Page MenuHomePhabricator
Create Task
Maniphest T145495

mediawiki::users::mwdeploy_pub_key hiera key should be purged
Closed, ResolvedPublic
Actions

Description

For beta cluster, we still have a hiera key for mediawiki::users::mwdeploy_pub_key which is referenced both on Wikitech hiera page and in puppet in hieradata/labs/deployment-prep/common.yaml.

That key was apparently on the deployment host as /home/mwdeploy/.ssh/authorized_keys. It is no more referenced everywhere and should be dropped from hiera as well as from the host. The key is now managed by keyholder and the public key on host is under /etc/ssh/userkeys/mwdeploy/.

The reason that hiera key is no more used is due to the cleanup patch rOPUP3ad195134847: keyholder key cleanup for T132747 which notably does:

class mediawiki::users
     ssh::userkey { 'mwdeploy':
-        content => $mwdeploy_pub_key,
+        content => secret('keyholder/mwdeploy.pub'),
     }

Hence the hiera override is no more of any use. labs/private.git is used instead.

Details

SubjectRepoBranchLines +/-
Remove mediawiki::users::mwdeploy_pub_key, unusedoperations/puppetproduction+0 -1
Customize query in gerrit

Related Objects

Event Timeline

hashar created this task.Sep 13 2016, 9:11 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 13 2016, 9:11 AM
elukey subscribed.Sep 13 2016, 9:12 AM
greg moved this task from To Triage to Backlog on the Beta-Cluster-Infrastructure board.Sep 20 2016, 5:28 PM
hashar triaged this task as Low priority.Sep 26 2016, 9:58 AM
hashar renamed this task from mediawiki::users::mwdeploy_pub_key hiera key should be purge to mediawiki::users::mwdeploy_pub_key hiera key should be purged.Nov 25 2016, 9:16 AM
hashar updated the task description. (Show Details)
Phabricator_maintenance moved this task from To Triage to Backlog (Tech) on the Deployments board.Sep 26 2017, 11:23 PM
gerritbot subscribed.Oct 23 2017, 8:34 PM

Change 386065 had a related patch set uploaded (by Chad; owner: Chad):
[operations/puppet@production] Remove mediawiki::users::mwdeploy_pub_key, unused

https://gerrit.wikimedia.org/r/386065

gerritbot added a project: Patch-For-Review.Oct 23 2017, 8:34 PM
gerritbot added a comment.Oct 31 2017, 4:25 PM

Change 386065 merged by ArielGlenn:
[operations/puppet@production] Remove mediawiki::users::mwdeploy_pub_key, unused

https://gerrit.wikimedia.org/r/386065

demon closed this task as Resolved.Oct 31 2017, 4:29 PM
demon claimed this task.
Phabricator_maintenance added a project: RelEng-Archive-FY201718-Q2.Dec 21 2017, 6:56 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits