Page MenuHomePhabricator
Create Task
Maniphest T160122

Remove user gerrit2 from ldap
Closed, ResolvedPublic
Actions

Description

The user is not needed in ldap any more. Having the user in ldap is causing problems installing the gerrit wikimedia deb on labs because the user creates files as gerrit2:nda but it needs to be gerrit2:gerrit2 the user is also created by the deb now but that will fail as the user will be in ldap.

Related Objects

Event Timeline

Paladox created this task.Mar 9 2017, 9:03 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 9 2017, 9:03 PM
Paladox triaged this task as High priority.Mar 9 2017, 9:03 PM
Paladox added a subscriber: Muehlenhoff.
Paladox edited subscribers, added: MoritzMuehlenhoff; removed: Muehlenhoff.Mar 9 2017, 9:06 PM
Dzahn mentioned this in T129788: Review list of LDAP groups and document exactly what kind of access they can be allowed to provide.Mar 9 2017, 9:12 PM
Paladox updated the task description. (Show Details)Mar 9 2017, 9:17 PM
MoritzMuehlenhoff added a comment.Mar 10 2017, 7:45 AM

@demon Can you confirm that the user is no longer needed?

demon added a comment.Mar 10 2017, 5:04 PM
In T160122#3090315, @MoritzMuehlenhoff wrote:

@demon Can you confirm that the user is no longer needed?

For a little history, it used to be there so we could run local git hooks on the gerrit machine for the puppet repo and then post the results back to Gerrit, but we killed those ages ago (this predates Jenkins talking to gerrit, see for example gerrit 27479.

So I'm pretty sure we can kill it, but I'll want to keep an eye on the error logs on cobalt after we do to make sure there's not some other usage I forgot.

MoritzMuehlenhoff added a comment.Mar 10 2017, 5:30 PM

Ok, I'll make the change on Tuesday when you're around (since Monday is a holiday for US staff)

demon lowered the priority of this task from High to Medium.Mar 10 2017, 5:42 PM

Sounds good

Paladox added a comment.Mar 21 2017, 7:19 PM

Can this be closed as resolved please?

demon added a comment.Mar 21 2017, 7:19 PM

Haven't had time.

Paladox added a comment.Mar 21 2017, 7:25 PM
In T160122#3118905, @demon wrote:

Haven't had time.

Oh, sorry, i thought it was done.

bd808 removed a project: Cloud-Services.Mar 26 2017, 8:59 PM
Paladox moved this task from Bugs & stuff to WMF customizations on the Gerrit board.May 18 2017, 10:07 PM
greg moved this task from INBOX to Backlog on the Release-Engineering-Team board.May 20 2017, 11:58 AM
greg edited projects, added Release-Engineering-Team (Backlog); removed Release-Engineering-Team.
demon added a comment.May 24 2017, 5:29 PM

Just did this with @MoritzMuehlenhoff. Shouldn't have any issues, but please reopen if anyone sees something broken.

demon closed this task as Resolved.May 24 2017, 5:29 PM
demon claimed this task.
Restricted Application edited projects, added Release-Engineering-Team (Kanban); removed Release-Engineering-Team (Backlog). · View Herald TranscriptMay 24 2017, 5:29 PM
Paladox added a comment.May 24 2017, 5:30 PM

Ah thanks :)

Phabricator_maintenance edited projects, added RelEng-Archive-FY201718-Q1; removed Release-Engineering-Team (Kanban).Sep 26 2017, 11:46 PM
Stashbot added a comment.Oct 18 2021, 7:29 PM

Mentioned in SAL (#wikimedia-operations) [2021-10-18T19:29:58Z] <mutante> LDAP: removed non-existent user gerrit2 from group labsadminbots (T160122)

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL