Move remaining x stuff to main directory

resources/data_container/actions/echo.yml

@@ -0,0 +1,5 @@
+
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - shell: echo `/sbin/ifconfig`

resources/data_container/actions/remove.yml

@@ -0,0 +1,6 @@
+
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - shell: docker stop {{ name }}
+    - shell: docker rm {{ name }}

resources/data_container/actions/run.yml

@@ -0,0 +1,20 @@
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - docker:
+       name: {{ name }}
+       image: {{ image }}
+       state: running
+       net: host
+       ports:
+         {% for port in ports.value %}
+         - {{ port['value'] }}:{{ port['value'] }}
+         {% endfor %}
+       volumes:
+         # TODO: host_binds might need more work
+         # Currently it's not that trivial to pass custom src: dst here
+         # (when a config variable is passed here from other resource)
+         # so we mount it to the same directory as on host
+         {% for bind in host_binds.value %}
+         - {{ bind['value']['src'] }}:{{ bind['value']['dst'] }}:{{ bind['value'].get('mode', 'ro') }}
+         {% endfor %}

resources/data_container/meta.yaml

@@ -0,0 +1,7 @@
+id: data_container
+handler: ansible
+version: 1.0.0
+input:
+    ip:
+    image: 
+    export_volumes:    

resources/docker_container/actions/remove.yml

@@ -0,0 +1,6 @@
+
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - shell: docker stop {{ name }}
+    - shell: docker rm {{ name }}

resources/docker_container/actions/run.yml

@@ -0,0 +1,21 @@
+
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - docker:
+       name: {{ name }}
+       image: {{ image }}
+       state: running
+       net: host
+       ports:
+         {% for port in ports.value %}
+         - {{ port['value'] }}:{{ port['value'] }}
+         {% endfor %}
+       volumes:
+         # TODO: host_binds might need more work
+         # Currently it's not that trivial to pass custom src: dst here
+         # (when a config variable is passed here from other resource)
+         # so we mount it to the same directory as on host
+         {% for bind in host_binds.value %}
+         - {{ bind['value']['src'] }}:{{ bind['value']['dst'] }}:{{ bind['value'].get('mode', 'ro') }}
+         {% endfor %}

resources/docker_container/meta.yaml

@@ -0,0 +1,15 @@
+id: container
+handler: ansible
+version: 1.0.0
+input:
+    ip:
+    image:
+    ports:
+    host_binds:
+    volume_binds:
+    ssh_user:
+    ssh_key:
+input-types:
+    ports:
+    host_binds: list
+    volume_binds: list

resources/file/actions/remove.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+rm {{ path }}

resources/file/actions/run.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+touch {{ path }}

resources/file/meta.yaml

@@ -0,0 +1,5 @@
+id: file
+handler: shell
+version: 1.0.0
+input:
+    path: /tmp/test_file

resources/haproxy/actions/remove.yml

@@ -0,0 +1,5 @@
+# TODO
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - file: path={{ config_dir.value['src'] }} state=absent

resources/haproxy/actions/run.yml

@@ -0,0 +1,21 @@
+# TODO
+- hosts: [{{ ip }}]
+  sudo: yes
+  vars:
+    config_dir: {src: {{ config_dir.value['src'] }}, dst: {{ config_dir.value['dst'] }}}
+    haproxy_ip: {{ ip }}
+    haproxy_services:
+      {% for service, ports, listen_port in zip(configs.value, configs_ports.value, listen_ports.value) %}
+      - name: {{ service['emitter_attached_to'] }}
+        listen_port: {{ listen_port['value'] }}
+        servers:
+          {% for server_ip, server_port in zip(service['value'], ports['value']) %}
+          - name: {{ server_ip['emitter_attached_to'] }}
+            ip: {{ server_ip['value'] }}
+            port: {{ server_port['value'] }}
+          {% endfor %}
+      {% endfor %}
+  tasks:
+    - file: path={{ config_dir.value['src'] }}/ state=directory
+    - file: path={{ config_dir.value['src'] }}/haproxy.cfg state=touch
+    - template: src=/vagrant/haproxy.cfg dest={{ config_dir.value['src'] }}/haproxy.cfg

resources/haproxy/meta.yaml

@@ -0,0 +1,17 @@
+id: haproxy
+handler: ansible
+version: 1.0.0
+input:
+    ip:
+    config_dir: {src: /etc/solar/haproxy, dst: /etc/haproxy}
+    listen_ports:
+    configs:
+    configs_names:
+    configs_ports:
+    ssh_user:
+    ssh_key:
+input-types:
+    listen_ports: list
+    configs: list
+    configs_names: list
+    configs_ports: list

resources/haproxy_config/meta.yaml

@@ -0,0 +1,11 @@
+id: haproxy_config
+handler: none
+version: 1.0.0
+input:
+    name:
+    listen_port:
+    ports:
+    servers:
+input-types:
+    ports: list
+    servers: list

resources/keystone_config/actions/remove.yml

@@ -0,0 +1,4 @@
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - file: path={{config_dir}} state=absent

resources/keystone_config/actions/run.yml

@@ -0,0 +1,14 @@
+- hosts: [{{ ip }}]
+  sudo: yes
+  vars:
+    admin_token: {{admin_token}}
+    db_user: {{db_user}}
+    db_password: {{db_password}}
+    db_host: {{db_host}}
+    db_name: {{db_name}}
+  tasks:
+    - file: path={{config_dir}} state=directory
+    - template: src={{resource_dir}}/templates/keystone.conf dest={{config_dir}}/keystone.conf
+    - template: src={{resource_dir}}/templates/default_catalog.templates dest={{config_dir}}/default_catalog.templates
+    - template: src={{resource_dir}}/templates/logging.conf dest={{config_dir}}/logging.conf
+    - template: src={{resource_dir}}/templates/policy.json dest={{config_dir}}/policy.json

resources/keystone_config/meta.yaml

@@ -0,0 +1,13 @@
+id: keystone_config
+handler: ansible
+version: 1.0.0
+input:
+    config_dir:
+    admin_token:
+    db_user:
+    db_password:
+    db_host:
+    db_name:
+    ip:
+    ssh_key:
+    ssh_user:

resources/keystone_config/templates/default_catalog.templates

@@ -0,0 +1,27 @@
+# config for templated.Catalog, using camelCase because I don't want to do
+# translations for keystone compat
+catalog.RegionOne.identity.publicURL = http://localhost:$(public_port)s/v2.0
+catalog.RegionOne.identity.adminURL = http://localhost:$(admin_port)s/v2.0
+catalog.RegionOne.identity.internalURL = http://localhost:$(public_port)s/v2.0
+catalog.RegionOne.identity.name = Identity Service
+
+# fake compute service for now to help novaclient tests work
+catalog.RegionOne.compute.publicURL = http://localhost:8774/v1.1/$(tenant_id)s
+catalog.RegionOne.compute.adminURL = http://localhost:8774/v1.1/$(tenant_id)s
+catalog.RegionOne.compute.internalURL = http://localhost:8774/v1.1/$(tenant_id)s
+catalog.RegionOne.compute.name = Compute Service
+
+catalog.RegionOne.volume.publicURL = http://localhost:8776/v1/$(tenant_id)s
+catalog.RegionOne.volume.adminURL = http://localhost:8776/v1/$(tenant_id)s
+catalog.RegionOne.volume.internalURL = http://localhost:8776/v1/$(tenant_id)s
+catalog.RegionOne.volume.name = Volume Service
+
+catalog.RegionOne.ec2.publicURL = http://localhost:8773/services/Cloud
+catalog.RegionOne.ec2.adminURL = http://localhost:8773/services/Admin
+catalog.RegionOne.ec2.internalURL = http://localhost:8773/services/Cloud
+catalog.RegionOne.ec2.name = EC2 Service
+
+catalog.RegionOne.image.publicURL = http://localhost:9292/v1
+catalog.RegionOne.image.adminURL = http://localhost:9292/v1
+catalog.RegionOne.image.internalURL = http://localhost:9292/v1
+catalog.RegionOne.image.name = Image Service

resources/keystone_config/templates/logging.conf

@@ -0,0 +1,65 @@
+[loggers]
+keys=root,access
+
+[handlers]
+keys=production,file,access_file,devel
+
+[formatters]
+keys=minimal,normal,debug
+
+
+###########
+# Loggers #
+###########
+
+[logger_root]
+level=WARNING
+handlers=file
+
+[logger_access]
+level=INFO
+qualname=access
+handlers=access_file
+
+
+################
+# Log Handlers #
+################
+
+[handler_production]
+class=handlers.SysLogHandler
+level=ERROR
+formatter=normal
+args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER)
+
+[handler_file]
+class=handlers.WatchedFileHandler
+level=WARNING
+formatter=normal
+args=('error.log',)
+
+[handler_access_file]
+class=handlers.WatchedFileHandler
+level=INFO
+formatter=minimal
+args=('access.log',)
+
+[handler_devel]
+class=StreamHandler
+level=NOTSET
+formatter=debug
+args=(sys.stdout,)
+
+
+##################
+# Log Formatters #
+##################
+
+[formatter_minimal]
+format=%(message)s
+
+[formatter_normal]
+format=(%(name)s): %(asctime)s %(levelname)s %(message)s
+
+[formatter_debug]
+format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s

resources/keystone_config/templates/policy.json

@@ -0,0 +1,171 @@
+{
+    "admin_required": "role:admin or is_admin:1",
+    "service_role": "role:service",
+    "service_or_admin": "rule:admin_required or rule:service_role",
+    "owner" : "user_id:%(user_id)s",
+    "admin_or_owner": "rule:admin_required or rule:owner",
+
+    "default": "rule:admin_required",
+
+    "identity:get_region": "",
+    "identity:list_regions": "",
+    "identity:create_region": "rule:admin_required",
+    "identity:update_region": "rule:admin_required",
+    "identity:delete_region": "rule:admin_required",
+
+    "identity:get_service": "rule:admin_required",
+    "identity:list_services": "rule:admin_required",
+    "identity:create_service": "rule:admin_required",
+    "identity:update_service": "rule:admin_required",
+    "identity:delete_service": "rule:admin_required",
+
+    "identity:get_endpoint": "rule:admin_required",
+    "identity:list_endpoints": "rule:admin_required",
+    "identity:create_endpoint": "rule:admin_required",
+    "identity:update_endpoint": "rule:admin_required",
+    "identity:delete_endpoint": "rule:admin_required",
+
+    "identity:get_domain": "rule:admin_required",
+    "identity:list_domains": "rule:admin_required",
+    "identity:create_domain": "rule:admin_required",
+    "identity:update_domain": "rule:admin_required",
+    "identity:delete_domain": "rule:admin_required",
+
+    "identity:get_project": "rule:admin_required",
+    "identity:list_projects": "rule:admin_required",
+    "identity:list_user_projects": "rule:admin_or_owner",
+    "identity:create_project": "rule:admin_required",
+    "identity:update_project": "rule:admin_required",
+    "identity:delete_project": "rule:admin_required",
+
+    "identity:get_user": "rule:admin_required",
+    "identity:list_users": "rule:admin_required",
+    "identity:create_user": "rule:admin_required",
+    "identity:update_user": "rule:admin_required",
+    "identity:delete_user": "rule:admin_required",
+    "identity:change_password": "rule:admin_or_owner",
+
+    "identity:get_group": "rule:admin_required",
+    "identity:list_groups": "rule:admin_required",
+    "identity:list_groups_for_user": "rule:admin_or_owner",
+    "identity:create_group": "rule:admin_required",
+    "identity:update_group": "rule:admin_required",
+    "identity:delete_group": "rule:admin_required",
+    "identity:list_users_in_group": "rule:admin_required",
+    "identity:remove_user_from_group": "rule:admin_required",
+    "identity:check_user_in_group": "rule:admin_required",
+    "identity:add_user_to_group": "rule:admin_required",
+
+    "identity:get_credential": "rule:admin_required",
+    "identity:list_credentials": "rule:admin_required",
+    "identity:create_credential": "rule:admin_required",
+    "identity:update_credential": "rule:admin_required",
+    "identity:delete_credential": "rule:admin_required",
+
+    "identity:ec2_get_credential": "rule:admin_or_owner",
+    "identity:ec2_list_credentials": "rule:admin_or_owner",
+    "identity:ec2_create_credential": "rule:admin_or_owner",
+    "identity:ec2_delete_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)",
+
+    "identity:get_role": "rule:admin_required",
+    "identity:list_roles": "rule:admin_required",
+    "identity:create_role": "rule:admin_required",
+    "identity:update_role": "rule:admin_required",
+    "identity:delete_role": "rule:admin_required",
+
+    "identity:check_grant": "rule:admin_required",
+    "identity:list_grants": "rule:admin_required",
+    "identity:create_grant": "rule:admin_required",
+    "identity:revoke_grant": "rule:admin_required",
+
+    "identity:list_role_assignments": "rule:admin_required",
+
+    "identity:get_policy": "rule:admin_required",
+    "identity:list_policies": "rule:admin_required",
+    "identity:create_policy": "rule:admin_required",
+    "identity:update_policy": "rule:admin_required",
+    "identity:delete_policy": "rule:admin_required",
+
+    "identity:check_token": "rule:admin_required",
+    "identity:validate_token": "rule:service_or_admin",
+    "identity:validate_token_head": "rule:service_or_admin",
+    "identity:revocation_list": "rule:service_or_admin",
+    "identity:revoke_token": "rule:admin_or_owner",
+
+    "identity:create_trust": "user_id:%(trust.trustor_user_id)s",
+    "identity:get_trust": "rule:admin_or_owner",
+    "identity:list_trusts": "",
+    "identity:list_roles_for_trust": "",
+    "identity:check_role_for_trust": "",
+    "identity:get_role_for_trust": "",
+    "identity:delete_trust": "",
+
+    "identity:create_consumer": "rule:admin_required",
+    "identity:get_consumer": "rule:admin_required",
+    "identity:list_consumers": "rule:admin_required",
+    "identity:delete_consumer": "rule:admin_required",
+    "identity:update_consumer": "rule:admin_required",
+
+    "identity:authorize_request_token": "rule:admin_required",
+    "identity:list_access_token_roles": "rule:admin_required",
+    "identity:get_access_token_role": "rule:admin_required",
+    "identity:list_access_tokens": "rule:admin_required",
+    "identity:get_access_token": "rule:admin_required",
+    "identity:delete_access_token": "rule:admin_required",
+
+    "identity:list_projects_for_endpoint": "rule:admin_required",
+    "identity:add_endpoint_to_project": "rule:admin_required",
+    "identity:check_endpoint_in_project": "rule:admin_required",
+    "identity:list_endpoints_for_project": "rule:admin_required",
+    "identity:remove_endpoint_from_project": "rule:admin_required",
+
+    "identity:create_endpoint_group": "rule:admin_required",
+    "identity:list_endpoint_groups": "rule:admin_required",
+    "identity:get_endpoint_group": "rule:admin_required",
+    "identity:update_endpoint_group": "rule:admin_required",
+    "identity:delete_endpoint_group": "rule:admin_required",
+    "identity:list_projects_associated_with_endpoint_group": "rule:admin_required",
+    "identity:list_endpoints_associated_with_endpoint_group": "rule:admin_required",
+    "identity:list_endpoint_groups_for_project": "rule:admin_required",
+    "identity:add_endpoint_group_to_project": "rule:admin_required",
+    "identity:remove_endpoint_group_from_project": "rule:admin_required",
+
+    "identity:create_identity_provider": "rule:admin_required",
+    "identity:list_identity_providers": "rule:admin_required",
+    "identity:get_identity_providers": "rule:admin_required",
+    "identity:update_identity_provider": "rule:admin_required",
+    "identity:delete_identity_provider": "rule:admin_required",
+
+    "identity:create_protocol": "rule:admin_required",
+    "identity:update_protocol": "rule:admin_required",
+    "identity:get_protocol": "rule:admin_required",
+    "identity:list_protocols": "rule:admin_required",
+    "identity:delete_protocol": "rule:admin_required",
+
+    "identity:create_mapping": "rule:admin_required",
+    "identity:get_mapping": "rule:admin_required",
+    "identity:list_mappings": "rule:admin_required",
+    "identity:delete_mapping": "rule:admin_required",
+    "identity:update_mapping": "rule:admin_required",
+
+    "identity:get_auth_catalog": "",
+    "identity:get_auth_projects": "",
+    "identity:get_auth_domains": "",
+
+    "identity:list_projects_for_groups": "",
+    "identity:list_domains_for_groups": "",
+
+    "identity:list_revoke_events": "",
+
+    "identity:create_policy_association_for_endpoint": "rule:admin_required",
+    "identity:check_policy_association_for_endpoint": "rule:admin_required",
+    "identity:delete_policy_association_for_endpoint": "rule:admin_required",
+    "identity:create_policy_association_for_service": "rule:admin_required",
+    "identity:check_policy_association_for_service": "rule:admin_required",
+    "identity:delete_policy_association_for_service": "rule:admin_required",
+    "identity:create_policy_association_for_region_and_service": "rule:admin_required",
+    "identity:check_policy_association_for_region_and_service": "rule:admin_required",
+    "identity:delete_policy_association_for_region_and_service": "rule:admin_required",
+    "identity:get_policy_for_endpoint": "rule:admin_required",
+    "identity:list_endpoints_for_policy": "rule:admin_required"
+}

