Infrastructure/infra-docs-fpo
1
0
Fork 0
Code Issues 100 Pull requests 6 Projects Releases Packages Wiki Activity Actions

Review gdpr_delete SOP

Browse source 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
This commit is contained in:
Michal Konečný 2021-08-23 16:38:38 +02:00
parent 090bf87960
commit f341022334
2 changed files with 12 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/sysadmin_guide/nav.adoc
View file

@ -37,7 +37,7 @@
** xref:fedorawebsites.adoc[Websites Release - SOP] ** xref:fedorawebsites.adoc[Websites Release - SOP]
** xref:fmn.adoc[FedMsg Notifications (FMN) - SOP] ** xref:fmn.adoc[FedMsg Notifications (FMN) - SOP]
** xref:gather-easyfix.adoc[Fedora gather easyfix - SOP] ** xref:gather-easyfix.adoc[Fedora gather easyfix - SOP]
** xref:gdpr_delete.adoc[gdpr_delete - SOP in review ] ** xref:gdpr_delete.adoc[GDPR Delete - SOP]
** xref:gdpr_sar.adoc[gdpr_sar - SOP in review ] ** xref:gdpr_sar.adoc[gdpr_sar - SOP in review ]
** xref:geoip-city-wsgi.adoc[geoip-city-wsgi - SOP in review ] ** xref:geoip-city-wsgi.adoc[geoip-city-wsgi - SOP in review ]
** xref:github2fedmsg.adoc[github2fedmsg - SOP in review ] ** xref:github2fedmsg.adoc[github2fedmsg - SOP in review ]

33
modules/sysadmin_guide/pages/gdpr_delete.adoc
View file

@ -14,10 +14,8 @@ Contact::
#fedora-admin #fedora-admin
Persons:: Persons::
nirik nirik
Location::
Phoenix
Servers:: Servers::
batcave01.phx2.fedoraproject.org Various application servers, which batcave01.iad2.fedoraproject.org Various application servers, which
will run scripts to delete data. will run scripts to delete data.
Purpose:: Purpose::
Respond to Delete requests. Respond to Delete requests.
@ -35,7 +33,7 @@ came in email ask them to file an issue at
https://pagure.io/fedora-pdr/new_issue Use the following in email reply https://pagure.io/fedora-pdr/new_issue Use the following in email reply
to them: to them:
+ +
`In order to verify your identity, please file a new issue at https://pagure.io/fedora-pdr/new_issue using the appropriate issue type. Please note this form requires you to sign in to your account to verify your identity.` `In order to verify your identity, please file a new issue at https://pagure.io/fedora-pdr/new_issue using the appropriate issue type. Please note this form requires you to sign in to your account to verify your identity.`
+ +
If the request has come via Red Hat internal channels as an explicit If the request has come via Red Hat internal channels as an explicit
request to delete, mark the ticket with the tag `rh`. This tag will help request to delete, mark the ticket with the tag `rh`. This tag will help
@ -45,8 +43,8 @@ If they do not have a FAS account, indicate to them that there is no
data to be deleted. Use this response: data to be deleted. Use this response:
+ +
`Your request for deletion has been reviewed. Since there is no related account in the Fedora Account System, the Fedora infrastructure does not store data relevant for this deletion request. Note that some public content related to Fedora you may have previously submitted without an account, such as to public mailing lists, is not deleted since accurate maintenance of this data serves Fedora's legitimate business interests, the public interest, and the interest of the open source community.` `Your request for deletion has been reviewed. Since there is no related account in the Fedora Account System, the Fedora infrastructure does not store data relevant for this deletion request. Note that some public content related to Fedora you may have previously submitted without an account, such as to public mailing lists, is not deleted since accurate maintenance of this data serves Fedora's legitimate business interests, the public interest, and the interest of the open source community.`
. Identify the users FAS account name. The Delete playbook will use this . Identify the users FAS account name. The delete playbook will use this
FAS account to delete the required data. Update the fedora-pdr issue FAS account to delete the required data. Update the `fedora-pdr` issue
saying the request has been received. There is a 'quick response' in the saying the request has been received. There is a 'quick response' in the
pagure issue tracker to note this. pagure issue tracker to note this.
. Login to FAS and clear the `Telephone number` entry, set Country to . Login to FAS and clear the `Telephone number` entry, set Country to
@ -60,10 +58,9 @@ Run the gdpr delete playbook on `batcave01`. You will need to define one
Ansible variable for the playbook. `sar_fas_user` will be the FAS Ansible variable for the playbook. `sar_fas_user` will be the FAS
username of the user. username of the user.
+ +
____ ....
$ sudo ansible-playbook playbooks/manual/gdpr/delete.yml -e $ sudo ansible-playbook playbooks/manual/gdpr/delete.yml -e gdpr_delete_fas_user=bowlofeggs
gdpr_delete_fas_user=bowlofeggs ....
____
+ +
After the script completes, update the ticket that the request is After the script completes, update the ticket that the request is
completed and close it. There is a 'quick response' in the pagure issue completed and close it. There is a 'quick response' in the pagure issue
@ -100,22 +97,14 @@ variables for the host that will run your script:
[cols=",,",options="header",] [cols=",,",options="header",]
|=== |===
|Variable |Description |Example |Variable |Description |Example
|``gdpr_delete_script |`` The full path to the script. a| |`gdpr_delete_script` | The full path to the script. | `/usr/bin/fedocal-delete`
____ |``gdpr_delete_script_user` | The user the script should be run as | `apache`
`/usr/bin/fedocal-delete`
____
|``gdpr_delete_script |_user`` The user the script should be run as a|
____
`apache`
____
|=== |===
You also need to add the host that the script should run on to the You also need to add the host that the script should run on to the
`[gdpr_delete]` group in `inventory/inventory`: `[gdpr_delete]` group in https://pagure.io/fedora-infra/ansible/blob/main/f/inventory/inventory[inventory/inventory]:
.... ....
[gdpr_delete] [gdpr_delete]
fedocal01.phx2.fedoraproject.org fedocal01.iad2.fedoraproject.org
.... ....