Compare revisions

Levente Polyak · Sven-Hendrik Haase · Levente Polyak · Sven-Hendrik Haase · Christian Heusel · Kristian Klausen
--- a/one-shots/keycloak-importer/archusers.yml
+++ b/one-shots/keycloak-importer/archusers.yml
-arch_groups:
-  - dev
-  - tu
-  - devops
-  - fellows
-  - multilib
-  - archboxes-sudo
-  - docker-image-sudo
-
-arch_users:
-  # aaron:
-  #   name: "Aaron Griffin"
-  #   ssh_key: aaron.pub
-  #   groups:
-  #     - dev
-  # aginiewicz:
-  #   name: "Andrzej Giniewicz"
-  #   ssh_key: aginiewicz.pub
-  #   groups:
-  #     - tu
-  # ainola:
-  #   name: "Brett Cornwall"
-  #   ssh_key: ainola.pub
-  #   groups:
-  #     - tu
-  # alad:
-  #   name: "Alad Wenter"
-  #   ssh_key: alad.pub
-  #   groups:
-  #     - tu
-  # allan:
-  #   name: "Allan McRae"
-  #   ssh_key: allan.pub
-  #   groups:
-  #     - dev
-  #     - multilib
-  #     - tu
-  # alucryd:
-  #   name: "Maxime Gauduin"
-  #   ssh_key: alucryd.pub
-  #   groups:
-  #     - dev
-  #     - tu
-  #     - multilib
-  # anatolik:
-  #   name: "Anatol Pomozov"
-  #   ssh_key: anatolik.pub
-  #   groups:
-  #     - dev
-  #     - tu
-  #     - multilib
-  # andrea:
-  #   name: "Andrea Scarpino"
-  #   ssh_key: andrea.pub
-  #   groups: []
-  # andrew:
-  #   name: "Andrew Gregory"
-  #   ssh_key: andrew.pub
-  #   groups:
-  #     - dev
-  # andrewsc:
-  #   name: "Andrew Crerar"
-  #   ssh_key: andrewsc.pub
-  #   groups:
-  #     - tu
-  # anthraxx:
-  #   name: "Levente Polyak"
-  #   ssh_key: anthraxx.pub
-  #   shell: /bin/zsh
-  #   groups:
-  #     - dev
-  #     - devops
-  #     - tu
-  #     - multilib
-  # andyrtr:
-  #   name: "Andreas Radke"
-  #   ssh_key: andyrtr.pub
-  #   groups:
-  #     - dev
-  #     - tu
-  # arcanis:
-  #   name: "Evgeniy Alekseev"
-  #   ssh_key: arcanis.pub
-  #   groups:
-  #     - tu
-  # archange:
-  #   name: "Bruno Pagani"
-  #   ssh_key: archange.pub
-  #   shell: /bin/zsh
-  #   groups:
-  #     - tu
-  #     - multilib
-  # arodseth:
-  #   name: "Alexander Rødseth"
-  #   ssh_key: arodseth.pub
-  #   groups:
-  #     - tu
-  #     - multilib
-  # arojas:
-  #   name: "Antonio Rojas"
-  #   ssh_key: arojas.pub
-  #   groups:
-  #     - dev
-  #     - tu
-  #     - multilib
-  # aur-notify:
-  #   name: ""
-  #   groups: []
-  # bgyorgy:
-  #   name: "Balló György"
-  #   ssh_key: bgyorgy.pub
-  #   groups:
-  #     - tu
-  # bisson:
-  #   name: "Gaëtan Bisson"
-  #   ssh_key: bisson.pub
-  #   groups:
-  #     - dev
-  #     - tu
-  # bluewind:
-  #   name: "Florian Pritz"
-  #   ssh_key: bluewind.pub
-  #   shell: /bin/zsh
-  #   groups:
-  #     - dev
-  #     - devops
-  #     - tu
-  #     - multilib
-  # bpiotrowski:
-  #   name: "Bartłomiej Piotrowski"
-  #   ssh_key: bpiotrowski.pub
-  #   groups:
-  #     - dev
-  #     - devops
-  #     - tu
-  #     - multilib
-  # cbehan:
-  #   name: "Connor Behan"
-  #   ssh_key: cbehan.pub
-  #   groups:
-  #     - tu
-  # cesura:
-  #   name: "Brad Fanella"
-  #   ssh_key: cesura.pub
-  #   groups:
-  #     - tu
-  # coderobe:
-  #   name: "Robin Broda"
-  #   ssh_key: coderobe.pub
-  #   groups:
-  #     - tu
-  # daurnimator:
-  #   name: "Daurnimator"
-  #   ssh_key: daurnimator.pub
-  #   groups:
-  #     - tu
-  # dbermond:
-  #   name: "Daniel Bermond"
-  #   ssh_key: dbermond.pub
-  #   groups:
-  #     - tu
-  # demize:
-  #   name: "Johannes Löthberg"
-  #   ssh_key: demize.pub
-  #   shell: /bin/zsh
-  #   groups:
-  #     - dev
-  #     - tu
-  #     - multilib
-  # diabonas:
-  #   name: "Jonas Witschel"
-  #   ssh_key: diabonas.pub
-  #   groups:
-  #     - tu
-  # donate:
-  #   name: ""
-  #   groups: []
-  # dreisner:
-  #   name: "Dave Reisner"
-  #   ssh_key: dreisner.pub
-  #   groups:
-  #     - dev
-  #     - multilib
-  #     - tu
-  # dvzrv:
-  #   name: "David Runge"
-  #   ssh_key: dvzrv.pub
-  #   groups:
-  #     - dev
-  #     - multilib
-  #     - tu
-  # escondida:
-  #   name: "Ivy Foster"
-  #   ssh_key: escondida.pub
-  #   groups:
-  #     - tu
-  # eworm:
-  #   name: "Christian Hesse"
-  #   ssh_key: eworm.pub
-  #   shell: /bin/zsh
-  #   groups:
-  #     - dev
-  #     - tu
-  #     - multilib
-  # farseerfc:
-  #   name: "Jiachen Yang"
-  #   ssh_key: farseerfc.pub
-  #   groups:
-  #     - tu
-  # felixonmars:
-  #   name: "Felix Yan"
-  #   ssh_key: felixonmars.pub
-  #   groups:
-  #     - dev
-  #     - tu
-  #     - multilib
-  # ffy00:
-  #   name: "Filipe Laíns"
-  #   ssh_key: ffy00.pub
-  #   shell: /bin/bash
-  #   groups:
-  #     - tu
-  # foutrelis:
-  #   name: "Evangelos Foutras"
-  #   ssh_key: foutrelis.pub
-  #   additional_ssh_keys:
-  #     - name: foutrelis_buildhost.pub
-  #       hosts:
-  #         - dragon.archlinux.org
-  #   groups:
-  #     - dev
-  #     - devops
-  #     - tu
-  #     - multilib
-  # foxboron:
-  #   name: "Morten Linderud"
-  #   ssh_key: foxboron.pub
-  #   groups:
-  #     - tu
-  # foxxx0:
-  #   name: "Thore Bödecker"
-  #   ssh_key: foxxx0.pub
-  #   shell: /bin/zsh
-  #   groups:
-  #      - tu
-  # fukawi2:
-  #   name: "Phillip Smith"
-  #   ssh_key: fukawi2.pub
-  #   groups:
-  #     - devops
-  # gitlab:
-  #   name: ""
-  #   groups: []
-  # grazzolini:
-  #   name: "Giancarlo Razzolini"
-  #   ssh_key: grazzolini.pub
-  #   groups:
-  #     - dev
-  #     - devops
-  #     - multilib
-  #     - tu
-  # heftig:
-  #   name: "Jan Steffens"
-  #   ssh_key: heftig.pub
-  #   additional_ssh_keys:
-  #     - name: heftig_work.pub
-  #       hosts:
-  #         - dragon.archlinux.org
-  #     - name: heftig_dragon.pub
-  #       hosts:
-  #         - homedir.archlinux.org
-  #   groups:
-  #     - dev
-  #     - devops
-  #     - tu
-  #     - multilib
-  # idevolder:
-  #   name: "Ike Devolder"
-  #   ssh_key: idevolder.pub
-  #   groups:
-  #     - tu
-  jelle:
-    name: "Jelle van der Waa"
-    ssh_key: jelle.pub
-    groups:
-      - dev
-      - devops
-      - tu
-      - multilib
-# jgc:
-#   name: "Jan de Groot"
-#   ssh_key: jgc.pub
-#   groups:
-#     - dev
-#     - multilib
-#     - tu
-# jleclanche:
-#   name: "Jerome Leclanche"
-#   ssh_key: jleclanche.pub
-#   shell: /bin/zsh
-#   groups:
-#     - tu
-# jlichtblau:
-#   name: "Jaroslav Lichtblau"
-#   ssh_key: jlichtblau.pub
-#   groups:
-#     - tu
-# jouke:
-#   name: "Jouke Witteveen"
-#   ssh_key: jouke.pub
-#   groups:
-#     - ""
-# jsteel:
-#   name: "Jonathan Steel"
-#   ssh_key: jsteel.pub
-#   groups:
-#     - tu
-# juergen:
-#   name: "Jürgen Hötzel"
-#   ssh_key: juergen.pub
-#   groups:
-#     - dev
-#     - multilib
-#     - tu
-# kgizdov:
-#   name: "Konstantin Gizdov"
-#   ssh_key: kgizdov.pub
-#   groups:
-#     - tu
-# kkeen:
-#   name: "Kyle Keen"
-#   ssh_key: kkeen.pub
-#   groups:
-#     - tu
-#     - multilib
-# lcarlier:
-#   name: "Laurent Carlier"
-#   ssh_key: lcarlier.pub
-#   groups:
-#     - dev
-#     - tu
-#     - multilib
-# lfleischer:
-#   name: "Lukas Fleischer"
-#   ssh_key: lfleischer.pub
-#   shell: /bin/zsh
-#   groups:
-#     - dev
-#     - tu
-#     - multilib
-# maximbaz:
-#   name: "Maxim Baz"
-#   ssh_key: maximbaz.pub
-#   groups:
-#     - tu
-# mtorromeo:
-#   name: "Massimiliano Torromeo"
-#   ssh_key: mtorromeo.pub
-#   groups:
-#     - tu
-# muflone:
-#   name: "Fabio Castelli"
-#   ssh_key: muflone.pub
-#   groups:
-#     - tu
-# nicohood:
-#   name: "NicoHood"
-#   ssh_key: nicohood.pub
-#   groups:
-#     - tu
-# pierre:
-#   name: "Pierre Schmitz"
-#   ssh_key: pierre.pub
-#   groups:
-#     - dev
-#     - multilib
-#     - tu
-# polyzen:
-#   name: "Daniel M. Capella"
-#   ssh_key: polyzen.pub
-#   groups:
-#     - tu
-# remy:
-#   name: "Rémy Oudompheng"
-#   ssh_key: remy.pub
-#   groups:
-#     - dev
-#     - tu
-# ronald:
-#   name: "Ronald van Haren"
-#   ssh_key: ronald.pub
-#   groups:
-#     - dev
-#     - tu
-# sangy:
-#   name: "Santiago Torres-Arias"
-#   ssh_key: sangy.pub
-#   groups:
-#     - tu
-#     - docker-image-sudo
-# schuay:
-#   name: "Jakob Gruber"
-#   ssh_key: schuay.pub
-#   groups:
-#     - tu
-#     - multilib
-# scimmia:
-#   name: "Doug Newgard"
-#   ssh_key: scimmia.pub
-#   groups: []
-# morganamilo:
-#   name: "Morgan Adamiec"
-#   ssh_key: morganamilo.pub
-#   groups: []
-# seblu:
-#   name: "Sébastien Luttringer"
-#   ssh_key: seblu.pub
-#   shell: /bin/zsh
-#   groups:
-#     - dev
-#     - tu
-#     - multilib
-# shibumi:
-#   name: "Christian Rebischke"
-#   ssh_key: shibumi.pub
-#   shell: /bin/zsh
-#   groups:
-#     - tu
-#     - archboxes-sudo
-# kpcyrd:
-#   name: "Kpcyrd"
-#   ssh_key: kpcyrd.pub
-#   groups:
-#     - tu
-# spupykin:
-#   name: "Sergej Pupykin"
-#   ssh_key: spupykin.pub
-#   groups:
-#     - tu
-#     - multilib
-# svenstaro:
-#   name: "Sven-Hendrik Haase"
-#   ssh_key: svenstaro.pub
-#   groups:
-#     - dev
-#     - devops
-#     - tu
-#     - multilib
-# tensor5:
-#   name: "Nicola Squartini"
-#   ssh_key: tensor5.pub
-#   groups:
-#     - tu
-# tpowa:
-#   name: "Tobias Powalowski"
-#   ssh_key: tpowa.pub
-#   groups:
-#     - dev
-#     - multilib
-#     - tu
-# wild:
-#   name: "Dan Printzell"
-#   ssh_key: wild.pub
-#   groups:
-#     - tu
-# xyne:
-#   name: "Xyne"
-#   ssh_key: xyne.pub
-#   groups:
-#     - tu
-# yan12125:
-#   name: "Chih-Hsuan Yen"
-#   ssh_key: yan12125.pub
-#   groups:
-#     - tu
-# zorun:
-#   name: "Baptiste Jonglez"
-#   ssh_key: zorun.pub
-#   groups:
-#     - tu
--- a/one-shots/keycloak-importer/import_user_groups.py
+++ b/one-shots/keycloak-importer/import_user_groups.py
-#!/usr/bin/env python
-import argparse
-import os
-import sys
-import time
-import webbrowser
-from datetime import datetime
-
-import requests
-import yaml
-
-IMPORT_GROUPS = {
-    "dev": "Developers",
-    "devops": "DevOps",
-    "tu": "Trusted Users",
-}
-
-
-CLIENT_ID = "admin-cli"
-KEYCLOAK_ADMIN_USERNAME = os.environ["KEYCLOAK_ADMIN_USERNAME"]
-KEYCLOAK_ADMIN_PASSWORD = os.environ["KEYCLOAK_ADMIN_PASSWORD"]
-KEYCLOAK_URL = "https://accounts.archlinux.org"
-KEYCLOAK_REALM = "archlinux"
-
-REALM_URL = f"{KEYCLOAK_URL}/realms/master"
-FETCH_TOKEN_URL = f"{REALM_URL}/protocol/openid-connect/token"
-API_BASE_URL = f"{KEYCLOAK_URL}/admin/realms/{KEYCLOAK_REALM}"
-
-_token_expire = 0
-_token_cache = ""
-
-
-def get_token():
-    global _token_cache
-    global _token_expire
-
-    if _token_expire < datetime.now().timestamp():
-        r = requests.post(
-            FETCH_TOKEN_URL,
-            data={
-                "username": KEYCLOAK_ADMIN_USERNAME,
-                "password": KEYCLOAK_ADMIN_PASSWORD,
-                "grant_type": "password",
-                "client_id": CLIENT_ID,
-            },
-        )
-        data = r.json()
-
-        if "error" in data:
-            sys.stderr.write(
-                f"Error requesting token: {data.get('error_description', data['error'])}\n"
-            )
-            sys.exit(1)
-
-        _token_expire = datetime.now().timestamp() + data["expires_in"]
-        _token_cache = data["access_token"]
-
-    return _token_cache
-
-
-def get_auth_headers():
-    token = get_token()
-    return {"Authorization": f"Bearer {token}"}
-
-
-def is_valid_file(parser, arg):
-    if not os.path.exists(arg):
-        parser.error(f"File {arg!r} does not exist")
-    return open(arg, "r")
-
-
-def add_user_to_group(user_id: str, group_id: str):
-    r = requests.put(
-        f"{API_BASE_URL}/users/{user_id}/groups/{group_id}",
-        data={"realm": KEYCLOAK_REALM, "userId": user_id, "groupId": group_id},
-        headers=get_auth_headers(),
-    )
-
-    if r.status_code in (200, 204):
-        # Success, empty response
-        return
-    else:
-        data = r.json()
-        if "error" in data:
-            sys.stderr.write(
-                f"Error adding user to group: {data.get('error_description', data['error'])}\n"
-            )
-            sys.exit(1)
-
-
-def get_all_users():
-    all_users = requests.get(
-        f"{API_BASE_URL}/users",
-        {"briefRepresentation": "true", "first": "0", "max": "200"},
-        headers=get_auth_headers(),
-    ).json()
-    return {u["username"]: u["id"] for u in all_users}
-
-
-def get_all_groups():
-    all_groups = requests.get(
-        f"{API_BASE_URL}/groups",
-        {"first": "0", "max": "200"},
-        headers=get_auth_headers(),
-    ).json()
-    return {g["name"]: g["id"] for g in all_groups}
-
-
-def main():
-    if not KEYCLOAK_ADMIN_USERNAME or not KEYCLOAK_ADMIN_PASSWORD:
-        sys.stderr.write(
-            "Environment variables KEYCLOAK_ADMIN_USERNAME and KEYCLOAK_ADMIN_PASSWORD must be set\n"
-        )
-        exit(1)
-    p = argparse.ArgumentParser()
-    p.add_argument("file", type=lambda x: is_valid_file(p, x))
-    args = p.parse_args(sys.argv[1:])
-
-    users_yml = yaml.load(args.file, Loader=yaml.SafeLoader)
-    users = users_yml["arch_users"]
-
-    user_ids = get_all_users()
-    group_ids = get_all_groups()
-
-    print(user_ids)
-
-    for username, user in users.items():
-        if username not in user_ids:
-            # Check if the user has a significant role
-            for group in user["groups"]:
-                if group in IMPORT_GROUPS:
-                    break
-            else:
-                # Otherwise, skip creating it
-                continue
-            print(f"Creating {username!r}")
-            name = user.get("name", "")
-            first_name, last_name = "", ""
-            if name:
-                _names = name.split()
-                if _names:
-                    first_name = _names[0]
-                    if len(_names) > 1:
-                        last_name = " ".join(_names[1:])
-            response = requests.post(
-                f"{API_BASE_URL}/users",
-                json={
-                    "username": username,
-                    "email": user.get("email", ""),
-                    "firstName": first_name,
-                    "lastName": last_name,
-                    "enabled": True,
-                },
-                headers=get_auth_headers(),
-            )
-
-    user_ids = get_all_users()
-    for username, user in users.items():
-        for group in user["groups"]:
-            if group in IMPORT_GROUPS:
-                import_group = IMPORT_GROUPS[group]
-                print(f"Adding {username!r} to {import_group!r}")
-                add_user_to_group(user_ids[username], group_ids[import_group])
-
-
-if __name__ == "__main__":
-    main()
--- a/roles/tempo/templates/config.yml.j2
+++ b/roles/tempo/templates/config.yml.j2
@@ -20,12 +20,9 @@ distributor:
        http:
          endpoint: {{ wireguard_address }}:4318

-ingester:
-  max_block_duration: 5m               # cut the headblock when this much time passes. this is being set for demo purposes and should probably be left alone normally
-
 compactor:
  compaction:
-    block_retention: 1h                # overall Tempo trace retention. set for demo purposes
+    block_retention: 168h  # 7 days

 metrics_generator:
  registry:
@@ -41,11 +38,14 @@ metrics_generator:

 storage:
  trace:
-    backend: local                     # backend configuration to use
+    backend: local
    wal:
-      path: /var/lib/tempo/wal             # where to store the wal locally
+      path: /var/lib/tempo/wal
    local:
      path: /var/lib/tempo/blocks

 overrides:
  metrics_generator_processors: [service-graphs, span-metrics, local-blocks] # enables metrics generator
+
+usage_report:
+  reporting_enabled: false
No results found