Page MenuHomePhabricator
Create Task
Maniphest T102382

Unable to ssh onto image scalers
Closed, ResolvedPublic
Actions

Description

Not sure if something changed, or when, but I don't seem to be able to SSH into the image scalers anymore. Standard MW app servers seem ok

Useful to be able to do so for checking packages and such installed (among other testing)

Details

SubjectRepoBranchLines +/-
Fix deployers access to imagescaler boxesoperations/puppetproduction+2 -0
Customize query in gerrit

Related Objects

Event Timeline

Reedy created this task.Jun 14 2015, 2:17 AM
Reedy raised the priority of this task from to Needs Triage.
Reedy updated the task description. (Show Details)
Reedy added a project: acl*sre-team.
Reedy subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 14 2015, 2:17 AM
Reedy mentioned this in T35186: Provide a well-performing API to rotate an image.Jun 14 2015, 2:39 AM
BBlack subscribed.Jun 14 2015, 3:01 AM

I looked at this briefly. reedy has no key deployed in /etc/ssh/userkeys/ on mw1153 (one of the imagescalers). He does have a key defined in puppet in general, which works on some other hosts elsewhere. Probably he's either recently been dropped from some applicable user group, or the user groups on the host have changed. That or something of that nature happened a while back, but didn't take pragmatic effect for his logins until the key location change. I can't make heads or tails of how groups are applied to machines this evening, though.

Reedy triaged this task as Low priority.Jun 14 2015, 3:02 AM
Reedy set Security to None.
Krenair subscribed.Jun 14 2015, 2:11 PM
Krenair added a comment.Jun 14 2015, 2:42 PM

Isn't there supposed to be something like this in hieradata/role/common/mediawiki/imagescaler.yaml?

admin::groups:
  - deployment

It's in all the other files in that directory.

Reedy added a comment.Jun 14 2015, 2:44 PM

Sounds pretty plausible

gerritbot subscribed.Jun 14 2015, 2:44 PM

Change 218135 had a related patch set uploaded (by Alex Monk):
Fix deployers access to imagescaler boxes

https://gerrit.wikimedia.org/r/218135

gerritbot added a project: Patch-For-Review.Jun 14 2015, 2:44 PM
gerritbot added a comment.Jun 14 2015, 8:48 PM

Change 218135 merged by BBlack:
Fix deployers access to imagescaler boxes

https://gerrit.wikimedia.org/r/218135

Krenair mentioned this in rOPUP3e076641693a: Fix deployers access to imagescaler boxes.Jun 14 2015, 8:50 PM
Krenair closed this task as Resolved.Jun 14 2015, 9:29 PM
Krenair claimed this task.

Works for me now, thanks Brandon

MZMcBride subscribed.Jul 18 2015, 3:00 PM
Restricted Application added a subscriber: Matanya. · View Herald TranscriptJul 18 2015, 3:00 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits