From 97b7c31afbaea2f56a078730978bb952fa556f86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20Kone=C4=8Dn=C3=BD?= Date: Wed, 18 Aug 2021 16:01:28 +0200 Subject: [PATCH] Review fas-notes SOP MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michal Konečný --- modules/sysadmin_guide/nav.adoc | 2 +- modules/sysadmin_guide/pages/fas-notes.adoc | 31 ++++++++++----------- 2 files changed, 15 insertions(+), 18 deletions(-) diff --git a/modules/sysadmin_guide/nav.adoc b/modules/sysadmin_guide/nav.adoc index 99d9329..491c582 100644 --- a/modules/sysadmin_guide/nav.adoc +++ b/modules/sysadmin_guide/nav.adoc @@ -23,7 +23,7 @@ ** xref:departing-admin.adoc[Departing admin - SOP] ** xref:dns.adoc[DNS repository for fedoraproject - SOP] ** xref:docs.fedoraproject.org.adoc[Docs - SOP] -** xref:fas-notes.adoc[fas-notes - SOP in review ] +** xref:fas-notes.adoc[Fedora Account System - SOP] ** xref:fas-openid.adoc[fas-openid - SOP in review ] ** xref:fedmsg-certs.adoc[fedmsg-certs - SOP in review ] ** xref:fedmsg-gateway.adoc[fedmsg-gateway - SOP in review ] diff --git a/modules/sysadmin_guide/pages/fas-notes.adoc b/modules/sysadmin_guide/pages/fas-notes.adoc index a8523b1..17a40d0 100644 --- a/modules/sysadmin_guide/pages/fas-notes.adoc +++ b/modules/sysadmin_guide/pages/fas-notes.adoc @@ -3,9 +3,9 @@ Notes about FAS and how to do things in it: * where are certs for fas accounts for koji, etc? on fas01 -/var/lib/fedora-ca - makefile targets allow you to do things with them. +`/var/lib/fedora-ca` - makefile targets allow you to do things with them. -look in index.txt for certs. One's marked with an 'R' in the left-most +look in `index.txt` for certs. One's marked with an 'R' in the left-most column are 'REVOKED' to revoke a cert: @@ -14,7 +14,7 @@ to revoke a cert: cd /var/lib/fedora-ca .... -find the cert number in index.txt - the number is the 3rd column in the +find the cert number in `index.txt` - the number is the 3rd column in the file - you can match it to the user by searching for their username. You want the highest number cert for their account. @@ -27,8 +27,8 @@ make revoke cert=newcerts/$that_number.pem == How to gather information about a user You'll want to have direct access to query the database for this. The -common way is to have someone in sysadmin-db ssh to the postgres db -hosting FAS (currently db01). Then access it via ident auth on the box: +common way is to have someone in _sysadmin-db_ ssh to the postgres db +hosting FAS (currently _db01_). Then access it via ident auth on the box: .... sudo -u postgres psql fas2 @@ -74,7 +74,6 @@ description:: description of the event that's being logged [NOTE] -.Note ==== FAS does not log every event that happens to a user. Only "important" ones. FAS also cannot record direct changes to the database here (for @@ -109,46 +108,44 @@ sponsor_id:: == Account Deletion and renaming [NOTE] -.Note ==== -see also accountdeletion.rst For information on how to disable, rename, +See also <> for information on how to disable, rename, and remove accounts. ==== == Pseudo Users [NOTE] -.Note ==== -see also nonhumanaccounts.rst For information on creating pseudo user +See also <> for information on creating pseudo user accounts for use in pkgdb/bugzilla ==== == fas staging -we have a staging fas db setup on db-fas01.stg.phx2.fedoraproject.org - -it accessed by fas01.stg.phx2.fedoraproject.org +We have a staging fas db setup on `db-fas01.stg.iad2.fedoraproject.org` - +it's accessed by `fas01.stg.iad2.fedoraproject.org` This system is not autopopulated by production fas - it must be done manually. To do this you must: -* dump the fas2 db on db-fas01.phx2.fedoraproject.org: +* dump the fas2 db on `db-fas01.iad2.fedoraproject.org`: + .... sudo -u postgres pg_dump -C fas2 > fas2.dump -scp fas2.dump db-fas01.stg.phx2.fedoraproject.org:/tmp +scp fas2.dump db-fas01.stg.iad2.fedoraproject.org:/tmp .... -* then on fas01.stg.phx2.fedoraproject.org: +* then on `fas01.stg.iad2.fedoraproject.org`: + .... /etc/init.d/httpd stop .... -* then on db02.stg.phx2.fedoraproject.org: +* then on `db02.stg.iad2.fedoraproject.org`: + .... echo "drop database fas2\;" | sudo -u postgres psql ; cat fas2.dump | sudo -u postgres psql .... -* then on fas01.stg.phx2.fedoraproject.org: +* then on `fas01.stg.iad2.fedoraproject.org`: + .... /etc/init.d/httpd start