Skip to content

Rotate ci passwords (Yoga) #2237

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
priteau merged 1 commit into from
Mar 30, 2026
Merged

Rotate ci passwords (Yoga) #2237

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions etc/kayobe/environments/ci-aio/stackhpc-ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,14 @@ kolla_enable_heat: false
# Build and deploy the development Pulp service repositories.
# Use Ark's package repositories to install packages.
stackhpc_repo_mirror_url: "{{ stackhpc_release_pulp_url }}"
stackhpc_repo_mirror_username: "skc-ci-aio"
stackhpc_repo_mirror_username: "skc-ci-aio-yoga"
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

To improve maintainability and make it easier to adapt this configuration for future OpenStack releases, consider using the openstack_release variable to construct the username. This avoids hardcoding the release name. Ensure that the resulting username remains dedicated to this specific environment to maintain isolation as per our security guidelines.

stackhpc_repo_mirror_username: "skc-ci-aio-{{ openstack_release }}"
References
  1. Use dedicated credentials and users for distinct environments to improve security and isolation, rather than sharing them.

stackhpc_repo_mirror_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
35653866346637626633653732386263666231303237656135626532343437353631383732666362
3038636431336336343561626130383965303233353632350a323130653166646464316361643138
61303139643865613063613765623530636665663534613263343562383037396236333762653338
6262333936616630620a343831666162386537373838393938333537373839633630393930333430
30353263323831666237346162326564326238343764643731383931396536353933
61373063656135306430623466373534326238396162643733666131306664333230333266353762
3235663936396466363832393066383566333334303465360a663138363664626235623434626632
30653132316365656466323039616136393730633638613431643232666638373363313436663363
6463623063303462300a626361356466306361656565373038646664333734346639653662366664
39306164653736396161383038306662356365336135333362373533656561366361

# Build and deploy released Pulp repository versions.
stackhpc_repo_centos_stream_baseos_version: "{{ stackhpc_pulp_repo_centos_stream_8_baseos_version }}"
Expand Down
12 changes: 6 additions & 6 deletions etc/kayobe/environments/ci-builder/stackhpc-ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,14 +38,14 @@ kolla_build_neutron_ovs: true
# Build against the development Pulp service repositories.
# Use Ark's package repositories to install packages.
stackhpc_repo_mirror_url: "{{ stackhpc_repo_mirror_auth_proxy_url if stackhpc_repo_mirror_auth_proxy_enabled | bool else stackhpc_release_pulp_url }}"
stackhpc_repo_mirror_username: "skc-ci-builder-reader"
stackhpc_repo_mirror_username: "skc-ci-builder-reader-yoga"
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

To improve maintainability and make it easier to adapt this configuration for future OpenStack releases, consider using the openstack_release variable to construct the username. This avoids hardcoding the release name. Ensure that the resulting username remains dedicated to this specific environment to maintain isolation as per our security guidelines.

stackhpc_repo_mirror_username: "skc-ci-builder-reader-{{ openstack_release }}"
References
  1. Use dedicated credentials and users for distinct environments to improve security and isolation, rather than sharing them.

stackhpc_repo_mirror_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
65353432616332643332646463303562326534633935343338323562343062323936393861636637
6364653733343035623138316561316462313939393430300a666436633535323163386338336266
64346461653933613838643163333932353365613535373038663731666230663632646531343662
6362346163613633390a663264626438333263386132326238623866633466373635666161326462
61346130346339643433656562363366623561356162386138616430356463613633
62323135633666353263303965356638303639383032353234623034383834636165346463356335
3136323133393534373037343332643666616662613534370a363539323466346130323634353030
35626538613337633237383831643632353235613830343731636162306264646165393139616465
3261303039653436370a363132396234343234656439653938633737643731343433373966303637
63313239653134353364636530623734393261656161333562636230363234623533

# Build against released Pulp repository versions.
stackhpc_repo_centos_stream_baseos_version: "{{ stackhpc_pulp_repo_centos_stream_8_baseos_version }}"
Expand Down
Loading