a214095f34d'}}, {'name': 'vo.access.egi.eu', 'auth': {'project_id': 'a8c0add4584e4230832f84adb0539809'}}, {'name': 'vo.mightee.idia.za', 'auth': {'project_id': 'd35b3b03f8ee41e3bc1bfbf212fee346'}}, {'name': 'eval.c-scale.eu', 'auth': {'project_id': '36a68426b1a2415380ed62745bc7ba6c'}}]})
included: /var/tmp/egi/deploy/roles/catchall/tasks/cloud-info.yml for localhost => (item={'gocdb': 'SCAI', 'endpoint': 'https://cloud.scai.fraunhofer.de:5000/v3', 'vos': [{'name': 'ops', 'auth': {'project_id': '7884889abbe44c43b331027fc2f39b75'}}, {'name': 'vo.access.egi.eu', 'auth': {'project_id': 'd12c055894f245b28c75c95e4ca78407'}}, {'name': 'vo.ebrain-health.eu', 'auth': {'project_id': '4733227537724f7aade971aedefb015a'}}]})
included: /var/tmp/egi/deploy/roles/catchall/tasks/cloud-info.yml for localhost => (item={'gocdb': 'IFCA-LCG2', 'endpoint': 'https://api.cloud.ifca.es:5000/v3/', 'vos': [{'name': 'cos4cloud-eosc.eu', 'auth': {'project_id': 'c614975f1176494eaf6d6c389e1f3e2c'}}, {'name': 'cryoem.instruct-eric.eu', 'auth': {'project_id': 'c7db08b907ef4f0fae73bdd6587bc79e'}}, {'name': 'demo.fedcloud.egi.eu', 'auth': {'project_id': '2a7e2cd4b6dc4e609dd934964c1715c6'}}, {'name': 'dteam', 'auth': {'project_id': '5eb8959a799240a98f4f303f5fbd80be'}}, {'name': 'enmr.eu', 'auth': {'project_id': 'b6b1c395b7da4e8aa1d0895bd695b0ba'}}, {'name': 'icecube', 'auth': {'project_id': '36a6b6937b4d4d23a74842791d5c6e9a'}}, {'name': 'opencoast.eosc-hub.eu', 'auth': {'project_id': '4ebc1727dbed465c8ef72617a9075b4f'}}, {'name': 'openrisknet.org', 'auth': {'project_id': '6f17d8db2b07472dacf01c453753c3a8'}}, {'name': 'ops', 'auth': {'project_id': 'a372c1e2fba040e58fd0cb524a3ccd34'}}, {'name': 'training.egi.eu', 'auth': {'project_id': 'f1d0308880134d04964097524eace710'}}, {'name': 'vo.access.egi.eu', 'auth': {'project_id': '999f045cb1ff4684a15ebb338af69460'}}, {'name': 'vo.ai4eosc.eu', 'auth': {'project_id': 'f44e296a9ea441548456d25fb5b467c9'}}, {'name': 'vo.imagine-ai.eu', 'auth': {'project_id': '2f9d982c4a654c38aad616f5a1f7146d'}}, {'name': 'vo.lifewatch.eu', 'auth': {'project_id': '3c8d36c4136946238e82d995fd274d1c'}}, {'name': '/vo.lifewatch.eu/openbiomap', 'auth': {'project_id': 'ac7bc26131d248ecb6add521e648c331'}}, {'name': 'vo.obsea.es', 'auth': {'project_id': '9ce2e985504d44d5af102ad3b537ffad'}}, {'name': 'ispravision.vo.egi.eu', 'auth': {'project_id': 'ed9a5bb0f5a5444ba2ad5cd97072a189'}}, {'name': 'vo.digitbrain.eu', 'auth': {'project_id': '3eff18b8a237407ea2ed56aa9cb5d07c'}}]})
included: /var/tmp/egi/deploy/roles/catchall/tasks/cloud-info.yml for localhost => (item={'gocdb': 'BIFI', 'endpoint': 'https://colossus.cesar.unizar.es:5000/v3', 'vos': [{'name': 'covid19.eosc-synergy.eu', 'auth': {'project_id': 'f07679a8d4ac40379b51db4236bc3c27'}}, {'name': 'eosc-synergy.eu', 'auth': {'project_id': '0c1de26753ed4311a6cefff9094ad3e3'}}, {'name': 'lagoproject.net', 'auth': {'project_id': '21a85c6ead0346b08e22709d0422799d'}}, {'name': 'o3as.data.kit.edu', 'auth': {'project_id': '621b1977bb384beab1519713c7e695f0'}}, {'name': 'ops', 'auth': {'project_id': '6930771153aa4b8d8637222dec8fd949'}}, {'name': 'worsica.vo.incd.pt', 'auth': {'project_id': '46f55a92f3904d509d75525930d8d0eb'}}, {'name': 'vo.phiri.eu', 'auth': {'project_id': '1d64c6e5237b46af8acb44f79b7b5a15'}}, {'name': 'vo.bd4nrg.eu', 'auth': {'project_id': '3e18859848be489a8d741b264049f4a9'}}]})
included: /var/tmp/egi/deploy/roles/catchall/tasks/cloud-info.yml for localhost => (item={'gocdb': 'IN2P3-IRES', 'endpoint': 'https://sbgcloud.in2p3.fr:5000/v3', 'vos': [{'name': 'belle', 'auth': {'project_id': 'e5258170eee8429da316e6a710f6d185'}}, {'name': 'bioisi', 'auth': {'project_id': 'bf15d4331f3d4c3997e17c0740930e8c'}}, {'name': 'biomed', 'auth': {'project_id': '3a43bcf92f954d79ac1dcf07c5833e49'}}, {'name': 'cms', 'auth': {'project_id': '187caf7c40a2463390b59b3970f2048d'}}, {'name': 'dteam', 'auth': {'project_id': '2490c27604904357b9e50c5e77aaeedf'}}, {'name': 'fedcloud.egi.eu', 'auth': {'project_id': 'a5eb30bba2c2497b90645fb199e34b39'}}, {'name': 'med.semmelweis-univ.hu', 'auth': {'project_id': '8bea7dbd202f4cbcafb7e00334f320f2'}}, {'name': 'ops', 'auth': {'project_id': '929ff81c495b4cafb02fa1b8eef032c8'}}, {'name': 'vo.access.egi.eu', 'auth': {'project_id': '7a91022b9ae74ed9ac1a574972a79499'}}, {'name': 'vo.elixir-europe.org', 'auth': {'project_id': '2dfd063612f14a84989496e1a8ac080e'}}, {'name': 'vo.emphasisproject.eu', 'auth': {'project_id': '3232754379c3469c9e8dbe8f403a8835'}}, {'name': 'vo.europlanet-vespa.eu', 'auth': {'project_id': 'c8005e7c85ca4929bde70882ae1ec137'}}, {'name': 'vo.nbis.se', 'auth': {'project_id': 'b822cf1f1c24427599ccb6bbe6266ae7'}}, {'name': 'vo.operas-eu.org', 'auth': {'project_id': 'bc4fed7e87514dd884924c77cad714bc'}}, {'name': 'vo.lethe-project.eu', 'auth': {'project_id': 'f064d2b5f42a4704958f3bfbff7404bd'}}, {'name': 'saps-vo.i3m.upv.es', 'auth': {'project_id': '96709738ce5a4439a0e14a77db9d3882'}}, {'name': 'vo.pithia.eu', 'auth': {'project_id': '7408db293bcd473a98e44924263f1190'}}]})
included: /var/tmp/egi/deploy/roles/catchall/tasks/cloud-info.yml for localhost => (item={'gocdb': 'fedcloud.srce.hr', 'endpoint': 'https://cloud.cro-ngi.hr:5000/v3/', 'vos': [{'name': 'dteam', 'auth': {'project_id': '8fbe7b83bfa7420ea75bbceb761ad079'}}, {'name': 'fedcloud.egi.eu', 'auth': {'project_id': '662f67f51f4c451987e62b17820a2bc5'}}, {'name': 'ops', 'auth': {'project_id': '949f4fe468164de9a8afdf03e70a6fc0'}}]})
included: /var/tmp/egi/deploy/roles/catchall/tasks/cloud-info.yml for localhost => (item={'gocdb': 'INFN-CLOUD-BARI', 'endpoint': 'https://keystone.recas.ba.infn.it/v3', 'protocol': 'openid', 'vos': [{'name': 'ops', 'auth': {'project_id': '690609ffff9a42ed96b42b4b745b9e5d'}}, {'name': 'vo.emso-eric.eu', 'auth': {'project_id': '18ef543d904b441cbb9c5f2302dbd154'}}, {'name': 'vo.decido-project.eu', 'auth': {'project_id': '9ca3e35cbd1b4b3f8c7676908dc10b78'}}, {'name': 'vo.usegalaxy.eu', 'auth': {'project_id': 'b82b6407118642d0af8ae32235ba974e'}}, {'name': 'vo.nbis.se', 'auth': {'project_id': '779d51b021904fe990913cc0bf738031'}}, {'name': 'vo.binare-oy.eu', 'auth': {'project_id': 'f08cb68480de4ac38dbe3cf63e42bf38'}}]})
included: /var/tmp/egi/deploy/roles/catchall/tasks/cloud-info.yml for localhost => (item={'gocdb': 'CESNET-MCC', 'endpoint': 'https://identity.cloud.muni.cz/v3', 'vos': [{'name': 'biomed', 'auth': {'project_id': 'eca73ad6a84d4c0088063505c36349ab'}}, {'name': 'covid19.eosc-synergy.eu', 'auth': {'project_id': '192e87f713474117a2a22704ac4da1a2'}}, {'name': 'cryoem.instruct-eric.eu', 'auth': {'project_id': 'd0ebf0fad0a04be19f93fdf794469544'}}, {'name': 'demo.fedcloud.egi.eu', 'auth': {'project_id': '10b972eed97940089b234f6257d7db72'}}, {'name': 'drihm.eu', 'auth': {'project_id': '4216152b63f34cc28401bb9bbd40b0bf'}}, {'name': 'dteam', 'auth': {'project_id': '0aa5b696969c42988b18beda3f85b885'}}, {'name': 'enmr.eu', 'auth': {'project_id': '8f4f75b011fe44ef99105a32817d2fc0'}}, {'name': 'eosc-synergy.eu', 'auth': {'project_id': 'd85ca93c937a4a97adf134ec2593296d'}}, {'name': 'fusion', 'auth': {'project_id': '426b25102bdb49b8b6969cef5aabaecf'}}, {'name': 'ops', 'auth': {'project_id': '73ee46f9a64243d2955ecb07e4f28289'}}, {'name': 'peachnote.com', 'auth': {'project_id': 'bf5fbc4e22164e4d8a464e9c97706830'}}, {'name': 'training.egi.eu', 'auth': {'project_id': 'eae2aa7f26334104906106bca4b82ae3'}}, {'name': 'umsa.cerit-sc.cz', 'auth': {'project_id': '10e31299a9b548fdbe36e4dbe571168e'}}, {'name': '/biomed/vip', 'auth': {'project_id': '721251d671ea4268876043a9474ba3de'}}, {'name': 'vo.clarin.eu', 'auth': {'project_id': '5fc606127d2d4499b959ff79219c7144'}}, {'name': 'vo.elixir-europe.org', 'auth': {'project_id': '90f5ae8fb33e45888be97f152bc2f67b'}}, {'name': 'vo.emphasisproject.eu', 'auth': {'project_id': 'b953842bf4204dc98054f6c3ae581cb5'}}, {'name': 'vo.europlanet-vespa.eu', 'auth': {'project_id': '89140661b6be4ef281ab7a67d4c83e0c'}}, {'name': 'vo.geoss.eu', 'auth': {'project_id': '24869cfe0e094f59a3110429e068eef2'}}, {'name': 'vo.indigo-datacloud.eu', 'auth': {'project_id': '25cb49baedbf40a194729ff6802c8491'}}, {'name': 'vo.nextgeoss.eu', 'auth': {'project_id': '081396a827c94f3da0c922cf6d8fb7f7'}}, {'name': 'vo.notebooks.egi.eu', 'auth': {'project_id': '28b74c3073a74b34a729cbf9777e7344'}}, {'name': 'vo.panosc.eu', 'auth': {'project_id': 'd868dfd63a674d94bbd9d9b7b54443e3'}}, {'name': 'icecube', 'auth': {'project_id': '14c82a422b094c32b4858ce959fa1a0d'}}, {'name': 'university.eosc-synergy.eu', 'auth': {'project_id': 'a478488b79df46c4a086ecb7a321b038'}}, {'name': 'waterwatch.c-scale.eu', 'auth': {'project_id': 'acf5d12568914e65a80150efb087cbb8'}}, {'name': 'vo.pangeo.eu', 'auth': {'project_id': '05e0ff6e03774082aadacc75bfc1d783'}}, {'name': 'vo.environmental.egi.eu', 'auth': {'project_id': '29e6fbf618984a0c98ffcdf0222ad815'}}, {'name': 'vo.eoscfuture-sp.panosc.eu', 'auth': {'project_id': 'c91eeff7bf7845bc901b319512f2ebdb'}}, {'name': 'vo.inactive-sarscov2.eu', 'auth': {'project_id': '0df0a85cfe8e47d38ce9142858845800'}}, {'name': 'eval.c-scale.eu', 'auth': {'project_id': 'd6283bc95d5c4296abb799596867818c'}}, {'name': '/vo.pangeo.eu/swift', 'auth': {'project_id': '57102d3e06b7476088fe4924370ae170'}}, {'name': '/vo.pangeo.eu/escience', 'auth': {'project_id': '5e5a45e153d3424997fda0c4fd21a21f'}}, {'name': 'vo.thepund.it', 'auth': {'project_id': 'a0faee5136134d1ab1e62385c3e45c75'}}, {'name': 'vo.enes.org', 'auth': {'project_id': '786566209a7444f89a561172fa28e117'}}, {'name': 'vo.envrihub.eu', 'auth': {'project_id': '61d8e5a65aff45fabc41ae954e905d11'}}, {'name': 'vo.radiotracers4psma.eu', 'auth': {'project_id': 'c92b14a949664e74b1afdac69adc724a'}}]})
included: /var/tmp/egi/deploy/roles/catchall/tasks/cloud-info.yml for localhost => (item={'gocdb': 'GRNET-OPENSTACK', 'endpoint': 'https://keystone-louros.cloud.grnet.gr:5000/v3', 'vos': [{'name': 'ops', 'auth': {'project_id': 'fd88c4b7bf9242fdbde17b484ccdb032'}}]})
included: /var/tmp/egi/deploy/roles/catchall/tasks/cloud-info.yml for localhost => (item={'gocdb': 'ELKH-CLOUD', 'endpoint': 'https://sztaki.science-cloud.hu:5000/v3', 'vos': [{'name': 'ops', 'auth': {'project_id': '6141a6ee30004094b4e9e53913a8e399'}}]})
included: /var/tmp/egi/deploy/roles/catchall/tasks/cloud-info.yml for localhost => (item={'gocdb': 'CETA-GRID', 'endpoint': 'https://controller.ceta-ciemat.es:5000/v3/', 'vos': [{'name': 'covid19.eosc-synergy.eu', 'auth': {'project_id': '4eda27e5514c496b9878e2b87a7c8515'}}, {'name': 'dteam', 'auth': {'project_id': '470c60ff781949be87ec17e0d3e208d9'}}, {'name': 'eosc-synergy.eu', 'auth': {'project_id': '8e0f99db8b7845d38512f0ddce9049e3'}}, {'name': 'fedcloud.egi.eu', 'auth': {'project_id': '8ad2ac56f33540cdbfbd45ad5095d924'}}, {'name': 'lagoproject.net', 'auth': {'project_id': '3afddede673548a99dc5c2e819baf5a8'}}, {'name': 'o3as.data.kit.edu', 'auth': {'project_id': 'b8f5431e14e64c1ca2264f44ce6b0567'}}, {'name': 'ops', 'auth': {'project_id': 'f43bd8db629d40bbb85ffdb0dfdba28e'}}, {'name': 'worsica.vo.incd.pt', 'auth': {'project_id': 'ef3e041a01a44915a3654c7c09af1fb1'}}, {'name': 'saps-vo.i3m.upv.es', 'auth': {'project_id': '0691729e8ea04d90aab9603cb1d2dc7f'}}, {'name': 'EOServices-vo.indra.es', 'auth': {'project_id': '9882d85f83884bbf9cf0dd4ab54c0aac'}}, {'name': 'mswss.ui.savba.sk', 'auth': {'project_id': 'a9236c4cdd9f49ffa9663b4678132080'}}]})
included: /var/tmp/egi/deploy/roles/catchall/tasks/cloud-info.yml for localhost => (item={'gocdb': 'CESGA-CLOUD', 'endpoint': 'https://cloud.srv.cesga.es:5000/v3', 'vos': [{'name': 'ops', 'auth': {'project_id': 'e92677d7fc0742a7b1e3a33285e2296c'}}, {'name': 'cesga.es', 'auth': {'project_id': '7274a80de0954f0f88a594f94642b1fb'}}, {'name': 'eosc-synergy.eu', 'auth': {'project_id': '8b3f809f2b0841e6b91b7f60d08da8c9'}}, {'name': 'vo.deltares.nl', 'auth': {'project_id': '8a244d1b0d0f4f8e8c9519fae4cfc8ee'}}, {'name': 'bioisi', 'auth': {'project_id': '458f3225272243d7b1c0551d3af3f130'}}, {'name': 'vo.plocan.eu', 'auth': {'project_id': '2ce3f160cdd64d46b02f3b1f856ed8ec'}}, {'name': 'vo.emso-eric.eu', 'auth': {'project_id': 'c76094afeb98405d921820ae7588d92a'}}, {'name': 'vo.aneris.eu', 'auth': {'project_id': 'ec4d71d1142b46a39f7cf704d79219c5'}}]})

