Merge "Optimize reconfiguration for keystone"
This commit is contained in:
commit
490677b1a6
@ -1,6 +1,39 @@
|
||||
---
|
||||
project_name: "keystone"
|
||||
|
||||
keystone_services:
|
||||
keystone:
|
||||
container_name: "keystone"
|
||||
group: "keystone"
|
||||
enabled: true
|
||||
image: "{{ keystone_image_full }}"
|
||||
volumes:
|
||||
- "{{ node_config_directory }}/keystone/:{{ container_config_directory }}/:ro"
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "{% if keystone_token_provider == 'fernet' %}keystone_fernet_tokens:/etc/keystone/fernet-keys{% endif %}"
|
||||
keystone-ssh:
|
||||
container_name: "keystone_ssh"
|
||||
group: "keystone"
|
||||
enabled: "{{ keystone_token_provider == 'fernet' }}"
|
||||
image: "{{ keystone_ssh_image_full }}"
|
||||
volumes:
|
||||
- "{{ node_config_directory }}/keystone-ssh/:{{ container_config_directory }}/:ro"
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "keystone_fernet_tokens:/etc/keystone/fernet-keys"
|
||||
keystone-fernet:
|
||||
container_name: "keystone_fernet"
|
||||
group: "keystone"
|
||||
enabled: "{{ keystone_token_provider == 'fernet' }}"
|
||||
image: "{{ keystone_fernet_image_full }}"
|
||||
volumes:
|
||||
- "{{ node_config_directory }}/keystone-fernet/:{{ container_config_directory }}/:ro"
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "keystone_fernet_tokens:/etc/keystone/fernet-keys"
|
||||
|
||||
|
||||
####################
|
||||
# Database
|
||||
####################
|
||||
|
67
ansible/roles/keystone/handlers/main.yml
Normal file
67
ansible/roles/keystone/handlers/main.yml
Normal file
@ -0,0 +1,67 @@
|
||||
---
|
||||
- name: Restart keystone container
|
||||
vars:
|
||||
service_name: "keystone"
|
||||
service: "{{ keystone_services[service_name] }}"
|
||||
config_json: "{{ keystone_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
keystone_conf: "{{ keystone_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_json: "{{ keystone_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
keystone_container: "{{ check_keystone_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
kolla_docker:
|
||||
action: "recreate_or_restart_container"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
name: "{{ service.container_name }}"
|
||||
image: "{{ service.image }}"
|
||||
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
|
||||
when:
|
||||
- inventory_hostname in groups[service.group]
|
||||
- service.enabled | bool
|
||||
- config_json.changed | bool
|
||||
or keystone_conf.changed | bool
|
||||
or keystone_domains.changed | bool
|
||||
or policy_json.changed | bool
|
||||
or keystone_wsgi.changed | bool
|
||||
or keystone_paste_ini.changed | bool
|
||||
or keystone_container.changed | bool
|
||||
|
||||
- name: Restart keystone-fernet container
|
||||
vars:
|
||||
service_name: "keystone-fernet"
|
||||
service: "{{ keystone_services[service_name] }}"
|
||||
config_json: "{{ keystone_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
keystone_conf: "{{ keystone_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_json: "{{ keystone_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
keystone_fernet_container: "{{ check_keystone_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
kolla_docker:
|
||||
action: "recreate_or_restart_container"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
name: "{{ service.container_name }}"
|
||||
image: "{{ service.image }}"
|
||||
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
|
||||
when:
|
||||
- inventory_hostname in groups[service.group]
|
||||
- service.enabled | bool
|
||||
- config_json.changed | bool
|
||||
or keystone_conf.changed | bool
|
||||
or policy_json.changed | bool
|
||||
or keystone_fernet_confs.changed | bool
|
||||
or keystone_fernet_container.changed | bool
|
||||
|
||||
- name: Restart keystone-ssh container
|
||||
vars:
|
||||
service_name: "keystone-ssh"
|
