Page MenuHomePhabricator

Create perf-team shell group
Closed, ResolvedPublic

Description

We have a perf-roots group, but that's mostly for services outside the Performance Team that we sometimes help investigate that require root.

I'd like to introduce a shell group for our own services. Especially in light of T158837.

The perf-team group would initially be the following subset of perf-roots:

  • Members:
    • gilles
    • krinkle
  • Roles:
    • roles::webperf (roles/common/webperf.yaml)
    • roles::xhgui::app (role/common/xhgui/app.yaml)

Once that is set up, we should expand it with phedenskog and aaron. For @Peter this will be the first production shell (if I read puppet correctly), so I'm creating a separate sub task for that as it requires other set-up steps.

Event Timeline

Krinkle triaged this task as High priority.Nov 6 2017, 8:53 PM
Krinkle moved this task from Inbox, needs triage to Radar on the Performance-Team board.
Krinkle edited projects, added Performance-Team (Radar); removed Performance-Team.
Krinkle moved this task from Limbo to Watching on the Performance-Team (Radar) board.

This assumes that all users have full root (sudo ALL ALL) on the servers the group is applied to, right?

Change 389663 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] admins: create perf-team group with gilles, krinkle

https://gerrit.wikimedia.org/r/389663

Change 389663 merged by Dzahn:
[operations/puppet@production] admins: create perf-team group with gilles, krinkle

https://gerrit.wikimedia.org/r/389663

Mentioned in SAL (#wikimedia-operations) [2017-11-07T12:50:45Z] <mutante> hafnium, tungsten: groupdel perf-roots to go with gerrit:389663 (T179728)

I deleted the perf-roots group from tungsten and hafnium. Now:

[tungsten:~] $ id krinkle
uid=2008(krinkle) gid=500(wikidev) groups=500(wikidev),796(perf-team)
[tungsten:~] $ id gilles
uid=4319(gilles) gid=500(wikidev) groups=500(wikidev),796(perf-team)

[hafnium:~] $ id krinkle
uid=2008(krinkle) gid=500(wikidev) groups=500(wikidev),796(perf-team)
[hafnium:~] $ id gilles
uid=4319(gilles) gid=500(wikidev) groups=500(wikidev),796(perf-team)
MoritzMuehlenhoff claimed this task.
MoritzMuehlenhoff subscribed.

The task descriptions mentions "Add aaron to perf-team group", but he has cluster-wide root access, so that's not needed. Since Daniel created the group and there's a separate task for adding Peter, I'm closing this task.