[FOLIO-2612] Have a backup admin account on the hosted environments Created: 21/May/20 Updated: 02/Sep/20 |
|
| Status: | Open |
| Project: | FOLIO |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Story | Priority: | TBD |
| Reporter: | Marc Johnson | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | hosted-environments | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Sprint: | |
| Development Team: | FOLIO DevOps |
| Description |
|
In order to compensate for situations where the diku_admin account becomes unusable Context Recently (in the last week), there have been two outages for the folio-snapshot environment
Future Possible Actions I think this is a useful fallback measure, however it does not mitigate the primary concern, which is that (pretty much) everyone who uses the hosted environments uses the diku_admin account. I think it could be worth considering generating other accounts for folks of these environments, and reserving this account for administration (or as a fallback). Interested Parties I'm including Cate Boerema Owen Stephens Ann-Marie Breaux Zak Burke Dima Tkachenko in this issue as they were involved in the previous issues |
| Comments |
| Comment by Marc Johnson [ 21/May/20 ] |
|
Cate Boerema Jakub Skoczen John Malconian Ian Hardy Wayne Schneider David Crossley What do you think to this idea? If you like it, what is needed for it to get prioritised? |
| Comment by Cate Boerema (Inactive) [ 21/May/20 ] |
|
This sounds like a great, low-cost solution that would save devops time later. Would the creation of this user need to be done by the devops folks on Core Platform? |
| Comment by Marc Johnson [ 21/May/20 ] |
Yes, it would need to be done by the DevOps folks |
| Comment by Ian Hardy [ 21/May/20 ] |
|
I like the idea. One approach might be to modify to the ansible create-tenant-admin and tenant-admin-permissions role to take an array of users instead of one. The quick hack would probably be to just run those roles again w/different data in the build. These roles are used in both single server and k8s builds. |
| Comment by Jakub Skoczen [ 22/Jun/20 ] |
|
Returning back to the backlog since Mark won't be able to address it. |
| Comment by Marc Johnson [ 15/Jul/20 ] |
|
Jakub Skoczen Ian Hardy John Malconian When might there be DevOps capacity to make this change? |