There needs to be a script for GDPR for release-monitoring.org. It now has user accounts and saves the user's email address.
When do you need this? (YYYY/MM/DD)
When is this no longer needed or useful? (YYYY/MM/DD)
When GDPR isn't a thing.
Admins have to manually query release-monitoring.org for GDPR data.
Metadata Update from @bowlofeggs: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: release-monitoring
@zlopez Might you be able to work on this? we have a SOP about how to make the playbooks: https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/gdpr_sar.html
Happy to help out..
@kevin I will look at it.
@kevin I'm working on the script for GDPR right now and I'm not sure if we should also print informations we have from third party authorization providers (FAS, Yahoo or OpenId)? Right now I'm dumping every information from users table about user.
On Thu, 2018-10-25 at 12:08 +0000, Michal Kone=C4=8Dn=C3=BD wrote:
I'm working on the script for GDPR right now and I'm not sure if we should also print informations we have from third party authorization providers (FAS, Yahoo or OpenId)?
If it's being stored in our database and it's personal information, then we should include it, so I'd say yes.
@bowlofeggs Thanks for answer, I will try to get it from the social_auth table.
Script is done - https://github.com/release-monitoring/anitya/pull/649
Now I need to do changes in ansible. Is there any specific place where the environment variables should be added?
@zlopez https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/gdpr_sar.html
@bowlofeggs I already have this open, but I'm not sure where I should add the environ variables: sar_script sar_script_user sar_output_file
Is there any specific ansible script, or should I add them where I think appropriate?
@zlopez The SOP says you need to define it in the host vars for the host you want to run it on. So, as an example, Bodhi's run on bodhi-backend02, so they are defined here:
https://infrastructure.fedoraproject.org/cgit/ansible.git/tree/inventory/host_vars/bodhi-backend02.phx2.fedoraproject.org#n17
You should be able to find a file for the host you want to run it on in that same folder.
Would you like to send a PR to the SOP to make that clearer?
@bowlofeggs Is this same for openshift applications?
On Mon, 2018-10-29 at 16:02 +0000, Michal Kone=C4=8Dn=C3=BD wrote:
Is this same for openshift applications?
Hmmmm, that is a good question. When we designed the GDPR playbook, we definitely didn't this situation into account. It was assumed you had a host that could be ssh'd to by Ansible that can run the script. Is there a way to ssh to OpenShift apps? I don't know of one, but perhaps its possible to use oc rsh in some way to accomplish this from the playbook?
@puiterwijk @kevin: do you have ideas on how an Ansible playbook could run a script in an OpenShift container?
There is a 'oc exec' but it needs the full pod name, so you would need to do a 'oc get pods -n namespace' first, parse out the running one and pass that into the oc-exec.
I'm not sure if there's any other way. ;(
The GDPR script is merged and will be available in next release
ok, whats left to do here? an oc exec that calls the script?
@kevin The script is already deployed. The path is "/usr/bin/sar.py". So I think only thing missing is the oc exec.
Metadata Update from @cverna: - Issue tagged with: high-gain, medium-trouble
@zlopez is this still on your radar?
@pingou I did everything that I could on my side. Only thing missing was the oc exec as @kevin said.
So discussing with @zlopez in a meeting today.
The current playbook run is in ./playbooks/manual/gdpr/sar.yml in the ansible repo. We would need to defined the sar_script variable for anitya together with another variable sar_openshift(?) which will instruct the playbook to run that script using oc-exec as Kevin mentioned above. It may be an idea to put this logic in a role, up to see.
./playbooks/manual/gdpr/sar.yml
sar_script
sar_openshift
Metadata Update from @pingou: - Issue tagged with: dev
Metadata Update from @zlopez: - Issue assigned to zlopez
I created a https://pagure.io/fedora-infra/ansible/pull-request/165 to allow calling SAR scripts on openshift apps.
I don't know how to test this. I tried the commands itself except oc exec, because I don't have permission to run it.
oc exec
What is missing is to update https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/gdpr_sar.html and I see a few strange ansible-review complains :-/
The PR is now merged, but we encountered an issue in Anitya SAR script. There is ticket created for this in Anitya tracker.
I still need to update https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/gdpr_sar.html.
This could be closed once the documentation is updated.
The updated docs PR is here
The PR for the documentation just got merged. So I'm closing this issue as fixed
Metadata Update from @zlopez: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.