[Labs-l] Projects marked for death

[Andrew Bogott]

On 12/15/13 7:01 PM, Ryan Lane wrote:
> On Sat, Dec 14, 2013 at 10:33 AM, Maarten Dammers <maarten at mdammers.nl 
> <mailto:maarten at mdammers.nl>> wrote:
>
>     Hi Andrew,
>
>     Andrew Bogott schreef op 13-12-2013 23:43:
>
>         The following projects are visible on wikitech but do not
>         contain any instances.  My inclination is to delete them all
>         -- it's easy enough to recreate them after the fact if necessary.
>
>         Any objections?
>
>     Are you certain this doesn't have any security implications? Say
>     for example when someone else creates a deleted project and gets
>     rights which belonged to the previous project or when the system
>     reuses internal id's.
>
>
> All rights are managed by keystone and keystone uses LDAP for role and 
> project membership. When Andrew deletes the project, he'll be deleting 
> the entire project tree from LDAP. It's possible that some service 
> specific resources could be held over (like quotas), but hopefully 
> there's an easy way to clean those references up in those specific 
> services.

Yep!  Also, in addition to cleaning projects out of LDAP I'm planning to 
delete the gluster shared storage for these projects. Given that the 
projects are empty, gluster is really the only place that anything of 
value could reside.

I won't be doing gluster first, though, so will probably send yet 
another warning message before I clobber all that.

>
> We've always had the ability to delete projects, but I've avoided 
> doing so because it's a relatively involved process.

Ryan, in case I'm missing anything:  other than gluster, are there other 
specific project bits that you know the 'manage projects' delete link 
fails to clean up?

-A

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wikimedia.org/pipermail/labs-l/attachments/20131216/fb226a15/attachment.html>