resources/keystone_service/actions/remove.yml

@@ -0,0 +1,6 @@
+# TODO
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - shell: docker stop {{ name }}
+    - shell: docker rm {{ name }}

resources/keystone_service/actions/run.yml

@@ -0,0 +1,17 @@
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - name: keystone container
+      docker:
+        command: /bin/bash -c "keystone-manage db_sync && /usr/bin/keystone-all"
+        name: {{ name }}
+        image: {{ image }}
+        state: running
+        expose:
+        - 5000
+        - 35357
+        ports:
+        - {{ port }}:5000
+        - {{ admin_port }}:35357
+        volumes:
+        - {{ config_dir }}:/etc/keystone

resources/keystone_service/meta.yaml

@@ -0,0 +1,11 @@
+id: keystone
+handler: ansible
+version: 1.0.0
+input:
+    image: kollaglue/centos-rdo-keystone
+    config_dir:
+    port:
+    admin_port:
+    ip:
+    ssh_key:
+    ssh_user:

resources/keystone_user/actions/remove.yml

@@ -0,0 +1,6 @@
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - name: keystone user
+    - keystone_user: endpoint=http://{keystone_host}}:{{keystone_port}}/v2.0/ user={{user_name}} tenant={{tenant_name}} state=absent
+    - keystone_user: endpoint=http://{keystone_host}}:{{keystone_port}}/v2.0/ tenant={{tenant_name}} state=absent

resources/keystone_user/actions/run.yml

@@ -0,0 +1,6 @@
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - name: keystone user
+    - keystone_user: endpoint=http://{keystone_host}}:{{keystone_port}}/v2.0/ tenant={{tenant_name}} state=present
+    - keystone_user: endpoint=http://{keystone_host}}:{{keystone_port}}/v2.0/ user={{user_name}} password={{user_password}} tenant={{tenant_name}} state=present

