This page explains how to delete an orphan user

Step-by-step guide


As user admin open the dashboard and go to Identity –> Users

Click on the Orphan users tab

Check if there are users whose account expired more than a year ago

Let's suppose that the account piano@infn.it expired a while ago and you want to remove this account.


cld-ctrl-01# openstack user show piano@infn.it
 
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | cc6e6acda4eb4a92a7263099b8143810 |
| domain_id           | default                          |
| email               | stefano.piano@ts.infn.it         |
| enabled             | False                            |
| id                  | 77e128ef046843608ca98f5541032209 |
| name                | piano@infn.it                    |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+


Verify that the user is not owner of any active instance or volumes. The following commands must return no outputs:


[root@cld-ctrl-01 ~]# openstack server list --all-projects --user 77e128ef046843608ca98f5541032209
 
[root@cld-ctrl-01 ~]#
[root@cld-ctrl-01 ~]# openstack volume list --all-projects --user 77e128ef046843608ca98f5541032209
 
[root@cld-ctrl-01 ~]#


If and only if the user doesn't own any resource, you can proceed with user deletion. 

The involved steps are:


  1. Remove the user from the mailing lists
  2. Remove the account on gate.cloudveneto.it
  3. Update the confluence page with the lists of deleted users
  4. Remove the user from OpenStack


1. Remove the user from the mailing lists

Remove the user from the announce@cloudveneto.it and discuss@cloudveneto.it mailing lists.

For this purpose, open a browser to http://bsdsz2.pd.infn.it/cgi-bin/majordomo, insert the name of the list (announce and then discuss) and insert the password


2. Remove the account on gate.cloudveneto.it


Login with your personal account in gate.cloudveneto.it

Acquire root privileges:

sudo -s

Remove the user from gate:

# userdel -r piano


Remove also the relevant line in /home/chrootusers/etc/passwd

3. Update the confluence page with the lists of deleted users

Update this page (the uuid of the user can be needed in the future for post mortem debugging)

4. Remove the user from OpenStack

Remove the user from OpenStack using the dashboard