Paravoid showed me the state of uids of mysql:
http://p.defau.lt/?_K2R6dqw0Az4lNouwpoYKQ
Recenty, system => true was added to the wmf-mariadb10 profile, but if hasn't been applied (obviously).
Make sure it is also true for the mysql group.
Paravoid showed me the state of uids of mysql:
http://p.defau.lt/?_K2R6dqw0Az4lNouwpoYKQ
Recenty, system => true was added to the wmf-mariadb10 profile, but if hasn't been applied (obviously).
Make sure it is also true for the mysql group.
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Invalid | None | T168494 tracking task: jessie -> stretch | |||
Resolved | jcrespo | T168356 Prepare mysql hosts for stretch | |||
Resolved | jcrespo | T100501 mysql user and group should be a system user/group |
Change 336800 had a related patch set uploaded (by Jcrespo):
Resolve hanging mysql group with uid 1000 for new reimages
Change 336800 merged by Jcrespo:
Resolve hanging mysql group with uid 1000 for new reimages
Change 337912 had a related patch set uploaded (by Jcrespo):
Update mariadb module to deploy mysql group changes for stretch
Change 337912 merged by Jcrespo:
Update mariadb module to deploy mysql group changes for stretch
The user part should be fixed, or fixed when all trusties are decommissioned.
The group part will take effect starting on stretch.
This is mostly done except for the little task of reimaging 100+ servers.
@faidon unless I am mistaken, this task you asked me to do some time ago is already fixed on puppet- "only" thing pending is to reimage the whole fleet into stretch:
root@db2072:/opt$ grep mysql /etc/passwd mysql:x:998:999::/nonexistent:/bin/false root@db2072:/opt$ grep mysql /etc/group mysql:x:999:
So only pending labsdb1004,labsdb1005, dbstore1002 and the parsercache
For those, a non-system user is used, that is why https://gerrit.wikimedia.org/r/454291 can be merged already, but the group is non-user (greater or equal to 1000).
There may be some other hosts on cloud and analytics we don't know of.
Once everthing is on stretch or larger, we can remove the conditional on mariadb::config.
Change 461035 had a related patch set uploaded (by Jcrespo; owner: Jcrespo):
[operations/puppet@production] mariadb: Remove conditional for system user
Change 461035 had a related patch set uploaded (by Jcrespo; owner: Jcrespo):
[operations/puppet@production] mariadb: Remove conditional for system user
Change 461035 merged by Jcrespo:
[operations/puppet@production] mariadb: Remove conditional for system user