resources/keystone_user/meta.yaml

@@ -0,0 +1,14 @@
+id: keystone_user
+handler: ansible
+version: 1.0.0
+input:
+    keystone_host:
+    keystone_port:
+    login_user:
+    login_token:
+    user_name:
+    user_password:
+    tenant_name:
+    ip:
+    ssh_key:
+    ssh_user:

resources/mariadb_db/actions/remove.yml

@@ -0,0 +1,11 @@
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - name: mariadb db
+      mysql_db:
+        name: {{db_name}}
+        state: absent
+        login_user: root
+        login_password: {{login_password}}
+        login_port: {{login_port}}
+        login_host: 127.0.0.1

resources/mariadb_db/actions/run.yml

@@ -0,0 +1,11 @@
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - name: mariadb db
+      mysql_db:
+        name: {{db_name}}
+        state: present
+        login_user: root
+        login_password: {{login_password}}
+        login_port: {{login_port}}
+        login_host: 127.0.0.1

resources/mariadb_db/meta.yaml

@@ -0,0 +1,14 @@
+id: mariadb_table
+handler: ansible
+version: 1.0.0
+actions:
+    run: run.yml
+    remove: remove.yml
+input:
+    db_name:
+    login_password:
+    login_port:
+    login_user:
+    ip: 
+    ssh_key: 
+    ssh_user: 

resources/mariadb_service/actions/remove.yml

@@ -0,0 +1,8 @@
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - name: mariadb container
+      docker:
+        name: {{ name }}
+        image: {{ image }}
+        state: absent

resources/mariadb_service/actions/run.yml

@@ -0,0 +1,12 @@
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - name: mariadb container
+      docker:
+        name: {{ name }}
+        image: {{ image }}
+        state: running
+        ports:
+        - {{ port }}:3306
+        env:
+            MYSQL_ROOT_PASSWORD: {{ root_password }}

resources/mariadb_service/meta.yaml

@@ -0,0 +1,10 @@
+id: mariadb
+handler: ansible
+version: 1.0.0
+input:
+    image: 
+    root_password: 
+    port: 
+    ip: 
+    ssh_key: 
+    ssh_user: 

resources/mariadb_user/actions/remove.yml

@@ -0,0 +1,11 @@
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - name: mariadb user
+      mysql_user:
+        name: {{new_user_name}}
+        state: absent
+        login_user: root
+        login_password: {{login_password}}
+        login_port: {{login_port}}
+        login_host: 127.0.0.1

resources/mariadb_user/actions/run.yml

@@ -0,0 +1,14 @@
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - name: mariadb user
+      mysql_user:
+        name: {{new_user_name}}
+        password: {{new_user_password}}
+        priv: {{db_name}}.*:ALL
+        host: '%'
+        state: present
+        login_user: root
+        login_password: {{login_password}}
+        login_port: {{login_port}}
+        login_host: 127.0.0.1

resources/mariadb_user/meta.yaml

@@ -0,0 +1,16 @@
+id: mariadb_user
+handler: ansible
+version: 1.0.0
+actions:
+    run: run.yml
+    remove: remove.yml
+input:
+    new_user_password:
+    new_user_name:
+    db_name:
+    login_password:
+    login_port:
+    login_user:
+    ip: 
+    ssh_key: 
+    ssh_user: 

resources/nova/actions/remove.yml

@@ -0,0 +1,6 @@
+# TODO
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - shell: docker stop {{ name }}
+    - shell: docker rm {{ name }}

resources/nova/actions/run.yml

@@ -0,0 +1,6 @@
+# TODO
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - shell: docker run -d --net="host" --privileged \
+        --name {{ name }} {{ image }}

resources/nova/meta.yaml

@@ -0,0 +1,7 @@
+id: nova
+handler: ansible
+version: 1.0.0
+input:
+    ip:
+    port: 8774
+    image: # TODO

resources/ro_node/meta.yaml

@@ -0,0 +1,8 @@
+id: mariadb
+handler: none
+version: 1.0.0
+actions:
+input:
+    ip:
+    ssh_key:
+    ssh_user: