Page MenuHomePhabricator

Unable to ssh onto image scalers
Closed, ResolvedPublic

Description

Not sure if something changed, or when, but I don't seem to be able to SSH into the image scalers anymore. Standard MW app servers seem ok

Useful to be able to do so for checking packages and such installed (among other testing)

Event Timeline

Reedy created this task.Jun 14 2015, 2:17 AM
Reedy raised the priority of this task from to Needs Triage.
Reedy updated the task description. (Show Details)
Reedy added a project: acl*sre-team.
Reedy added a subscriber: Reedy.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 14 2015, 2:17 AM
BBlack added a subscriber: BBlack.Jun 14 2015, 3:01 AM

I looked at this briefly. reedy has no key deployed in /etc/ssh/userkeys/ on mw1153 (one of the imagescalers). He does have a key defined in puppet in general, which works on some other hosts elsewhere. Probably he's either recently been dropped from some applicable user group, or the user groups on the host have changed. That or something of that nature happened a while back, but didn't take pragmatic effect for his logins until the key location change. I can't make heads or tails of how groups are applied to machines this evening, though.

Reedy triaged this task as Low priority.Jun 14 2015, 3:02 AM
Reedy set Security to None.

Isn't there supposed to be something like this in hieradata/role/common/mediawiki/imagescaler.yaml?

admin::groups:
  - deployment

It's in all the other files in that directory.

Reedy added a comment.Jun 14 2015, 2:44 PM

Sounds pretty plausible

Change 218135 had a related patch set uploaded (by Alex Monk):
Fix deployers access to imagescaler boxes

https://gerrit.wikimedia.org/r/218135

Change 218135 merged by BBlack:
Fix deployers access to imagescaler boxes

https://gerrit.wikimedia.org/r/218135

Krenair closed this task as Resolved.Jun 14 2015, 9:29 PM
Krenair claimed this task.

Works for me now, thanks Brandon

Restricted Application added a subscriber: Matanya. · View Herald TranscriptJul 18 2015, 3:00 PM