Page MenuHomePhabricator

Create cloudelastic-root group
Closed, ResolvedPublic

Description

Create cloudelastic-root group and add discovery members to this new group

Event Timeline

Mathew.onipe created this task.

Change 487040 had a related patch set uploaded (by Mathew.onipe; owner: Mathew.onipe):
[operations/puppet@production] admin: create new system groups for cloudelastic nodes

https://gerrit.wikimedia.org/r/487040

Hi @Mathew.onipe I'd need more context on why we want to create this group please.

Hi @Joe
cloudelastic is a replica of cirrussearch like labsdb* is to maps*. So this group separates access to cloudelastic and our main search cluster. This will allow access to members of the cloud platform team who should not access search cluster

ok great - this should be discussed in the SRE meeting on monday.

Related rights groups are wmcs-roots and wmcs-admin. Those 2 groups grant broader rights across Cloud Services bare metal instances (OpenStack servers, Wiki Replica databases). Keeping the rights for these cloud replicas separate from the rights for the production cirrussearch elasticsearch hosts is a good practice for cross-purpose limiting rights escalation issues.

It was in the SRE meeting and there were no objections (SRE-2019-02-11#Access_Requests)

Change 487040 merged by Gehel:
[operations/puppet@production] admin: create new system groups for cloudelastic nodes

https://gerrit.wikimedia.org/r/487040

debt claimed this task.