TASK [catchall : Cloud-info config directory] **********************************
changed: [localhost]

TASK [catchall : Cloud info env] ***********************************************
changed: [localhost]

TASK [catchall : Cloud info cron] **********************************************
changed: [localhost]

TASK [catchall : Cloud-info config directory] **********************************
changed: [localhost]

TASK [catchall : Cloud info env] ***********************************************
changed: [localhost]

TASK [catchall : Cloud info cron] **********************************************
changed: [localhost]

TASK [catchall : Cloud-info config directory] **********************************
changed: [localhost]

TASK [catchall : Cloud info env] ***********************************************
changed: [localhost]

TASK [catchall : Cloud info cron] **********************************************
changed: [localhost]

TASK [catchall : Cloud-info config directory] **********************************
changed: [localhost]

TASK [catchall : Cloud info env] ***********************************************
changed: [localhost]

TASK [catchall : Cloud info cron] **********************************************
changed: [localhost]

TASK [catchall : Cloud-info config directory] **********************************
changed: [localhost]

TASK [catchall : Cloud info env] ***********************************************
changed: [localhost]

TASK [catchall : Cloud info cron] **********************************************
changed: [localhost]

TASK [catchall : Cloud-info config directory] **********************************
changed: [localhost]

TASK [catchall : Cloud info env] ***********************************************
changed: [localhost]

TASK [catchall : Cloud info cron] **********************************************
changed: [localhost]

TASK [catchall : Cloud-info config directory] **********************************
changed: [localhost]

TASK [catchall : Cloud info env] ***********************************************
changed: [localhost]

TASK [catchall : Cloud info cron] **********************************************
changed: [localhost]

TASK [catchall : Cloud-info config directory] **********************************
changed: [localhost]

TASK [catchall : Cloud info env] ***********************************************
changed: [localhost]

TASK [catchall : Cloud info cron] **********************************************
changed: [localhost]

TASK [catchall : Cloud-info config directory] **********************************
changed: [localhost]

TASK [catchall : Cloud info env] ***********************************************
changed: [localhost]

TASK [catchall : Cloud info cron] **********************************************
changed: [localhost]

TASK [catchall : Cloud-info config directory] **********************************
changed: [localhost]

TASK [catchall : Cloud info env] ***********************************************
changed: [localhost]

TASK [catchall : Cloud info cron] **********************************************
changed: [localhost]

TASK [catchall : Cloud-info config directory] **********************************
changed: [localhost]

TASK [catchall : Cloud info env] ***********************************************
changed: [localhost]

TASK [catchall : Cloud info cron] **********************************************
changed: [localhost]

TASK [catchall : Cloud-info config directory] **********************************
changed: [localhost]

TASK [catchall : Cloud info env] ***********************************************
changed: [localhost]

TASK [catchall : Cloud info cron] **********************************************
changed: [localhost]

TASK [catchall : Cloud-info config directory] **********************************
changed: [localhost]

TASK [catchall : Cloud info env] ***********************************************
changed: [localhost]

TASK [catchall : Cloud info cron] **********************************************
changed: [localhost]

TASK [catchall : Cloud-info config directory] **********************************
changed: [localhost]

TASK [catchall : Cloud info env] ***********************************************
changed: [localhost]

TASK [catchall : Cloud info cron] **********************************************
changed: [localhost]

TASK [catchall : Cloud-info config directory] **********************************
changed: [localhost]

TASK [catchall : Cloud info env] ***********************************************
changed: [localhost]

TASK [catchall : Cloud info cron] **********************************************
changed: [localhost]

TASK [catchall : Cloud-info config directory] **********************************
changed: [localhost]

TASK [catchall : Cloud info env] ***********************************************
changed: [localhost]

TASK [catchall : Cloud info cron] **********************************************
changed: [localhost]

TASK [catchall : Cloud-info config directory] **********************************
changed: [localhost]

TASK [catchall : Cloud info env] ***********************************************
changed: [localhost]

TASK [catchall : Cloud info cron] **********************************************
changed: [localhost]

TASK [catchall : Cloud-info config directory] **********************************
changed: [localhost]

TASK [catchall : Cloud info env] ***********************************************
changed: [localhost]

TASK [catchall : Cloud info cron] **********************************************
changed: [localhost]

TASK [catchall : Cloud-info config directory] **********************************
changed: [localhost]

TASK [catchall : Cloud info env] ***********************************************
changed: [localhost]

TASK [catchall : Cloud info cron] **********************************************
changed: [localhost]

TASK [catchall : Cloud-info config directory] **********************************
changed: [localhost]

TASK [catchall : Cloud info env] ***********************************************
changed: [localhost]

TASK [catchall : Cloud info cron] **********************************************
changed: [localhost]

TASK [catchall : Cloud-info config directory] **********************************
changed: [localhost]

TASK [catchall : Cloud info env] ***********************************************
changed: [localhost]

TASK [catchall : Cloud info cron] **********************************************
changed: [localhost]

TASK [catchall : Cloud-info config directory] **********************************
changed: [localhost]

TASK [catchall : Cloud info env] ***********************************************
changed: [localhost]

TASK [catchall : Cloud info cron] **********************************************
changed: [localhost]

TASK [catchall : Cloud-info config directory] **********************************
changed: [localhost]

TASK [catchall : Cloud info env] ***********************************************
changed: [localhost]

TASK [catchall : Cloud info cron] **********************************************
changed: [localhost]

TASK [catchall : Cloud-info config directory] **********************************
changed: [localhost]

TASK [catchall : Cloud info env] ***********************************************
changed: [localhost]

TASK [catchall : Cloud info cron] **********************************************
changed: [localhost]

TASK [catchall : Cloud-info config directory] **********************************
changed: [localhost]

TASK [catchall : Cloud info env] ***********************************************
changed: [localhost]

TASK [catchall : Cloud info cron] **********************************************
changed: [localhost]

PLAY RECAP *********************************************************************
localhost                  : ok=113  changed=83   unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

* Do not send long lived secrets to VM Instead use fedcloud secret command with a locker that can only be used 2 times (one for putting the secret, another for getting it) and for 1 hour max. * Move the ansible role to this repository Instead of having this externally managed as it is a pain to update and to keep properly aligned * Move to the embedded role

sebastian-luna-valero

Sorry, just going through this PR now...

sebastian-luna-valero · 2024-07-03T12:05:47Z

deploy/roles/catchall/defaults/main.yaml

+ams_token: secret
+
+# check-in endpoint
+checkin_token_endpoint: "https://aai.egi.eu/oidc/token"


Legacy config?

sebastian-luna-valero

Sorry, an additional comment

sebastian-luna-valero · 2024-07-03T12:47:22Z

.github/workflows/deploy.yml

          REFRESH_TOKEN: ${{ secrets.REFRESH_TOKEN }}
+          ANSIBLE_SECRETS: ${{ secrets.ANSIBLE_SECRETS }}


Also, I guess these secrets should be directly stored in https://secrets.egi.eu/ ?

yes, although I don't know yet what's the best way of dealing with this, any ideas?

following up internally :)

* Update ansible-role link * remove xenial ppa * update check-in token endpoint * add handler for Docker

enolfc added 3 commits June 21, 2024 13:19

Do not send long lived secrets to VM

55b8057

Instead use fedcloud secret command with a locker that can only be used 2 times (one for putting the secret, another for getting it) and for 1 hour max.

Move the ansible role to this repository

4226c9f

Instead of having this externally managed as it is a pain to update and to keep properly aligned

Move to the embedded role

32838ef

enolfc requested review from a team as code owners June 21, 2024 14:03

gwarf approved these changes Jun 21, 2024

View reviewed changes

enolfc merged commit 58c38e2 into main Jun 24, 2024
30 checks passed

enolfc deleted the fedcloud-secrets branch June 24, 2024 08:10

sebastian-luna-valero mentioned this pull request Jul 3, 2024

Should this repo be deleted? EGI-Federation/ansible-role-fedcloud-ops#38

Open

sebastian-luna-valero reviewed Jul 3, 2024

View reviewed changes

sebastian-luna-valero mentioned this pull request Jul 3, 2024

Updates following #347 #348

Merged

enolfc pushed a commit that referenced this pull request Jul 8, 2024

Updates following #347 (#348)

5eecf50

* Update ansible-role link * remove xenial ppa * update check-in token endpoint * add handler for Docker

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use fedcloud secrets #347

Use fedcloud secrets #347

enolfc commented Jun 21, 2024

enolfc commented Jun 21, 2024

github-actions bot commented Jun 21, 2024

gwarf left a comment

github-actions bot commented Jun 24, 2024

sebastian-luna-valero left a comment

sebastian-luna-valero Jul 3, 2024

sebastian-luna-valero left a comment

sebastian-luna-valero Jul 3, 2024

enolfc Jul 8, 2024

sebastian-luna-valero Jul 8, 2024

		REFRESH_TOKEN: ${{ secrets.REFRESH_TOKEN }}
		ANSIBLE_SECRETS: ${{ secrets.ANSIBLE_SECRETS }}

Use fedcloud secrets #347

Use fedcloud secrets #347

Conversation

enolfc commented Jun 21, 2024

Summary

enolfc commented Jun 21, 2024

github-actions bot commented Jun 21, 2024

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Plan 📖success

gwarf left a comment

Choose a reason for hiding this comment

github-actions bot commented Jun 24, 2024

Ansible deployment: success

sebastian-luna-valero left a comment

Choose a reason for hiding this comment

sebastian-luna-valero Jul 3, 2024

Choose a reason for hiding this comment

sebastian-luna-valero left a comment

Choose a reason for hiding this comment

sebastian-luna-valero Jul 3, 2024

Choose a reason for hiding this comment

enolfc Jul 8, 2024

Choose a reason for hiding this comment

sebastian-luna-valero Jul 8, 2024

Choose a reason for hiding this comment

Terraform Format and Style 🖌`success`

Terraform Initialization ⚙️`success`

Terraform Plan 📖`success`

Ansible deployment: `success`