||||
service: "{{ keystone_services[service_name] }}"
|
||||
config_json: "{{ keystone_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
keystone_ssh_container: "{{ check_keystone_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
kolla_docker:
|
||||
action: "recreate_or_restart_container"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
name: "{{ service.container_name }}"
|
||||
image: "{{ service.image }}"
|
||||
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
|
||||
when:
|
||||
- inventory_hostname in groups[service.group]
|
||||
- service.enabled | bool
|
||||
- config_json.changed | bool
|
||||
or keystone_ssh_confs.changed | bool
|
||||
or keystone_ssh_container.changed | bool
|
@ -1,5 +1,7 @@
|
||||
---
|
||||
- name: Running Keystone bootstrap container
|
||||
vars:
|
||||
keystone: "{{ keystone_services.keystone }}"
|
||||
kolla_docker:
|
||||
action: "start_container"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
@ -7,14 +9,11 @@
|
||||
environment:
|
||||
KOLLA_BOOTSTRAP:
|
||||
KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
|
||||
image: "{{ keystone_image_full }}"
|
||||
image: "{{ keystone.image }}"
|
||||
labels:
|
||||
BOOTSTRAP:
|
||||
name: "bootstrap_keystone"
|
||||
restart_policy: "never"
|
||||
volumes:
|
||||
- "{{ node_config_directory }}/keystone/:{{ container_config_directory }}/:ro"
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
volumes: "{{ keystone.volumes|reject('equalto', '')|list }}"
|
||||
run_once: True
|
||||
delegate_to: "{{ groups['keystone'][0] }}"
|
||||
|
@ -9,36 +9,43 @@
|
||||
|
||||
- name: Ensuring config directories exist
|
||||
file:
|
||||
path: "{{ node_config_directory }}/{{ item }}"
|
||||
path: "{{ node_config_directory }}/{{ item.key }}"
|
||||
state: "directory"
|
||||
recurse: yes
|
||||
with_items:
|
||||
- "keystone"
|
||||
- "keystone-fernet"
|
||||
- "keystone-ssh"
|
||||
when:
|
||||
- inventory_hostname in groups[item.value.group]
|
||||
- item.value.enabled
|
||||
with_dict: "{{ keystone_services }}"
|
||||
|
||||
- name: Creating Keystone Domain directory
|
||||
vars:
|
||||
keystone: "{{ keystone_services.keystone }}"
|
||||
file:
|
||||
dest: "{{ node_config_directory }}/{{ item }}/domains/"
|
||||
dest: "{{ node_config_directory }}/keystone/domains/"
|
||||
state: "directory"
|
||||
when:
|
||||
keystone_domain_cfg.stat.exists
|
||||
with_items:
|
||||
- "keystone"
|
||||
- inventory_hostname in groups[keystone.group]
|
||||
- keystone.enabled | bool
|
||||
- keystone_domain_cfg.stat.exists
|
||||
|
||||
- name: Copying over config.json files for services
|
||||
template:
|
||||
src: "{{ item }}.json.j2"
|
||||
dest: "{{ node_config_directory }}/{{ item }}/config.json"
|
||||
with_items:
|
||||
- "keystone"
|
||||
- "keystone-fernet"
|
||||
- "keystone-ssh"
|
||||
src: "{{ item.key }}.json.j2"
|
||||
dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
|
||||
register: keystone_config_jsons
|
||||
with_dict: "{{ keystone_services }}"
|
||||
when:
|
||||
- inventory_hostname in groups[item.value.group]
|
||||
- item.value.enabled
|
||||
notify:
|
||||
- Restart keystone container
|
||||
- Restart keystone-ssh container
|
||||
- Restart keystone-fernet container
|
||||
|
||||
- name: Copying over keystone.conf
|
||||
merge_configs:
|
||||
vars:
|
||||
service_name: "{{ item }}"
|
||||
service_name: "{{ item.key }}"
|
||||
sources:
|
||||
- "{{ role_path }}/templates/keystone.conf.j2"
|
||||
- "{{ node_custom_config }}/global.conf"
|
||||
@ -47,45 +54,78 @@
|
||||
- "{{ node_custom_config }}/keystone.conf"
|
||||
- "{{ node_custom_config }}/keystone/{{ item }}.conf"
|
||||
- "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/keystone.conf"
|
||||
dest: "{{ node_config_directory }}/{{ item }}/keystone.conf"
|
||||
with_items:
|
||||
- "keystone"
|
||||
- "keystone-fernet"
|
||||
- "keystone-ssh"
|
||||
dest: "{{ node_config_directory }}/{{ item.key }}/keystone.conf"
|
||||
register: keystone_confs
|
||||
with_dict: "{{ keystone_services }}"
|
||||
when:
|
||||
- inventory_hostname in groups[item.value.group]
|
||||
- item.key in [ "keystone", "keystone-fernet" ]
|
||||
- item.value.enabled | bool
|
||||
notify:
|
||||
- Restart keystone container
|
||||
- Restart keystone-fernet container
|
||||
|
||||
- name: Copying Keystone Domain specific settings
|
||||
vars:
|
||||
keystone: "{{ keystone_services.keystone }}"
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ node_config_directory }}/keystone/domains/"
|
||||
register: keystone_domains
|
||||
when:
|
||||
- inventory_hostname in groups[keystone.group]
|
||||
- keystone.enabled | bool
|
||||
with_fileglob:
|
||||
- "{{ node_custom_config }}/keystone/domains/*"
|
||||
notify:
|
||||
- Restart keystone container
|
||||
|
||||
- name: Copying over existing policy.json
|
||||
template:
|
||||
src: "{{ node_custom_config }}/keystone/policy.json"
|
||||
dest: "{{ node_config_directory }}/{{ item }}/policy.json"
|
||||
with_items:
|
||||
- "keystone"
|
||||
- "keystone-fernet"
|
||||
register: keystone_policy_jsons
|
||||
when:
|
||||
keystone_policy.stat.exists
|
||||
- inventory_hostname in groups[item.value.group]
|
||||
- item.key in [ "keystone", "keystone-fernet" ]
|
||||
- item.value.enabled | bool
|
||||
- keystone_policy.stat.exists
|
||||
with_dict: "{{ keystone_services }}"
|
||||
notify:
|
||||
- Restart keystone containers
|
||||
|
||||
- name: Copying over wsgi-keystone.conf
|
||||
vars:
|
||||
keystone: "{{ keystone_services.keystone }}"
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ node_config_directory }}/keystone/wsgi-keystone.conf"
|
||||
register: keystone_wsgi
|
||||
when:
|
||||
- inventory_hostname in groups[keystone.group]
|
||||
- keystone.enabled | bool
|
||||
with_first_found:
|
||||
- "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/wsgi-keystone.conf"
|
||||
- "{{ node_custom_config }}/keystone/wsgi-keystone.conf"
|
||||
- "wsgi-keystone.conf.j2"
|
||||
notify:
|
||||
- Restart keystone container
|
||||
|
||||
- name: Copying over keystone-paste.ini
|
||||
vars:
|
||||
keystone: "{{ keystone_services.keystone }}"
|
||||
merge_configs:
|
||||
sources:
|
||||
- "{{ role_path }}/templates/keystone-paste.ini.j2"
|
||||
- "{{ node_custom_config }}/keystone/keystone-paste.ini"
|
||||
- "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/keystone-paste.ini"
|
||||
dest: "{{ node_config_directory }}/keystone/keystone-paste.ini"
|
||||
register: keystone_paste_ini
|
||||
when:
|
||||
- inventory_hostname in groups[keystone.group]
|
||||
- keystone.enabled | bool
|
||||
notify:
|
||||
- Restart keystone container
|
||||
|
||||
- name: Generate the required cron jobs for the node
|
||||
local_action: "command python {{ role_path }}/files/fernet_rotate_cron_generator.py -t {{ (fernet_token_expiry | int) // 60 }} -i {{ groups['keystone'].index(inventory_hostname) }} -n {{ (groups['keystone'] | length) }}"
|
||||
@ -98,22 +138,53 @@
|
||||
when: keystone_token_provider == 'fernet'
|
||||
|
||||
- name: Copying files for keystone-fernet
|
||||
vars:
|
||||
keystone_fernet: "{{ keystone_services['keystone-fernet'] }}"
|
||||
template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ node_config_directory }}/keystone-fernet/{{ item.dest }}"
|
||||
register: keystone_fernet_confs
|
||||
with_items:
|
||||
- { src: "crontab.j2", dest: "crontab" }
|
||||
- { src: "fernet-rotate.sh.j2", dest: "fernet-rotate.sh" }
|
||||
- { src: "fernet-node-sync.sh.j2", dest: "fernet-node-sync.sh" }
|
||||
- { src: "id_rsa", dest: "id_rsa" }
|
||||
- { src: "ssh_config.j2", dest: "ssh_config" }
|
||||
when: keystone_token_provider == 'fernet'
|
||||
when:
|
||||
- inventory_hostname in groups[keystone_fernet.group]
|
||||
- keystone_fernet.enabled | bool
|
||||
notify:
|
||||
- Restart keystone-fernet container
|
||||
|
||||
- name: Copying files for keystone-ssh
|
||||
vars:
|
||||
keystone_ssh: "{{ keystone_services['keystone-ssh'] }}"
|
||||
template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ node_config_directory }}/keystone-ssh/{{ item.dest }}"
|
||||
register: keystone_ssh_confs
|
||||
with_items:
|
||||
- { src: "sshd_config.j2", dest: "sshd_config" }
|
||||
- { src: "id_rsa.pub", dest: "id_rsa.pub" }
|
||||
when: keystone_token_provider == 'fernet'
|
||||
when:
|
||||
- inventory_hostname in groups[keystone_ssh.group]
|
||||
- keystone_ssh.enabled | bool
|
||||
notify:
|
||||
- Restart keystone-ssh container
|
||||
|
||||
- name: Check keystone containers
|
||||
kolla_docker:
|
||||
action: "compare_container"
|
||||
name: "{{ item.value.container_name }}"
|
||||
image: "{{ item.value.image }}"
|
||||
volumes: "{{ item.value.volumes|reject('equalto', '')|list }}"
|
||||
when:
|
||||
- action != 'genconfig'
|
||||
- inventory_hostname in groups[item.value.group]
|
||||
- item.value.enabled | bool
|
||||
register: check_keystone_containers
|
||||
with_dict: "{{ keystone_services }}"
|
||||
notify:
|
||||
- Restart keystone container
|
||||
- Restart keystone-ssh container
|
||||
- Restart keystone-fernet container
|
||||
|
@ -5,8 +5,8 @@
|
||||
- include: bootstrap.yml
|
||||
when: inventory_hostname in groups['keystone']
|
||||
|
||||
- include: start.yml
|
||||
when: inventory_hostname in groups['keystone']
|
||||
- name: Flush handlers
|
||||
meta: flush_handlers
|
||||
|
||||
- include: init_fernet.yml
|
||||
when:
|
||||
|
@ -1,25 +1,10 @@
|
||||
---
|
||||
- name: Pulling keystone image
|
||||
- name: Pulling keystone images
|
||||
kolla_docker:
|
||||
action: "pull_image"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
image: "{{ keystone_image_full }}"
|
||||
when: inventory_hostname in groups['keystone']
|
||||
|
||||
- name: Pulling keystone_fernet image
|
||||
kolla_docker:
|
||||
action: "pull_image"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
image: "{{ keystone_fernet_image_full }}"
|
||||
image: "{{ item.image }}"
|
||||
when:
|
||||
- inventory_hostname in groups['keystone']
|
||||
- keystone_token_provider == 'fernet'
|
||||
|
||||
- name: Pulling keystone_ssh image
|
||||
kolla_docker:
|
||||
action: "pull_image"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
image: "{{ keystone_ssh_image_full }}"
|
||||
when:
|
||||
- inventory_hostname in groups['keystone']
|
||||
- keystone_token_provider == 'fernet'
|
||||
- inventory_hostname in groups[image.group]
|
||||
- image.enabled | bool
|
||||
with_dict: "{{ keystone_services }}"
|
||||
|
@ -1,79 +0,0 @@
|
||||
---
|
||||
- name: Set variable for keystone components used in reconfigure
|
||||
set_fact:
|
||||
keystone_items:
|
||||
- { name: keystone, group: keystone }
|
||||
|
||||
- name: Create fernet related components for variable if fernet is enabled
|
||||
set_fact:
|
||||
keystone_fernet_items:
|
||||
- { name: keystone_fernet, group: keystone }
|
||||
- { name: keystone_ssh, group: keystone }
|
||||
when: keystone_token_provider == 'fernet'
|
||||
|
||||
- name: Merge fernet related components to variable if fernet is enabled
|
||||
set_fact:
|
||||
keystone_items: "{{ keystone_items + keystone_fernet_items }}"
|
||||
when: keystone_token_provider == 'fernet'
|
||||
|
||||
- name: Ensuring the containers up
|
||||
kolla_docker:
|
||||
name: "{{ item.name }}"
|
||||
action: "get_container_state"
|
||||
register: container_state
|
||||
failed_when: container_state.Running == false
|
||||
when: inventory_hostname in groups[item.group]
|
||||
with_items: "{{ keystone_items }}"
|
||||
|
||||
- include: config.yml
|
||||
|
||||
- name: Check the configs
|
||||
command: docker exec {{ item.name }} /usr/local/bin/kolla_set_configs --check
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
register: check_results
|
||||
when: inventory_hostname in groups[item.group]
|
||||
with_items: "{{ keystone_items }}"
|
||||
|
||||
# NOTE(jeffrey4l): when config_strategy == 'COPY_ALWAYS'
|
||||
# and container env['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE',
|
||||
# just remove the container and start again
|
||||
- name: Containers config strategy
|
||||
kolla_docker:
|
||||
name: "{{ item.name }}"
|
||||
action: "get_container_env"
|
||||
register: container_envs
|
||||
when: inventory_hostname in groups[item.group]
|
||||
with_items: "{{ keystone_items }}"
|
||||
|
||||
|
||||
- name: Remove the containers
|
||||
kolla_docker:
|
||||
name: "{{ item[0]['name'] }}"
|
||||
action: "remove_container"
|
||||
register: remove_containers
|
||||
when:
|
||||
- config_strategy == "COPY_ONCE" or item[1]['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE'
|
||||
- item[2]['rc'] == 1
|
||||
- inventory_hostname in groups[item[0]['group']]
|
||||
with_together:
|
||||
- "{{ keystone_items }}"
|
||||
- "{{ container_envs.results }}"
|
||||
- "{{ check_results.results }}"
|
||||
|
||||
- include: start.yml
|
||||
when: remove_containers.changed
|
||||
|
||||
- name: Restart containers
|
||||
kolla_docker:
|
||||
name: "{{ item[0]['name'] }}"
|
||||
action: "restart_container"
|
||||
when:
|
||||
- config_strategy == 'COPY_ALWAYS'
|
||||
- item[1]['KOLLA_CONFIG_STRATEGY'] != 'COPY_ONCE'
|
||||
- item[2]['rc'] == 1
|
||||
- inventory_hostname in groups[item[0]['group']]
|
||||
with_together:
|
||||
- "{{ keystone_items }}"
|
||||
- "{{ container_envs.results }}"
|
||||
- "{{ check_results.results }}"
|
1
ansible/roles/keystone/tasks/reconfigure.yml
Symbolic link
1
ansible/roles/keystone/tasks/reconfigure.yml
Symbolic link
@ -0,0 +1 @@
|
||||
deploy.yml
|
@ -1,49 +0,0 @@
|
||||
---
|
||||
- name: Set variable for initial keystone volumes
|
||||
set_fact:
|
||||
keystone_volumes:
|
||||
- "{{ node_config_directory }}/keystone/:{{ container_config_directory }}/:ro"
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
|
||||
- name: Add fernet volume to keystone volumes variable if fernet enabled
|
||||
set_fact:
|
||||
keystone_volumes: "{{ keystone_volumes + [\"keystone_fernet_tokens:/etc/keystone/fernet-keys\"] }}"
|
||||
when: keystone_token_provider == 'fernet'
|
||||
|
||||
- name: Starting keystone container
|
||||
kolla_docker:
|
||||
action: "start_container"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
image: "{{ keystone_image_full }}"
|
||||
name: "keystone"
|
||||
volumes: "{{ keystone_volumes }}"
|
||||
|
||||
- name: Wait for keystone startup
|
||||
wait_for: host={{ kolla_internal_fqdn }} port={{ keystone_admin_port }}
|
||||
|
||||
- name: Starting keystone-ssh container
|
||||
kolla_docker:
|
||||
action: "start_container"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
image: "{{ keystone_ssh_image_full }}"
|
||||
name: "keystone_ssh"
|
||||
volumes:
|
||||
- "{{ node_config_directory }}/keystone-ssh/:{{ container_config_directory }}/:ro"
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "keystone_fernet_tokens:/etc/keystone/fernet-keys"
|
||||
when: keystone_token_provider == 'fernet'
|
||||
|
||||
- name: Starting keystone-fernet container
|
||||
kolla_docker:
|
||||
action: "start_container"
|
||||
common_options: "{{ docker_common_options }}"
|
||||
image: "{{ keystone_fernet_image_full }}"
|
||||
name: "keystone_fernet"
|
||||
volumes:
|
||||
- "{{ node_config_directory }}/keystone-fernet/:{{ container_config_directory }}/:ro"
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
- "kolla_logs:/var/log/kolla/"
|
||||
- "keystone_fernet_tokens:/etc/keystone/fernet-keys"
|
||||
when: keystone_token_provider == 'fernet'
|
@ -3,4 +3,5 @@
|
||||
|
||||
- include: bootstrap_service.yml
|
||||
|
||||
- include: start.yml
|
||||
- name: Flush handlers
|
||||
meta: flush_handlers
|
||||
|
Loading…
Reference in New Issue
Block a user