Re: AWS Instances without tag FedoraGroup=*

[Kevin Fenzi]

On Fri, Sep 22, 2023 at 02:32:00PM +0200, Miroslav Suchý wrote:
>  = Current status
> 
> We have almost everything tagged with FedoraGroup. There are some small 
> leftovers (see bottom of this email).
> 
> If no one stop me (or tag it) I will delete them by end of next week.

Awesome. Thanks again for doing this.

> There may appear some new volumes without propper tags. Because Kubernetese
> cluster does not tag them automaticaly. Miro Vadkerti will be working on
> this.

Sounds good. I made some IAM changes that should allow things to work
there, but if needed, please file a new ticket and we can sort out any
further things needed. 

> Some volumes are backedup in snapshots with tag
> FedoraGroup=garbage-collector. I will keep it few weeks. And delete them at
> the end of November.
> 
> There is still some work to do. I clean up volumes and instances "only".
> There is still lots of snapshots. But I will give me and you few weeks
> before I start cleaning up that. :)

Sounds good.

kevin


signature.asc
Description: PGP signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: AWS Instances without tag FedoraGroup=*

[Miroslav Suchý]

 = Current status

We have almost everything tagged with FedoraGroup. There are some small 
leftovers (see bottom of this email).

If no one stop me (or tag it) I will delete them by end of next week.

There may appear some new volumes without propper tags. Because Kubernetese cluster does not tag them automaticaly. Miro 
Vadkerti will be working on this.


Some volumes are backedup in snapshots with tag FedoraGroup=garbage-collector. I will keep it few weeks. And delete them 
at the end of November.


There is still some work to do. I clean up volumes and instances "only". There is still lots of snapshots. But I will 
give me and you few weeks before I start cleaning up that. :)



= Remainaining leftovers

Region: ca-central-1
Instances: (name, id, owner)
Volumes - [id name (attached to instance, owner)]:
* vol-067b5f163d2320171 N/A (cloud-fedora-34-aws-ssd, N/A)
* vol-07a41964b391cbe75 N/A (cloud-fedora-34-aws-ssd, N/A)
* vol-05fa6f0557ab1e44b N/A (cloud-fedora-34-aws-ssd, N/A)
* vol-00d79ef4b4e1f92e8 N/A (cloud-fedora-34-aws-ssd, N/A)
* vol-0712085157d0bade9 N/A (cloud-fedora-34-aws-ssd, N/A)
* vol-037fb93e199476ee1 N/A (cloud-fedora-34-aws, N/A)

Region: us-west-2
Instances: (name, id, owner)
Volumes - [id name (attached to instance, owner)]:
* vol-03f61f31b964390b4 el7-test(old) (N/A, N/A)

Region: us-east-1
Instances: (name, id, owner)
* N/A (i-0931da1d5eda4eb93, bstinson)
* Discourse-test (i-0eca039ae29709710, mobrien)
Volumes - [id name (attached to instance, owner)]:
* vol-0be047389daecc795 N/A (N/A, kevin)
* vol-06c2c4d56f8ebdbdc N/A (N/A, kevin)
* vol-078902c5902a0920d N/A (, bstinson)
* vol-0fecc0fda9d8fb632 Discourse-test (Discourse-test, mobrien)





--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: AWS Instances without tag FedoraGroup=*

[Kevin Fenzi]

On Thu, Sep 14, 2023 at 01:35:58PM +0200, Miroslav Suchý wrote:
> I have cleanup a lot. I notified Testing farm, they will tag their resource 
> soon.
> 
> BTW if you are in CC, then you likely own one of the resources in AWS.
> Please add tag FedoraGroup=* to it. Otherwise it may be deleted.
> 
> The remaining stuff is:

I fixed: 

...snip...

Tagged and named this one:
> * vol-0ad5c4cde450a9bdd N/A (aarch64-test02.fedorainfracloud.org, N/A)

...snip...

Tagged these 3 as we may want to keep them for historical reasons:

> * vol-00091c41e655ed4f7 taiga_database (N/A, N/A)
> * vol-0ec92f0ec8b8e86e0 taiga_data (N/A, N/A)
> * vol-094ff3bcc5acca40b taiga_backup (N/A, N/A)

...snip...

> What is AutoScaling? Does it belong to TestingFarm?

No idea. ;( It might...

kevin


signature.asc
Description: PGP signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: AWS Instances without tag FedoraGroup=*

[Fabian Arrotin]

On 14/09/2023 13:22, Miroslav Suchý wrote:

Dne 11. 09. 23 v 6:45 Fabian Arrotin napsal(a):


I can probably help for that 

AFAIK the ec2 instances in the .centos.org domain are all tagged 
though, so do you have a list of ec2 instances/volumes that are really 
from centos and not tagged properly ? In a previous mail I saw 
something like "centos stream builders" mentioned but there are zero 
centos stream builders in public space like aws (for obvious reasons 
as they are internals) 


I found some centos stuff not tagged:

Region: us-east-2

instances:

* N/A (i-07678cd3d615ca52a, N/A)
* N/A (i-0278bbf7d7b9801b2, N/A)


Volumes

* vol-0bd20acb90dcaa116 N/A (, N/A)
* vol-07fa6789322a53ee1



Gone, and these were two test instances (x86_64, aarch64) that are 
automatically created to test the newly Stream 9 AMI but don't know why 
they remained online as the ci pipeline job is supposed to delete these 
directly


--
Fabian Arrotin
gpg key: 17F3B7A1



OpenPGP_signature
Description: OpenPGP digital signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: AWS Instances without tag FedoraGroup=*

[Miroslav Suchý]

I have cleanup a lot. I notified Testing farm, they will tag their resource 
soon.

BTW if you are in CC, then you likely own one of the resources in AWS. Please add tag FedoraGroup=* to it. Otherwise it 
may be deleted.


The remaining stuff is:

Region: ca-central-1

Instances: (name, id, owner)
Volumes - [id name (attached to instance, owner)]:
* vol-067b5f163d2320171 N/A (cloud-fedora-34-aws-ssd, N/A)
* vol-07a41964b391cbe75 N/A (cloud-fedora-34-aws-ssd, N/A)
* vol-05fa6f0557ab1e44b N/A (cloud-fedora-34-aws-ssd, N/A)
* vol-00d79ef4b4e1f92e8 N/A (cloud-fedora-34-aws-ssd, N/A)
* vol-0712085157d0bade9 N/A (cloud-fedora-34-aws-ssd, N/A)
* vol-037fb93e199476ee1 N/A (cloud-fedora-34-aws, N/A)

Region: us-west-2
Instances: (name, id, owner)
Volumes - [id name (attached to instance, owner)]:
* vol-0ad5c4cde450a9bdd N/A (aarch64-test02.fedorainfracloud.org, N/A)
* vol-03f61f31b964390b4 el7-test(old) (N/A, N/A)

Region: us-east-1
Instances: (name, id, owner)
* N/A (i-0b369063062ca52c9, arrfab)
* N/A (i-0931da1d5eda4eb93, bstinson)
* Discourse-test (i-0eca039ae29709710, mobrien)
* mobrien-test (i-0b96a11ec696351a5, mobrien)
* N/A (i-0fc9ee46b558d8b43, AutoScaling)
* N/A (i-08c3bdc2cf1ad6c3a, AutoScaling)
* N/A (i-0b08fcde88335d021, AutoScaling)
* N/A (i-0854b37f391d8c53a, AutoScaling)
* N/A (i-03a7d143db378408c, AutoScaling)
* N/A (i-088625e35e83fd5e2, AutoScaling)
Volumes - [id name (attached to instance, owner)]:
* vol-0be047389daecc795 N/A (N/A, kevin)
* vol-06c2c4d56f8ebdbdc N/A (N/A, kevin)
* vol-00091c41e655ed4f7 taiga_database (N/A, N/A)
* vol-0ec92f0ec8b8e86e0 taiga_data (N/A, N/A)
* vol-094ff3bcc5acca40b taiga_backup (N/A, N/A)
* vol-0a2c7dd4a3f56a738 N/A (, arrfab)
* vol-078902c5902a0920d N/A (, bstinson)
* vol-0fecc0fda9d8fb632 Discourse-test (Discourse-test, mobrien)
* vol-0b59716906163e08d mobrien-test (mobrien-test, mobrien)

What is AutoScaling? Does it belong to TestingFarm?

BTW for the snapshoting and delting volumes I crated this script

https://github.com/xsuchy/fedora-infra-scripts/blob/main/snapshot-and-delete-volume.py

It runs like this:

$ ./snapshot-and-delete-volume.pyus-east-2 vol-0edc7bf6ad60c93db
Created snapshot with ID: snap-0afc5d937d3942903
Deleted the original volume with ID: vol-0edc7bf6ad60c93db

The snapshot has name "GC - snapshot of $volume_id" and 
FedoraGroup=garbage-collector

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: AWS Instances without tag FedoraGroup=*

[Miroslav Suchý]

Dne 11. 09. 23 v 6:45 Fabian Arrotin napsal(a):


I can probably help for that 

AFAIK the ec2 instances in the .centos.org domain are all tagged though, so do you have a list of ec2 
instances/volumes that are really from centos and not tagged properly ? In a previous mail I saw something like 
"centos stream builders" mentioned but there are zero centos stream builders in public space like aws (for obvious 
reasons as they are internals) 


I found some centos stuff not tagged:

Region: us-east-2

instances:

* N/A (i-07678cd3d615ca52a, N/A)

* N/A (i-0278bbf7d7b9801b2, N/A)


Volumes

* vol-0bd20acb90dcaa116 N/A (, N/A)

vol-07fa6789322a53ee1


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: AWS Instances without tag FedoraGroup=*

[Kevin Fenzi]

On Mon, Sep 11, 2023 at 02:40:18PM +0200, Miroslav Suchý wrote:
> Dne 11. 09. 23 v 6:45 Fabian Arrotin napsal(a):
> > AFAIK the ec2 instances in the .centos.org domain are all tagged though,
> > so do you have a list of ec2 instances/volumes that are really from
> > centos and not tagged properly ? In a previous mail I saw something like
> > "centos stream builders" mentioned but there are zero centos stream
> > builders in public space like aws (for obvious reasons as they are
> > internals)
> 
> Right. I cannot see anything not-tagged that belongs to Centos. If I find 
> something, I will let you know.

wasn't the possible centos items volumes not attached to any instances?

kevin


signature.asc
Description: PGP signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: AWS Instances without tag FedoraGroup=*

[Miroslav Suchý]

Dne 08. 09. 23 v 18:11 Kevin Fenzi napsal(a):

I have no idea what to do with the rest. E.g., vol-ef097386 from eu-west-1.
Not attached to anything. No tags. No reference in ansible.git. No
information.The only thing that comes to my mind is: make a snapshot, tag
the snapshot with FedoraGroup=snapshot-before-deleting, delete the volume.
If somebody will miss it, then restore it from snapshot. Otherwise delete
the snapshot after several months.

That sounds a good plan to me. That way if we break anything we can put
it back. 


I have started doing that.

I want to be as gentle as possible so I am doing this manually and doing my 
best to identify somebody as owner.

Before I delete the volume I create snapshot with

Name: GC - snapshot of $volume-id

FedoraGroup: garbage-collector

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: AWS Instances without tag FedoraGroup=*

[Miroslav Suchý]

Dne 11. 09. 23 v 6:45 Fabian Arrotin napsal(a):
AFAIK the ec2 instances in the .centos.org domain are all tagged though, so do you have a list of ec2 
instances/volumes that are really from centos and not tagged properly ? In a previous mail I saw something like 
"centos stream builders" mentioned but there are zero centos stream builders in public space like aws (for obvious 
reasons as they are internals)


Right. I cannot see anything not-tagged that belongs to Centos. If I find 
something, I will let you know.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: AWS Instances without tag FedoraGroup=*

[Fabian Arrotin]

On 10/09/2023 23:18, Miroslav Suchý wrote:

Dne 08. 09. 23 v 18:11 Kevin Fenzi napsal(a):

Should I mail testing farm folks about this? Or would you like to?


I will ping TestingFarm people in morning. But I will welcome if you can 
write Centos guys. I do not know who is the right contact.




I can probably help for that :)

AFAIK the ec2 instances in the .centos.org domain are all tagged though, 
so do you have a list of ec2 instances/volumes that are really from 
centos and not tagged properly ? In a previous mail I saw something like 
"centos stream builders" mentioned but there are zero centos stream 
builders in public space like aws (for obvious reasons as they are 
internals)


--
Fabian Arrotin
gpg key: 17F3B7A1



OpenPGP_signature
Description: OpenPGP digital signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: AWS Instances without tag FedoraGroup=*

[Miroslav Suchý]

Dne 08. 09. 23 v 18:11 Kevin Fenzi napsal(a):

Should I mail testing farm folks about this? Or would you like to?


I will ping TestingFarm people in morning. But I will welcome if you can write Centos guys. I do not know who is the 
right contact.


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: AWS Instances without tag FedoraGroup=*

[Miroslav Suchý]

Hi Simon,
You have in AWS under Fedora's account in ap-northeast-1 region instance i-0399e6de6e283c229. At least this instance has 
your ssh key. Otherwise we have no infromation about this instance.
If you are still using this instance, please add the tags: 
https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/aws-access/#_role_and_user_policies

Adding the tags: Name and Owner would be great too.
If you do not use it any more, can you please terminate it?

Dne 08. 09. 23 v 18:11 Kevin Fenzi napsal(a):
Region: ap-northeast-1 Instances: (name, id, owner) * N/A (i-0399e6de6e283c229, N/A) This is up and running and has 
siwalter@redhat@ap-northeast-1 
 
ssh key.



--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: AWS Instances without tag FedoraGroup=*

[Miroslav Suchý]

Hi Andrei,
You have in AWS under Fedora's account in us-east-2 region instance i-030bd89ccd0a66013. At least this instance has your 
ssh key. Otherwise we have no infromation about this instance.
If you are still using this instance, please add the tags: 
https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/aws-access/#_role_and_user_policies

Adding the tags: Name and Owner would be great too.
If you do not use it any more, can you please terminate it?

Regards
    Miroslav

Dne 08. 09. 23 v 18:11 Kevin Fenzi napsal(a):

* N/A (i-030bd89ccd0a66013, N/A)

This has 
astepano-real
ssh key


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: AWS Instances without tag FedoraGroup=*

[Kevin Fenzi]

On Fri, Sep 08, 2023 at 01:45:02AM +0200, Miroslav Suchý wrote:
> Dne 07. 09. 23 v 20:49 Kevin Fenzi napsal(a):
> > Nice! I think dkirwan should know about Discourse-test and mobrien
> > should know about mobrien-test, and I think the rest are centos ones?
> 
> Due diligence of instances:
> 
> Region: ap-northeast-1
> Instances: (name, id, owner)
> * N/A (i-0399e6de6e283c229, N/A)
> 
> This is up and running and has siwalter@redhat@ap-northeast-1 
> 
> ssh key.

Good catch. Can you mail them about it, or would you like me to?

> Region: us-east-2
> Instances: (name, id, owner)
> * N/A (i-0278bbf7d7b9801b2, N/A)
> * N/A (i-07678cd3d615ca52a, N/A)
> 
> These two has centos-stream-builders ssh key
> 
> 
> * N/A (i-030bd89ccd0a66013, N/A)
> 
> This has astepano-real 
> 
> ssh key
> 
> * N/A (i-01350e4dc91dd5f31, N/A)
> 
> * N/A (i-01e07e6e302d60a4d, N/A)
> * N/A (i-07759ac45a275da45, N/A
> 
> These seems to belong to testing farm.
> 
> That is all from instances.

Should I mail testing farm folks about this? Or would you like to?

> But I am not sure how to proceed with volumes. Wait. I was not querying the
> name of the volumes. That can give more insight. And it does. Lot of them
> are TestingFarm, Kubernetes. Some of them belong to Taiga. (see bottom of
> email).

I'd like to keep the last tiaga ones for an archive in case we need
anything off it, but otherwise we don't need those. 

I bet the testing farm ones are just that eks isn't tagging things when
deploying. Hopefully we can get it to do so.

> I have no idea what to do with the rest. E.g., vol-ef097386 from eu-west-1.
> Not attached to anything. No tags. No reference in ansible.git. No
> information.The only thing that comes to my mind is: make a snapshot, tag
> the snapshot with FedoraGroup=snapshot-before-deleting, delete the volume.
> If somebody will miss it, then restore it from snapshot. Otherwise delete
> the snapshot after several months.

That sounds a good plan to me. That way if we break anything we can put
it back. ;) 

> Mirek

kevin


signature.asc
Description: PGP signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: AWS Instances without tag FedoraGroup=*

[Miroslav Suchý]

Dne 07. 09. 23 v 20:49 Kevin Fenzi napsal(a):
Nice! I think dkirwan should know about Discourse-test and mobrien should know about mobrien-test, and I think the 
rest are centos ones?


Hmm, not everything:

Region: ca-central-1
Instances: (name, id, owner)
Volumes - [id (attached to instance, owner)]:
* vol-067b5f163d2320171 (cloud-fedora-34-aws-ssd, N/A)
* vol-07a41964b391cbe75 (cloud-fedora-34-aws-ssd, N/A)
* vol-05fa6f0557ab1e44b (cloud-fedora-34-aws-ssd, N/A)
* vol-00d79ef4b4e1f92e8 (cloud-fedora-34-aws-ssd, N/A)
* vol-0712085157d0bade9 (cloud-fedora-34-aws-ssd, N/A)
* vol-037fb93e199476ee1 (cloud-fedora-34-aws, N/A)

Region: us-east-1
Instances: (name, id, owner)
* N/A (i-0b369063062ca52c9, arrfab)
* N/A (i-0931da1d5eda4eb93, bstinson)

* N/A (i-0fc9ee46b558d8b43, AutoScaling)
* N/A (i-08c3bdc2cf1ad6c3a, AutoScaling)
* N/A (i-0b08fcde88335d021, AutoScaling)
* N/A (i-0854b37f391d8c53a, AutoScaling)
* N/A (i-03a7d143db378408c, AutoScaling)
* N/A (i-088625e35e83fd5e2, AutoScaling)

Volumes - [id (attached to instance, owner)]:

* vol-0b485e1085984051e (, AutoScaling)
* vol-0dc4d4d90f320ec5c (, AutoScaling)

* vol-0be047389daecc795 (N/A, kevin)
* vol-06c2c4d56f8ebdbdc (N/A, kevin)

* vol-0573cd537ac825417 (, AutoScaling)

* vol-0a38fb3de4a46f50e (, AutoScaling)

* vol-0a2c7dd4a3f56a738 (, arrfab)
* vol-078902c5902a0920d (, bstinson)

* vol-09bda4cc18f9d62bc (, AutoScaling)

* vol-059b3abc628b450c7 (, AutoScaling)

These are the cases where owner is set. The rest may be centos, but maybe not 
everything. :(

M.



--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: AWS Instances without tag FedoraGroup=*

[Kevin Fenzi]

On Thu, Sep 07, 2023 at 11:28:18AM +0200, Pavel Raiskup wrote:
> JFYI, I just updated the script Mirek had, and created a simple cron job
> on one of our staging VMs that collects some AWS instance statistics.
> Result is hosted here:
> 
> https://copr-be-dev.cloud.fedoraproject.org/infra-stats/
> 
> Especially interesting might be the list of currently "erroring"
> instances:
> 
> 
> https://copr-be-dev.cloud.fedoraproject.org/infra-stats/last-run-errors.log

Nice!

I think dkirwan should know about Discourse-test and mobrien should know
about mobrien-test, and I think the rest are centos ones?

kevin
--
> 
> Pavel
> 
> 
> On neděle 3. září 2023 20:59:15 CEST Miroslav Suchý wrote:
> > According our SOP
> >
> > https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/aws-access/#_role_and_user_policies
> > 
> >Users MUST tag resources with their FedoraGroup tag within one day, or 
> > the resource may be removed.
> > 
> > I created a small script and queried all resources in all regions for 
> > resources without this tag. I am NOT going to 
> > delete resources without this tag as that would destroy half of the 
> > infrastructure. Please check if one of these 
> > resources is yours and properly tag them. (BTW when you will work on that, 
> > please add tag Owner=* too):
> > 
> > Region: ap-south-2
> > 
> > Region: ap-south-1
> > Instances:
> >   * mref1.aps1.stream.centos.org (i-0f566f5a8d0544a9d)
> > Volumes - [id (attached to instance)]:
> >   * vol-04ba60d39cfda0873 (mref1.aps1.stream.centos.org)
> >   * vol-0624a43d78bbcf1e3 (mref1.aps1.stream.centos.org)
> >   * vol-0dbcb65fadcadfd56 (N/A)
> > 
> > Region: eu-south-1
> > 
> > Region: eu-south-2
> > 
> > Region: me-central-1
> > 
> > Region: il-central-1
> > 
> > Region: ca-central-1
> > Instances:
> > Volumes - [id (attached to instance)]:
> >   * vol-067b5f163d2320171 (cloud-fedora-34-aws-ssd)
> >   * vol-07a41964b391cbe75 (cloud-fedora-34-aws-ssd)
> >   * vol-05fa6f0557ab1e44b (cloud-fedora-34-aws-ssd)
> >   * vol-00d79ef4b4e1f92e8 (cloud-fedora-34-aws-ssd)
> >   * vol-0712085157d0bade9 (cloud-fedora-34-aws-ssd)
> >   * vol-037fb93e199476ee1 (cloud-fedora-34-aws)
> > 
> > Region: eu-central-1
> > Instances:
> >   * risc-v koji hub (i-096911a251a31b09f)
> >   * mref1.euc1.stream.centos.org (i-0db35e5f70750e87f)
> >   * vault.euc1.centos.org (i-0bc52b0cc68e4499d)
> > Volumes - [id (attached to instance)]:
> >   * vol-0ce62ad946d5356e9 (id.dev.centos.org)
> >   * vol-0e630691e76128447 (proxy36.fedoraproject.org)
> >   * vol-0bd681a8a7537d2e7 (minetest)
> >   * vol-05b6b70293a262e2b (risc-v koji hub)
> >   * vol-0a6a0692e6db3a4cd (risc-v koji hub)
> >   * vol-06e0ad3a62ff40ee4 (mref1.euc1.stream.centos.org)
> >   * vol-0fd3b08bd32b095b7 (mref1.euc1.stream.centos.org)
> >   * vol-0fccc73d1328ff978 (vault.euc1.centos.org)
> > 
> > Region: eu-central-2
> > 
> > Region: us-west-1
> > Instances:
> > Volumes - [id (attached to instance)]:
> >   * vol-b07165de (N/A)
> >   * vol-b82037d6 (N/A)
> >   * vol-54657c3a (N/A)
> >   * vol-8349ade2 (N/A)
> >   * vol-3ffc2b1f (N/A)
> > 
> > Region: us-west-2
> > Instances:
> >   * mref1.uw2.stream.centos.org (i-0cc5dceddb5b661af)
> >   * proxy09.fedoraproject.org (i-07a30fbb93ec0030d)
> >   * aarch64-test02.fedorainfracloud.org (i-09d5619b3782ff940)
> >   * pdns3.uw2.centos.org (i-0d448e1f3f6552ce1)
> >   * vault.uw2.centos.org (i-08f1d848cc1da073a)
> > Volumes - [id (attached to instance)]:
> >   * vol-0a3391b6d83a69e3e (mref1.uw2.stream.centos.org)
> >   * vol-0df5eb0cf0d4e8855 (mref1.uw2.stream.centos.org)
> >   * vol-070ba525db8d62425 (proxy09.fedoraproject.org)
> >   * vol-0ad5c4cde450a9bdd (aarch64-test02.fedorainfracloud.org)
> >   * vol-0c728f179988d4f1c (pdns3.uw2.centos.org)
> >   * vol-48b8ec21 (N/A)
> >   * vol-a998df91 (N/A)
> >   * vol-06173c2bf59801079 (N/A)
> >   * vol-03f61f31b964390b4 (N/A)
> >   * vol-0acf2f1309656dbf0 (f37-test.fedorainfracloud.org)
> >   * vol-09b92bac86df1d577 (vault.uw2.centos.org)
> >   * vol-074066a4fb17c2ccd (f38-test.fedorainfracloud.org)
> >   * vol-05c43dd45de9ec8dc (f39-test.fedorainfracloud.org)
> >   * vol-60cc8458 (N/A)
> > 
> > Region: af-south-1
> > Instances:
> >   * proxy33.fedoraproject.org (i-091c3a0a9b51b746c)
> >   * mref1.afs1.stream.centos.org (i-05e8706b4d1c1dbe3)
> > Volumes - [id (attached to instance)]:
> >   * vol-0474b44ac60470546 (proxy33.fedoraproject.org)
> >   * vol-00ffe8821d7313bbf (mref1.afs1.stream.centos.org)
> >   * vol-02b6f520ece872075 (mref1.afs1.stream.centos.org)
> > 
> > Region: eu-north-1
> > 
> > Region: eu-west-3
> > Instances:
> >   * pdns1.euw3.centos.org (i-07724f80561513ae4)
> >   * people.euw3.centos.org (i-0629a7c9146e04290)
> > Volumes - [id (attached to instance)]:
> >   * vol-01517db42903637d9 (mirrorlist.euw3.aws.centos.org)
> >   * vol-00c760fbdd555a77d (pdns1.euw3.centos.org)
> >   * vol-033eed789811e4d73 (people.euw3.centos.org)
> >   * vol-0879d3b255788e2b9 (people.euw3.centos.org)
> >   * 

Re: AWS Instances without tag FedoraGroup=*

[Pavel Raiskup]

JFYI, I just updated the script Mirek had, and created a simple cron job
on one of our staging VMs that collects some AWS instance statistics.
Result is hosted here:

https://copr-be-dev.cloud.fedoraproject.org/infra-stats/

Especially interesting might be the list of currently "erroring"
instances:

https://copr-be-dev.cloud.fedoraproject.org/infra-stats/last-run-errors.log

Pavel


On neděle 3. září 2023 20:59:15 CEST Miroslav Suchý wrote:
> According our SOP
>
> https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/aws-access/#_role_and_user_policies
> 
>Users MUST tag resources with their FedoraGroup tag within one day, or the 
> resource may be removed.
> 
> I created a small script and queried all resources in all regions for 
> resources without this tag. I am NOT going to 
> delete resources without this tag as that would destroy half of the 
> infrastructure. Please check if one of these 
> resources is yours and properly tag them. (BTW when you will work on that, 
> please add tag Owner=* too):
> 
> Region: ap-south-2
> 
> Region: ap-south-1
> Instances:
>   * mref1.aps1.stream.centos.org (i-0f566f5a8d0544a9d)
> Volumes - [id (attached to instance)]:
>   * vol-04ba60d39cfda0873 (mref1.aps1.stream.centos.org)
>   * vol-0624a43d78bbcf1e3 (mref1.aps1.stream.centos.org)
>   * vol-0dbcb65fadcadfd56 (N/A)
> 
> Region: eu-south-1
> 
> Region: eu-south-2
> 
> Region: me-central-1
> 
> Region: il-central-1
> 
> Region: ca-central-1
> Instances:
> Volumes - [id (attached to instance)]:
>   * vol-067b5f163d2320171 (cloud-fedora-34-aws-ssd)
>   * vol-07a41964b391cbe75 (cloud-fedora-34-aws-ssd)
>   * vol-05fa6f0557ab1e44b (cloud-fedora-34-aws-ssd)
>   * vol-00d79ef4b4e1f92e8 (cloud-fedora-34-aws-ssd)
>   * vol-0712085157d0bade9 (cloud-fedora-34-aws-ssd)
>   * vol-037fb93e199476ee1 (cloud-fedora-34-aws)
> 
> Region: eu-central-1
> Instances:
>   * risc-v koji hub (i-096911a251a31b09f)
>   * mref1.euc1.stream.centos.org (i-0db35e5f70750e87f)
>   * vault.euc1.centos.org (i-0bc52b0cc68e4499d)
> Volumes - [id (attached to instance)]:
>   * vol-0ce62ad946d5356e9 (id.dev.centos.org)
>   * vol-0e630691e76128447 (proxy36.fedoraproject.org)
>   * vol-0bd681a8a7537d2e7 (minetest)
>   * vol-05b6b70293a262e2b (risc-v koji hub)
>   * vol-0a6a0692e6db3a4cd (risc-v koji hub)
>   * vol-06e0ad3a62ff40ee4 (mref1.euc1.stream.centos.org)
>   * vol-0fd3b08bd32b095b7 (mref1.euc1.stream.centos.org)
>   * vol-0fccc73d1328ff978 (vault.euc1.centos.org)
> 
> Region: eu-central-2
> 
> Region: us-west-1
> Instances:
> Volumes - [id (attached to instance)]:
>   * vol-b07165de (N/A)
>   * vol-b82037d6 (N/A)
>   * vol-54657c3a (N/A)
>   * vol-8349ade2 (N/A)
>   * vol-3ffc2b1f (N/A)
> 
> Region: us-west-2
> Instances:
>   * mref1.uw2.stream.centos.org (i-0cc5dceddb5b661af)
>   * proxy09.fedoraproject.org (i-07a30fbb93ec0030d)
>   * aarch64-test02.fedorainfracloud.org (i-09d5619b3782ff940)
>   * pdns3.uw2.centos.org (i-0d448e1f3f6552ce1)
>   * vault.uw2.centos.org (i-08f1d848cc1da073a)
> Volumes - [id (attached to instance)]:
>   * vol-0a3391b6d83a69e3e (mref1.uw2.stream.centos.org)
>   * vol-0df5eb0cf0d4e8855 (mref1.uw2.stream.centos.org)
>   * vol-070ba525db8d62425 (proxy09.fedoraproject.org)
>   * vol-0ad5c4cde450a9bdd (aarch64-test02.fedorainfracloud.org)
>   * vol-0c728f179988d4f1c (pdns3.uw2.centos.org)
>   * vol-48b8ec21 (N/A)
>   * vol-a998df91 (N/A)
>   * vol-06173c2bf59801079 (N/A)
>   * vol-03f61f31b964390b4 (N/A)
>   * vol-0acf2f1309656dbf0 (f37-test.fedorainfracloud.org)
>   * vol-09b92bac86df1d577 (vault.uw2.centos.org)
>   * vol-074066a4fb17c2ccd (f38-test.fedorainfracloud.org)
>   * vol-05c43dd45de9ec8dc (f39-test.fedorainfracloud.org)
>   * vol-60cc8458 (N/A)
> 
> Region: af-south-1
> Instances:
>   * proxy33.fedoraproject.org (i-091c3a0a9b51b746c)
>   * mref1.afs1.stream.centos.org (i-05e8706b4d1c1dbe3)
> Volumes - [id (attached to instance)]:
>   * vol-0474b44ac60470546 (proxy33.fedoraproject.org)
>   * vol-00ffe8821d7313bbf (mref1.afs1.stream.centos.org)
>   * vol-02b6f520ece872075 (mref1.afs1.stream.centos.org)
> 
> Region: eu-north-1
> 
> Region: eu-west-3
> Instances:
>   * pdns1.euw3.centos.org (i-07724f80561513ae4)
>   * people.euw3.centos.org (i-0629a7c9146e04290)
> Volumes - [id (attached to instance)]:
>   * vol-01517db42903637d9 (mirrorlist.euw3.aws.centos.org)
>   * vol-00c760fbdd555a77d (pdns1.euw3.centos.org)
>   * vol-033eed789811e4d73 (people.euw3.centos.org)
>   * vol-0879d3b255788e2b9 (people.euw3.centos.org)
>   * vol-0940073018c7c7424 (wiki.stg.centos.org)
> 
> Region: eu-west-2
> Instances:
>   * mon2.stg.centos.org (i-0e2dfdfd40502033d)
>   * buildlogs.euw2.centos.org (i-0d3da2203fcde2803)
>   * blog.stg.centos.org (i-0ff49a8f0cb580006)
>   * mref1.euw2.stream.centos.org (i-01e8f6a3aaf0fbc7c)
>   * www-node3.centos.org (i-0b7fd297c9c3e3070)
> Volumes - [id (attached to instance)]:
>   * vol-0fdf7047099b942c3 (forums.centos.org)
>   * vol-0a031eb0b5d5b43ab 

Re: AWS Instances without tag FedoraGroup=*

[Miroslav Suchý]

Dne 06. 09. 23 v 1:05 Kevin Fenzi napsal(a):

  * fedora-packages-ng (test) (i-0f15e4c4b9a49be4a)

I don't think this one is needed anymore.


Right. Not needed. Terminated.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: AWS Instances without tag FedoraGroup=*

[Kevin Fenzi]

Took a look and fixed a number of fedora ones:

> Region: ca-central-1
> Instances:
> Volumes - [id (attached to instance)]:
>  * vol-067b5f163d2320171 (cloud-fedora-34-aws-ssd)
>  * vol-07a41964b391cbe75 (cloud-fedora-34-aws-ssd)
>  * vol-05fa6f0557ab1e44b (cloud-fedora-34-aws-ssd)
>  * vol-00d79ef4b4e1f92e8 (cloud-fedora-34-aws-ssd)
>  * vol-0712085157d0bade9 (cloud-fedora-34-aws-ssd)

This instance (cloud-fedora-34-aws-ssd) is stopped. 
Not sure what it is/was.

>  * vol-037fb93e199476ee1 (cloud-fedora-34-aws)

This one is up, but I can't login with any keypair I have.

> Region: eu-central-1
> Instances:
>  * risc-v koji hub (i-096911a251a31b09f)

Fixed

> * mref1.euc1.stream.centos.org (i-0db35e5f70750e87f)
> * vault.euc1.centos.org (i-0bc52b0cc68e4499d)
>Volumes - [id (attached to instance)]:
> * vol-0ce62ad946d5356e9 (id.dev.centos.org)
> * vol-0e630691e76128447 (proxy36.fedoraproject.org)

Fixed.

> * vol-0bd681a8a7537d2e7 (minetest)

Fixed, but I wonder if this instance is still in use?

> * vol-05b6b70293a262e2b (risc-v koji hub)
> * vol-0a6a0692e6db3a4cd (risc-v koji hub)

Fixed.

...snip...

> Region: us-west-2
> Instances:
>  * mref1.uw2.stream.centos.org (i-0cc5dceddb5b661af)
>  * proxy09.fedoraproject.org (i-07a30fbb93ec0030d)
>  * aarch64-test02.fedorainfracloud.org (i-09d5619b3782ff940)

Fixed

>  * pdns3.uw2.centos.org (i-0d448e1f3f6552ce1)
>  * vault.uw2.centos.org (i-08f1d848cc1da073a)
> Volumes - [id (attached to instance)]:
>  * vol-0a3391b6d83a69e3e (mref1.uw2.stream.centos.org)
>  * vol-0df5eb0cf0d4e8855 (mref1.uw2.stream.centos.org)
>  * vol-070ba525db8d62425 (proxy09.fedoraproject.org)
>  * vol-0ad5c4cde450a9bdd (aarch64-test02.fedorainfracloud.org)

Fixed

>  * vol-0c728f179988d4f1c (pdns3.uw2.centos.org)
>  * vol-48b8ec21 (N/A)
>  * vol-a998df91 (N/A)
>  * vol-06173c2bf59801079 (N/A)
>  * vol-03f61f31b964390b4 (N/A)
>  * vol-0acf2f1309656dbf0 (f37-test.fedorainfracloud.org)

Fixed

>  * vol-09b92bac86df1d577 (vault.uw2.centos.org)
>  * vol-074066a4fb17c2ccd (f38-test.fedorainfracloud.org)
>  * vol-05c43dd45de9ec8dc (f39-test.fedorainfracloud.org)

Fixed

>  * vol-60cc8458 (N/A)

> Region: af-south-1
> Instances:
>  * proxy33.fedoraproject.org (i-091c3a0a9b51b746c)

Fixed.

>  * mref1.afs1.stream.centos.org (i-05e8706b4d1c1dbe3)
> Volumes - [id (attached to instance)]:
>  * vol-0474b44ac60470546 (proxy33.fedoraproject.org)

Fixed.

>  * vol-00ffe8821d7313bbf (mref1.afs1.stream.centos.org)
>  * vol-02b6f520ece872075 (mref1.afs1.stream.centos.org)
...snip...

> Region: us-east-1
> Instances:
>  * N/A (i-0b369063062ca52c9)
>  * fedora-packages-ng (test) (i-0f15e4c4b9a49be4a)

I don't think this one is needed anymore. 

> * N/A (i-0931da1d5eda4eb93)
> * Discourse-test (i-0eca039ae29709710)
> * mobrien-test (i-0b96a11ec696351a5)

Will ask about these two.

These are in use right: ?

>  * vol-05180f7bf9fcac534 (copr-keygen-dev)
>  * vol-0749c34ff6655165b (copr-distgit-dev)
>  * vol-00d69ba2bd22822a9 (copr-frontend-dev)
>  * vol-05d6160567d56ab37 (copr-distgit-prod)
>  * vol-0b414449faa733f4e (copr-keygen-prod)
>  * vol-0c6b76d3da6468410 (copr-frontend-prod)
...snip a bunch of volumes...

The volumes from the last list mostly belongs to CentOS Stream builders.

ah, ok. 

Thanks again for looking into this!

kevin


signature.asc
Description: PGP signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: AWS Instances without tag FedoraGroup=*

[Kevin Fenzi]

On Mon, Sep 04, 2023 at 08:30:26AM +0200, Fabian Arrotin wrote:
> On 03/09/2023 20:59, Miroslav Suchý wrote:
> > According our SOP
> > https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/aws-access/#_role_and_user_policies
> > 
> >    Users MUST tag resources with their FedoraGroup tag within one day,
> > or the resource may be removed.
> > 
> 
> Hi Miroslav,
> 
> Thanks for the pointer, as I wasn't really aware of the *need* for that tag
> but I'll tag all *centos.org resources in that shared fedora/centos account
> to have the missing FedoraGroup=centos tag/value.

Yeah, I thought we established that a long time ago in order to make
sure we could set iam perms so that someone couldn't affect another
group's resources. Sorry if it wasn't documented/communicated.

> BTW, just quickly checked the Fedora Communityshift Openshift cluster (so
> volumes, EFS, ec2, load-balancers, etc) and none is tagged with
> FedoraGroup=fedora :-)

Yeah, but thats also in another account right? not the main one?

> @Kevin : what about we try to have a common set of AWS rules/policies/SOPs
> for both project sharing resources within one or two accounts and
> review/audit also permissions, rules, ACLs, etc ?

+1 for sure.

Anyhow, I can go through the fedora related ones this week and make sure
they are tagged. 

Thanks for doing this Miroslav!

kevin


signature.asc
Description: PGP signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: AWS Instances without tag FedoraGroup=*

[Fabian Arrotin]

On 03/09/2023 20:59, Miroslav Suchý wrote:

According our SOP
   
https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/aws-access/#_role_and_user_policies


   Users MUST tag resources with their FedoraGroup tag within one day, 
or the resource may be removed.




Hi Miroslav,

Thanks for the pointer, as I wasn't really aware of the *need* for that 
tag but I'll tag all *centos.org resources in that shared fedora/centos 
account to have the missing FedoraGroup=centos tag/value.


BTW, just quickly checked the Fedora Communityshift Openshift cluster 
(so volumes, EFS, ec2, load-balancers, etc) and none is tagged with 
FedoraGroup=fedora :-)


@Kevin : what about we try to have a common set of AWS 
rules/policies/SOPs for both project sharing resources within one or two 
accounts and review/audit also permissions, rules, ACLs, etc ?


--
Fabian Arrotin
gpg key: 17F3B7A1



OpenPGP_signature
Description: OpenPGP digital signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

AWS Instances without tag FedoraGroup=*

[Miroslav Suchý]

According our SOP
  
https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/aws-access/#_role_and_user_policies

  Users MUST tag resources with their FedoraGroup tag within one day, or the 
resource may be removed.

I created a small script and queried all resources in all regions for resources without this tag. I am NOT going to 
delete resources without this tag as that would destroy half of the infrastructure. Please check if one of these 
resources is yours and properly tag them. (BTW when you will work on that, please add tag Owner=* too):


Region: ap-south-2

Region: ap-south-1
Instances:
 * mref1.aps1.stream.centos.org (i-0f566f5a8d0544a9d)
Volumes - [id (attached to instance)]:
 * vol-04ba60d39cfda0873 (mref1.aps1.stream.centos.org)
 * vol-0624a43d78bbcf1e3 (mref1.aps1.stream.centos.org)
 * vol-0dbcb65fadcadfd56 (N/A)

Region: eu-south-1

Region: eu-south-2

Region: me-central-1

Region: il-central-1

Region: ca-central-1
Instances:
Volumes - [id (attached to instance)]:
 * vol-067b5f163d2320171 (cloud-fedora-34-aws-ssd)
 * vol-07a41964b391cbe75 (cloud-fedora-34-aws-ssd)
 * vol-05fa6f0557ab1e44b (cloud-fedora-34-aws-ssd)
 * vol-00d79ef4b4e1f92e8 (cloud-fedora-34-aws-ssd)
 * vol-0712085157d0bade9 (cloud-fedora-34-aws-ssd)
 * vol-037fb93e199476ee1 (cloud-fedora-34-aws)

Region: eu-central-1
Instances:
 * risc-v koji hub (i-096911a251a31b09f)
 * mref1.euc1.stream.centos.org (i-0db35e5f70750e87f)
 * vault.euc1.centos.org (i-0bc52b0cc68e4499d)
Volumes - [id (attached to instance)]:
 * vol-0ce62ad946d5356e9 (id.dev.centos.org)
 * vol-0e630691e76128447 (proxy36.fedoraproject.org)
 * vol-0bd681a8a7537d2e7 (minetest)
 * vol-05b6b70293a262e2b (risc-v koji hub)
 * vol-0a6a0692e6db3a4cd (risc-v koji hub)
 * vol-06e0ad3a62ff40ee4 (mref1.euc1.stream.centos.org)
 * vol-0fd3b08bd32b095b7 (mref1.euc1.stream.centos.org)
 * vol-0fccc73d1328ff978 (vault.euc1.centos.org)

Region: eu-central-2

Region: us-west-1
Instances:
Volumes - [id (attached to instance)]:
 * vol-b07165de (N/A)
 * vol-b82037d6 (N/A)
 * vol-54657c3a (N/A)
 * vol-8349ade2 (N/A)
 * vol-3ffc2b1f (N/A)

Region: us-west-2
Instances:
 * mref1.uw2.stream.centos.org (i-0cc5dceddb5b661af)
 * proxy09.fedoraproject.org (i-07a30fbb93ec0030d)
 * aarch64-test02.fedorainfracloud.org (i-09d5619b3782ff940)
 * pdns3.uw2.centos.org (i-0d448e1f3f6552ce1)
 * vault.uw2.centos.org (i-08f1d848cc1da073a)
Volumes - [id (attached to instance)]:
 * vol-0a3391b6d83a69e3e (mref1.uw2.stream.centos.org)
 * vol-0df5eb0cf0d4e8855 (mref1.uw2.stream.centos.org)
 * vol-070ba525db8d62425 (proxy09.fedoraproject.org)
 * vol-0ad5c4cde450a9bdd (aarch64-test02.fedorainfracloud.org)
 * vol-0c728f179988d4f1c (pdns3.uw2.centos.org)
 * vol-48b8ec21 (N/A)
 * vol-a998df91 (N/A)
 * vol-06173c2bf59801079 (N/A)
 * vol-03f61f31b964390b4 (N/A)
 * vol-0acf2f1309656dbf0 (f37-test.fedorainfracloud.org)
 * vol-09b92bac86df1d577 (vault.uw2.centos.org)
 * vol-074066a4fb17c2ccd (f38-test.fedorainfracloud.org)
 * vol-05c43dd45de9ec8dc (f39-test.fedorainfracloud.org)
 * vol-60cc8458 (N/A)

Region: af-south-1
Instances:
 * proxy33.fedoraproject.org (i-091c3a0a9b51b746c)
 * mref1.afs1.stream.centos.org (i-05e8706b4d1c1dbe3)
Volumes - [id (attached to instance)]:
 * vol-0474b44ac60470546 (proxy33.fedoraproject.org)
 * vol-00ffe8821d7313bbf (mref1.afs1.stream.centos.org)
 * vol-02b6f520ece872075 (mref1.afs1.stream.centos.org)

Region: eu-north-1

Region: eu-west-3
Instances:
 * pdns1.euw3.centos.org (i-07724f80561513ae4)
 * people.euw3.centos.org (i-0629a7c9146e04290)
Volumes - [id (attached to instance)]:
 * vol-01517db42903637d9 (mirrorlist.euw3.aws.centos.org)
 * vol-00c760fbdd555a77d (pdns1.euw3.centos.org)
 * vol-033eed789811e4d73 (people.euw3.centos.org)
 * vol-0879d3b255788e2b9 (people.euw3.centos.org)
 * vol-0940073018c7c7424 (wiki.stg.centos.org)

Region: eu-west-2
Instances:
 * mon2.stg.centos.org (i-0e2dfdfd40502033d)
 * buildlogs.euw2.centos.org (i-0d3da2203fcde2803)
 * blog.stg.centos.org (i-0ff49a8f0cb580006)
 * mref1.euw2.stream.centos.org (i-01e8f6a3aaf0fbc7c)
 * www-node3.centos.org (i-0b7fd297c9c3e3070)
Volumes - [id (attached to instance)]:
 * vol-0fdf7047099b942c3 (forums.centos.org)
 * vol-0a031eb0b5d5b43ab (mref1.euw2.stream.centos.org)
 * vol-0c63ea2af7fae21be (mref1.euw2.stream.centos.org)
 * vol-04698aafb278a461b (www-node3.centos.org)
 * vol-02657e34fb9b4c830 (lists.stg.centos.org)
 * vol-0d0b02d00c539e44e (buildlogs.euw2.centos.org)
 * vol-0354f50fe045ed5cf (mon2.stg.centos.org)
 * vol-0b558b597fd70b8a7 (buildlogs.euw2.centos.org)
 * vol-09f323dea12ca8189 (blog.stg.centos.org)

Region: eu-west-1
Instances:
 * kojid1.stg.centos.org (i-00028f1043d123ea2)
 * cbs.stg.centos.org (i-0e093bb7fbd190252)
 * proxy1.stg.euw1.centos.org (i-03f1be4e6338a4173)
 * nfs01.stg.aws.centos.org (i-093e80bf9aa8a732f)
 * mref1.stg.euw1.centos.org (i-09c2cdce2dada8fa8)
 * stylo.stg.euw1.centos.org (i-08da0a182d470d9f6)
 * kojid2.stg.euw1.centos.org (i-0ffcc59f1d286b026)
 * connect.aws.centos.org