#7294 Add GDPR script for release-monitoring.org
Opened 2 years ago by jcline. Modified 16 days ago

  • Describe what you need us to do:

There needs to be a script for GDPR for release-monitoring.org. It now has user accounts and saves the user's email address.

  • When do you need this? (YYYY/MM/DD)

  • When is this no longer needed or useful? (YYYY/MM/DD)

When GDPR isn't a thing.

  • If we cannot complete your request, what is the impact?

Admins have to manually query release-monitoring.org for GDPR data.

Metadata Update from @bowlofeggs:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: release-monitoring

2 years ago

@zlopez Might you be able to work on this? we have a SOP about how to make the playbooks: https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/gdpr_sar.html

Happy to help out..

I'm working on the script for GDPR right now and I'm not sure if we should also print informations we have from third party authorization providers (FAS, Yahoo or OpenId)?
Right now I'm dumping every information from users table about user.

On Thu, 2018-10-25 at 12:08 +0000, Michal Kone=C4=8Dn=C3=BD wrote:

I'm working on the script for GDPR right now and I'm not sure if we
should also print informations we have from third party authorization
providers (FAS, Yahoo or OpenId)?

If it's being stored in our database and it's personal information,
then we should include it, so I'd say yes.

Thanks for answer, I will try to get it from the social_auth table.

Script is done - https://github.com/release-monitoring/anitya/pull/649

Now I need to do changes in ansible. Is there any specific place where the environment variables should be added?

I already have this open, but I'm not sure where I should add the environ variables:

Is there any specific ansible script, or should I add them where I think appropriate?

@zlopez The SOP says you need to define it in the host vars for the host you want to run it on. So, as an example, Bodhi's run on bodhi-backend02, so they are defined here:


You should be able to find a file for the host you want to run it on in that same folder.

Would you like to send a PR to the SOP to make that clearer?

Is this same for openshift applications?

On Mon, 2018-10-29 at 16:02 +0000, Michal Kone=C4=8Dn=C3=BD wrote:

Is this same for openshift applications?

Hmmmm, that is a good question. When we designed the GDPR playbook, we
definitely didn't this situation into account. It was assumed you had a
host that could be ssh'd to by Ansible that can run the script. Is
there a way to ssh to OpenShift apps? I don't know of one, but perhaps
its possible to use oc rsh in some way to accomplish this from the

@puiterwijk @kevin: do you have ideas on how an Ansible playbook could
run a script in an OpenShift container?

There is a 'oc exec' but it needs the full pod name, so you would need to do a 'oc get pods -n namespace' first, parse out the running one and pass that into the oc-exec.

I'm not sure if there's any other way. ;(

The GDPR script is merged and will be available in next release

ok, whats left to do here? an oc exec that calls the script?

The script is already deployed. The path is "/usr/bin/sar.py". So I think only thing missing is the oc exec.

Metadata Update from @cverna:
- Issue tagged with: high-gain, medium-trouble

2 months ago

@zlopez is this still on your radar?

Login to comment on this ticket.