mirror of
https://github.com/rocky-linux/infrastructure
synced 2024-12-22 10:58:29 +00:00
Linting and Formatting
This commit appends the README.md to state that yaml files should start with `---` and end with `...`. This also addresses some linting warnings that were not appearing during pre-commit on local system.
This commit is contained in:
parent
26854b91b2
commit
fcdf86b31c
@ -156,6 +156,22 @@ When pushing to your own forked version of this repository, pre-commit must run
|
||||
|
||||
When the linter passes, the push will complete and you will be able to open a PR.
|
||||
|
||||
## General YAML Formatting
|
||||
|
||||
It is recommended that each yaml file starts with `---` and ends with `...`. This can help with linting and also stating an obvious end to the file.
|
||||
|
||||
### Plugin and Formatting Assistance
|
||||
|
||||
The YAML format is extremely easy and can be generally followed without much to think about, the same goes with ansible's syntax. Ideally, your editor can assist with these things. If you are a vim user, the following plugins can be useful:
|
||||
|
||||
```
|
||||
stephpy/vim-yaml
|
||||
pearofducks/ansible-vim
|
||||
vim-syntastic/syntastic
|
||||
```
|
||||
|
||||
These can be installed using [vim-plug](https://github.com/junegunn/vim-plug).
|
||||
|
||||
## Initializing the Ansible Host
|
||||
|
||||
When initializing the ansible host, you should be in `./infrastructure/ansible` so that the `ansible.cfg` is used. You will need to run the `init-rocky-ansible-host.yml` playbook and to get started, which will install all the roles and collections required for the playbooks to run.
|
||||
|
@ -2,3 +2,4 @@
|
||||
|
||||
chrony_server: true
|
||||
chrony_allow_cidr: "10.0.0.0/16"
|
||||
...
|
||||
|
@ -0,0 +1,3 @@
|
||||
---
|
||||
# ipa vars
|
||||
...
|
@ -7,3 +7,4 @@ ipaclient_no_ntp: true
|
||||
ipaclient_mkhomedir: true
|
||||
ipaclient_ssh_trust_dns: true
|
||||
ipasssd_enable_dns_updates: true
|
||||
...
|
||||
|
@ -10,3 +10,4 @@ ipareplica_setup_ca: true
|
||||
ipareplica_setup_kra: true
|
||||
ipareplica_setup_dns: true
|
||||
ipa_dns_master: 10.100.1.110
|
||||
...
|
||||
|
@ -13,3 +13,4 @@ ipaclient_no_ntp: true
|
||||
ipaclient_mkhomedir: true
|
||||
ipaserver_no_hbac_allow: true
|
||||
ipaserver_reverse_zones: ["1.100.10.in-addr.arpa."]
|
||||
...
|
||||
|
@ -3,3 +3,4 @@
|
||||
rabbitmq_cluster_name: "rabbit"
|
||||
rabbitmq_cluster_list: "{{ groups['rabbitmq'] }}"
|
||||
rabbitmq_env: "production"
|
||||
...
|
||||
|
@ -2,3 +2,4 @@
|
||||
|
||||
chrony_server: true
|
||||
chrony_allow_cidr: "10.0.0.0/16"
|
||||
...
|
||||
|
@ -0,0 +1,3 @@
|
||||
---
|
||||
# ipa vars
|
||||
...
|
@ -7,3 +7,4 @@ ipaclient_no_ntp: true
|
||||
ipaclient_mkhomedir: true
|
||||
ipaclient_ssh_trust_dns: true
|
||||
ipasssd_enable_dns_updates: true
|
||||
...
|
||||
|
@ -10,3 +10,4 @@ ipareplica_setup_ca: true
|
||||
ipareplica_setup_kra: true
|
||||
ipareplica_setup_dns: true
|
||||
ipa_dns_master: 10.100.1.110
|
||||
...
|
||||
|
@ -13,3 +13,4 @@ ipaclient_no_ntp: true
|
||||
ipaclient_mkhomedir: true
|
||||
ipaserver_no_hbac_allow: true
|
||||
ipaserver_reverse_zones: ["1.100.10.in-addr.arpa."]
|
||||
...
|
||||
|
@ -3,3 +3,4 @@
|
||||
rabbitmq_cluster_name: "rabbit"
|
||||
rabbitmq_cluster_list: "{{ groups['rabbitmq'] }}"
|
||||
rabbitmq_env: "staging"
|
||||
...
|
||||
|
@ -5,3 +5,4 @@
|
||||
- name: Force a fact refresh to have those available in local cache
|
||||
setup:
|
||||
gather_timeout: 30
|
||||
...
|
||||
|
@ -38,3 +38,4 @@
|
||||
visibility: "{{ gitlab_visibility|default('private') }}"
|
||||
delegate_to: localhost
|
||||
register: gitlab_group_return
|
||||
...
|
||||
|
@ -41,3 +41,4 @@
|
||||
validate_certs: true
|
||||
visibility: "{{ gitlab_visibility|default('private') }}"
|
||||
delegate_to: localhost
|
||||
...
|
||||
|
@ -35,3 +35,4 @@
|
||||
state: absent
|
||||
validate_certs: true
|
||||
delegate_to: localhost
|
||||
...
|
||||
|
@ -35,3 +35,4 @@
|
||||
state: absent
|
||||
validate_certs: true
|
||||
delegate_to: localhost
|
||||
...
|
||||
|
@ -39,3 +39,4 @@
|
||||
file:
|
||||
path: "/tmp/binder.update"
|
||||
state: absent
|
||||
...
|
||||
|
@ -55,3 +55,4 @@
|
||||
managedby:
|
||||
- "{{ ipa_name_value[:-1] }}"
|
||||
ignore_errors: true
|
||||
...
|
||||
|
@ -27,3 +27,4 @@
|
||||
name: "{{ ipa_zone }}"
|
||||
tags:
|
||||
- dns
|
||||
...
|
||||
|
@ -32,3 +32,4 @@
|
||||
roles:
|
||||
- role: rockylinux.ipagetcert
|
||||
state: present
|
||||
...
|
||||
|
@ -135,3 +135,4 @@
|
||||
state: file
|
||||
tags:
|
||||
- keytab
|
||||
...
|
||||
|
@ -47,3 +47,4 @@
|
||||
check_mode: false
|
||||
changed_when: "1 != 1"
|
||||
when: ipa_fas
|
||||
...
|
||||
|
@ -28,3 +28,4 @@
|
||||
force: "{{ ipa_force | default(false) }}"
|
||||
tags:
|
||||
- services
|
||||
...
|
||||
|
@ -82,3 +82,4 @@
|
||||
server_uri: ldap://localhost/
|
||||
bind_dn: "uid={{ ipa_admin }},cn=users,cn=accounts,dc=rockylinux,dc=org"
|
||||
bind_pw: "{{ ipaadmin_password }}"
|
||||
...
|
||||
|
@ -27,3 +27,4 @@
|
||||
state: disabled
|
||||
tags:
|
||||
- users
|
||||
...
|
||||
|
@ -27,3 +27,4 @@
|
||||
state: enabled
|
||||
tags:
|
||||
- users
|
||||
...
|
||||
|
@ -38,3 +38,4 @@
|
||||
update_password: on_create
|
||||
tags:
|
||||
- users
|
||||
...
|
||||
|
@ -85,3 +85,4 @@
|
||||
loop_var: routing_item
|
||||
tags:
|
||||
- rabbitmq
|
||||
...
|
||||
|
@ -33,3 +33,4 @@
|
||||
state: present
|
||||
tags:
|
||||
- rabbitmq
|
||||
...
|
||||
|
@ -45,3 +45,4 @@
|
||||
service:
|
||||
name: postfix
|
||||
state: restarted
|
||||
...
|
||||
|
@ -12,3 +12,4 @@
|
||||
loop: "{{ ipagroups }}"
|
||||
tags:
|
||||
- groups
|
||||
...
|
||||
|
@ -42,3 +42,4 @@
|
||||
when: iparoles is defined
|
||||
tags:
|
||||
- rbac
|
||||
...
|
||||
|
@ -14,3 +14,4 @@
|
||||
loop: "{{ ipapwpolicies }}"
|
||||
tags:
|
||||
- groups
|
||||
...
|
||||
|
@ -10,3 +10,4 @@
|
||||
- rockyadm
|
||||
hostcat: all
|
||||
cmdcat: all
|
||||
...
|
||||
|
@ -68,3 +68,4 @@
|
||||
file:
|
||||
path: "/tmp/binder.update"
|
||||
state: absent
|
||||
...
|
||||
|
@ -32,3 +32,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -8,16 +8,16 @@
|
||||
collection_installation_dir: collections
|
||||
installation_prefix: ../
|
||||
pre_tasks:
|
||||
# example prepare ansible box for execution
|
||||
# - name: install required pip modules on the host running ansible
|
||||
# pip:
|
||||
# name:
|
||||
# - jmespath
|
||||
# - netaddr
|
||||
# - python-consul
|
||||
# - pyvmomi
|
||||
# - python-ldap
|
||||
# - twine
|
||||
# example prepare ansible box for execution
|
||||
# - name: install required pip modules on the host running ansible
|
||||
# pip:
|
||||
# name:
|
||||
# - jmespath
|
||||
# - netaddr
|
||||
# - python-consul
|
||||
# - pyvmomi
|
||||
# - python-ldap
|
||||
# - twine
|
||||
|
||||
- name: Remove existing public roles
|
||||
file:
|
||||
@ -54,3 +54,4 @@
|
||||
path: "../tmp/known_hosts"
|
||||
state: touch
|
||||
mode: "0644"
|
||||
...
|
||||
|
@ -57,3 +57,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -34,3 +34,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -38,3 +38,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -57,3 +57,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -30,3 +30,4 @@
|
||||
name: '{{ item }}'
|
||||
dynamic_update: true
|
||||
with_items: '{{ fdns }}'
|
||||
...
|
||||
|
@ -33,3 +33,4 @@
|
||||
|
||||
- name: "Start privileges for services"
|
||||
import_tasks: import-rockyipaprivs.yml
|
||||
...
|
||||
|
@ -32,3 +32,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -57,3 +57,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -38,3 +38,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -32,3 +32,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -32,3 +32,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -54,3 +54,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -38,3 +38,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -56,3 +56,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -46,3 +46,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -63,3 +63,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -39,3 +39,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -51,3 +51,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -61,3 +61,4 @@
|
||||
freeipa.ansible_freeipa.ipadnsconfig:
|
||||
ipaadmin_password: '{{ ipaadmin_password }}'
|
||||
allow_sync_ptr: true
|
||||
...
|
||||
|
@ -75,3 +75,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -88,3 +88,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -88,3 +88,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -121,3 +121,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -121,3 +121,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -37,8 +37,8 @@
|
||||
state: present
|
||||
|
||||
roles:
|
||||
#- role: rockylinux.ipagetcert
|
||||
# state: present
|
||||
# - role: rockylinux.ipagetcert
|
||||
# state: present
|
||||
- role: cloudalchemy.prometheus
|
||||
state: present
|
||||
- role: cloudalchemy.alertmanager
|
||||
@ -61,3 +61,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -59,3 +59,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -19,3 +19,4 @@
|
||||
port: 9100/tcp
|
||||
permanent: true
|
||||
state: enabled
|
||||
...
|
||||
|
@ -31,8 +31,8 @@
|
||||
state: present
|
||||
|
||||
tasks:
|
||||
#- include_tasks: tasks/pinnwand.yml
|
||||
# tags: ['includetasks']
|
||||
# - include_tasks: tasks/pinnwand.yml
|
||||
# tags: ['includetasks']
|
||||
|
||||
roles:
|
||||
- role: rockylinux.ipagetcert
|
||||
@ -46,8 +46,8 @@
|
||||
# Define variables in vars/matomo/nginx.yml
|
||||
- role: nginxinc.nginx_core.nginx
|
||||
tags: ['nginx']
|
||||
#- role: nginxinc.nginx_core.nginx_config
|
||||
# tags: ['nginx']
|
||||
# - role: nginxinc.nginx_core.nginx_config
|
||||
# tags: ['nginx']
|
||||
|
||||
post_tasks:
|
||||
- name: Open firewalld ports
|
||||
@ -64,3 +64,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -75,3 +75,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -39,3 +39,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -89,3 +89,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -76,3 +76,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -38,3 +38,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -56,7 +56,7 @@
|
||||
port: "{{ item.port }}"
|
||||
permanent: "{{ item.permanent }}"
|
||||
state: "{{ item.state }}"
|
||||
immediate: yes
|
||||
immediate: true
|
||||
loop: "{{ firewall_rules }}"
|
||||
|
||||
- name: Touching run file that ansible has ran here
|
||||
@ -67,3 +67,4 @@
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
||||
|
@ -24,3 +24,4 @@
|
||||
name: httpd
|
||||
state: running
|
||||
enabled: true
|
||||
...
|
||||
|
@ -33,3 +33,4 @@
|
||||
- regenerate_auditd_rules
|
||||
tags:
|
||||
- harden
|
||||
...
|
||||
|
@ -66,3 +66,4 @@
|
||||
when:
|
||||
- ansible_facts['os_family'] == 'RedHat'
|
||||
- ansible_facts['distribution_major_version'] == '8'
|
||||
...
|
||||
|
@ -52,3 +52,4 @@
|
||||
|
||||
- name: Install necessary pieces
|
||||
import_tasks: bugzilla_install.yml
|
||||
...
|
||||
|
@ -57,3 +57,4 @@
|
||||
file:
|
||||
path: "{{ bugzilla_dir }}/answer"
|
||||
state: absent
|
||||
...
|
||||
|
@ -30,3 +30,4 @@
|
||||
name: "{{ chrony_service_name }}"
|
||||
state: "{{ chrony_service_state }}"
|
||||
enabled: "{{ chrony_service_enabled }}"
|
||||
...
|
||||
|
@ -3,19 +3,18 @@
|
||||
#
|
||||
|
||||
- name: "Installing amazon-efs-utils"
|
||||
become: yes
|
||||
become: true
|
||||
become_user: root
|
||||
yum:
|
||||
name: 'https://git.rockylinux.org/neil/efs-utils/-/jobs/5/artifacts/raw/build/amazon-efs-utils-1.30.1-1.el8.noarch.rpm?inline=false'
|
||||
disable_gpg_check: yes
|
||||
validate_certs: yes
|
||||
disable_gpg_check: true
|
||||
validate_certs: true
|
||||
state: present
|
||||
tags:
|
||||
- amazon_efs_utils
|
||||
- packages
|
||||
- mounts
|
||||
|
||||
|
||||
- name: "Gathering ec2 facts"
|
||||
amazon.aws.ec2_metadata_facts:
|
||||
tags:
|
||||
@ -23,18 +22,17 @@
|
||||
|
||||
# "you can use /etc/hosts" https://github.com/aws/efs-utils/issues/1
|
||||
- name: "Install custom hosts file because fmlC-w amazon said so."
|
||||
become: yes
|
||||
become: true
|
||||
become_user: root
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/hosts
|
||||
line: "{{ item.ip_map[ansible_ec2_placement_availability_zone] }} {{ item.fsid }}.efs.{{ ansible_ec2_placement_region }}.amazonaws.com"
|
||||
create: yes
|
||||
create: true
|
||||
tags:
|
||||
- mounts
|
||||
|
||||
|
||||
- name: "Creating and mounting {{ item.fsid }} at {{ item.mount_point }}"
|
||||
become: yes
|
||||
become: true
|
||||
become_user: root
|
||||
ansible.posix.mount:
|
||||
path: "{{ item.mount_point }}"
|
||||
@ -44,3 +42,4 @@
|
||||
state: "{{ item.state | default('mounted') }}"
|
||||
tags:
|
||||
- mounts
|
||||
...
|
||||
|
@ -62,3 +62,4 @@
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0750'
|
||||
...
|
||||
|
@ -23,8 +23,9 @@
|
||||
become: true
|
||||
|
||||
- name: Create gitlab-runner user
|
||||
become: yes
|
||||
become: true
|
||||
user:
|
||||
name: gitlab-runner
|
||||
shell: /bin/bash
|
||||
system: yes
|
||||
system: true
|
||||
...
|
||||
|
@ -2,3 +2,4 @@
|
||||
- name: Add kernel boot options to all kernels and default config
|
||||
command: /usr/sbin/grubby --update-kernel=ALL --args "{{ grub_boot_options }}"
|
||||
changed_when: "1 != 1"
|
||||
...
|
||||
|
@ -214,3 +214,4 @@
|
||||
state: absent
|
||||
tags:
|
||||
- harden
|
||||
...
|
||||
|
@ -4,7 +4,7 @@
|
||||
shell: "set -o pipefail && echo \"{{ rockykoji_password }}\" | kinit rockykoji@ROCKYLINUX.ORG"
|
||||
check_mode: false
|
||||
changed_when: "1 != 1"
|
||||
become: yes
|
||||
become: true
|
||||
become_user: koji
|
||||
when: rockykoji_has_password | bool
|
||||
|
||||
@ -12,14 +12,14 @@
|
||||
shell: "set -o pipefail && kinit -kt /home/koji/.koji/keytab koji/rockykoji@ROCKYLINUX.ORG"
|
||||
check_mode: false
|
||||
changed_when: "1 != 1"
|
||||
become: yes
|
||||
become: true
|
||||
become_user: koji
|
||||
when: not rockykoji_has_password | bool
|
||||
|
||||
- name: Import current necessary tags
|
||||
shell: "set -o pipefail && koji add-tag {{ item }}"
|
||||
changed_when: "1 != 1"
|
||||
become: yes
|
||||
become: true
|
||||
become_user: koji
|
||||
loop:
|
||||
- build-modules
|
||||
@ -60,3 +60,4 @@
|
||||
- module-rocky-8.4.0-build
|
||||
- trash
|
||||
- trashcan
|
||||
...
|
||||
|
@ -20,7 +20,7 @@
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/hosts
|
||||
line: "{{ koji_efs_fs_ip_map[ansible_ec2_placement_availability_zone] }} {{ koji_efs_fsid }}"
|
||||
create: yes
|
||||
create: true
|
||||
tags:
|
||||
- mounts
|
||||
|
||||
@ -33,3 +33,4 @@
|
||||
state: "{{ koji_efs_fs_state | default('mounted') }}"
|
||||
tags:
|
||||
- mounts
|
||||
...
|
||||
|
@ -1 +1,2 @@
|
||||
---
|
||||
...
|
||||
|
@ -90,3 +90,4 @@
|
||||
|
||||
- name: Patch up some pages
|
||||
import_tasks: mantispatch.yml
|
||||
...
|
||||
|
@ -23,3 +23,4 @@
|
||||
path: "/var/www/mantisbt-{{ mantis_version }}/login_page.php"
|
||||
state: absent
|
||||
regex: 'LDAP != config_get_global'
|
||||
...
|
||||
|
@ -86,3 +86,4 @@
|
||||
lineinfile:
|
||||
path: "/opt/noggin/noggin/noggin/app.py"
|
||||
line: "app = create_app()"
|
||||
...
|
||||
|
@ -35,3 +35,4 @@
|
||||
name: postfix
|
||||
state: restarted
|
||||
enabled: true
|
||||
...
|
||||
|
@ -1,2 +1,3 @@
|
||||
---
|
||||
# RabbitMQ Additional Changes
|
||||
...
|
||||
|
@ -1,2 +1,3 @@
|
||||
---
|
||||
# no tasks yet
|
||||
...
|
||||
|
@ -7,3 +7,4 @@
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
...
|
||||
|
@ -7,3 +7,4 @@
|
||||
with_items:
|
||||
- httpd_can_network_connect_db
|
||||
- httpd_can_network_connect
|
||||
...
|
||||
|
@ -43,3 +43,4 @@
|
||||
with_items:
|
||||
- /etc/ssh/ssh_host_dsa_key.pub
|
||||
- /etc/ssh/ssh_host_dsa_key
|
||||
...
|
||||
|
@ -19,3 +19,4 @@
|
||||
|
||||
always:
|
||||
- debug: msg="Variables are now loaded"
|
||||
...
|
||||
|
@ -159,3 +159,4 @@ enable_svc:
|
||||
|
||||
syslog_packages:
|
||||
- rsyslog
|
||||
...
|
||||
|
@ -50,3 +50,4 @@ ipa_getcert_requested_hostnames:
|
||||
postcmd: "/bin/systemctl reload httpd"
|
||||
cnames:
|
||||
- "bugs.rockylinux.org"
|
||||
...
|
||||
|
@ -3,3 +3,4 @@
|
||||
smtp_user_name: "username"
|
||||
smtp_user_pass: "password"
|
||||
smtp_relayhost: "smtp.rockylinux.org"
|
||||
...
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user