Page MenuHomePhabricator
Create Task
Maniphest T100501

mysql user and group should be a system user/group
Closed, ResolvedPublic
Actions

Description

Paravoid showed me the state of uids of mysql:

http://p.defau.lt/?_K2R6dqw0Az4lNouwpoYKQ

Recenty, system => true was added to the wmf-mariadb10 profile, but if hasn't been applied (obviously).

Make sure it is also true for the mysql group.

Details

SubjectRepoBranchLines +/-
mariadb: Remove conditional for system useroperations/puppetproduction+3 -10
Update mariadb module to deploy mysql group changes for stretchoperations/puppetproduction+1 -1
Resolve hanging mysql group with uid 1000 for new reimagesoperations/puppet/mariadbmaster+10 -2
Customize query in gerrit

Related Objects
Search...

Event Timeline

jcrespo created this task.May 27 2015, 10:56 AM
jcrespo raised the priority of this task from to Needs Triage.
jcrespo updated the task description. (Show Details)
jcrespo added a project: DBA.
jcrespo subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 27 2015, 10:56 AM
Aklapper added a project: WMF-General-or-Unknown.May 28 2015, 9:43 AM
Ciencia_Al_Poder edited projects, added acl*sre-team; removed WMF-General-or-Unknown.May 28 2015, 9:51 AM
Ciencia_Al_Poder set Security to None.
chasemp triaged this task as Medium priority.Jun 1 2015, 7:03 PM
jcrespo lowered the priority of this task from Medium to Low.May 4 2016, 9:49 AM
jcrespo moved this task from Triage to Backlog on the DBA board.
gerritbot subscribed.Feb 9 2017, 2:25 PM

Change 336800 had a related patch set uploaded (by Jcrespo):
Resolve hanging mysql group with uid 1000 for new reimages

https://gerrit.wikimedia.org/r/336800

gerritbot added a project: Patch-For-Review.Feb 9 2017, 2:25 PM
gerritbot added a comment.Feb 15 2017, 7:48 PM

Change 336800 merged by Jcrespo:
Resolve hanging mysql group with uid 1000 for new reimages

https://gerrit.wikimedia.org/r/336800

gerritbot added a comment.Feb 15 2017, 7:52 PM

Change 337912 had a related patch set uploaded (by Jcrespo):
Update mariadb module to deploy mysql group changes for stretch

https://gerrit.wikimedia.org/r/337912

gerritbot added a comment.Feb 15 2017, 8:05 PM

Change 337912 merged by Jcrespo:
Update mariadb module to deploy mysql group changes for stretch

https://gerrit.wikimedia.org/r/337912

jcrespo added a comment.Feb 15 2017, 8:09 PM

The user part should be fixed, or fixed when all trusties are decommissioned.

The group part will take effect starting on stretch.

This is mostly done except for the little task of reimaging 100+ servers.

jcrespo added a parent task: T168356: Prepare mysql hosts for stretch.Jun 20 2017, 6:49 AM
jcrespo added a subscriber: faidon.Jun 22 2017, 12:57 PM

@faidon unless I am mistaken, this task you asked me to do some time ago is already fixed on puppet- "only" thing pending is to reimage the whole fleet into stretch:

root@db2072:/opt$ grep mysql /etc/passwd
mysql:x:998:999::/nonexistent:/bin/false
root@db2072:/opt$ grep mysql /etc/group
mysql:x:999:
jcrespo changed the task status from Open to Stalled.Jun 22 2017, 7:22 PM

Blocked on full stretch migration.

Marostegui added a parent task: T189107: DB meta task for next DC failover issues.Jul 30 2018, 5:34 AM
Marostegui subscribed.Sep 18 2018, 6:31 AM
In T100501#3371873, @jcrespo wrote:

Blocked on full stretch migration.

So only pending labsdb1004,labsdb1005, dbstore1002 and the parsercache?

jcrespo added a comment.EditedSep 18 2018, 7:34 AM

So only pending labsdb1004,labsdb1005, dbstore1002 and the parsercache

For those, a non-system user is used, that is why https://gerrit.wikimedia.org/r/454291 can be merged already, but the group is non-user (greater or equal to 1000).

There may be some other hosts on cloud and analytics we don't know of.

Once everthing is on stretch or larger, we can remove the conditional on mariadb::config.

gerritbot added a comment.Sep 18 2018, 7:40 AM

Change 461035 had a related patch set uploaded (by Jcrespo; owner: Jcrespo):
[operations/puppet@production] mariadb: Remove conditional for system user

https://gerrit.wikimedia.org/r/461035

Marostegui removed a parent task: T189107: DB meta task for next DC failover issues.Sep 21 2018, 8:11 AM
Phabricator_maintenance moved this task from Backlog to Acknowledged on the SRE board.Jan 26 2019, 8:06 PM
gerritbot added a comment.Mar 19 2019, 12:44 PM

Change 461035 had a related patch set uploaded (by Jcrespo; owner: Jcrespo):
[operations/puppet@production] mariadb: Remove conditional for system user

https://gerrit.wikimedia.org/r/461035

gerritbot added a comment.May 15 2020, 9:45 AM

Change 461035 merged by Jcrespo:
[operations/puppet@production] mariadb: Remove conditional for system user

https://gerrit.wikimedia.org/r/461035

jcrespo closed this task as Resolved.May 15 2020, 9:47 AM
jcrespo claimed this task.

All mysql users are system users.

jcrespo awarded a token.May 15 2020, 9:47 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL