Usage - access control¶
Access control is primarily managed using the Ansible playbooks and configuration in the stackhpc-release-train and stackhpc-release-train-clients repositories. The readme file in each repository provides information on how to install dependencies and run playbooks. The playbooks are designed to be run manually or via a GitHub Actions CI job. This page covers the different workflows available for access control.
Create content guards¶
This workflow must currently be run manually. It involves the following playbook in the stackhpc-release-train repository:
dev-pulp-content-guards.yml
: Create RBAC content-guards.
It should almost never need to be run.
To run it manually:
ansible-playbook -i ansible/inventory \
ansible/dev-pulp-content-guards.yml
Configuration for content guards is in ansible/inventory/group_vars/all/dev-pulp-repos.
Generating client credentials¶
Clients require credentials in order to access Ark. See the README in the stackhpc-release-train-clients repository for how to generete and update them. It is also possible to use this repository to generate credentials with access to the unpromoted "development" content, but these should not be given to clients.