Page MenuHomePhabricator
Create Task
Maniphest T220982

maps hosts have bad permissions under /srv/deployment
Closed, ResolvedPublic
Actions

Description

kartotherian / tilerator cannot read their config files

permissions reset by hand and puppet being disabled on maps eqiad

Event Timeline

CDanis created this task.Apr 15 2019, 2:20 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 15 2019, 2:20 PM
Stashbot added a comment.Apr 15 2019, 2:21 PM

Mentioned in SAL (#wikimedia-operations) [2019-04-15T14:21:49Z] <cdanis> cdanis@cumin1001.eqiad.wmnet ~ % sudo cumin 'maps1*' "disable-puppet 'bad permissions - T220982 - cdanis'"

Stashbot added a comment.Apr 15 2019, 2:22 PM

Mentioned in SAL (#wikimedia-operations) [2019-04-15T14:22:14Z] <cdanis> T220982 cdanis@cumin1001.eqiad.wmnet ~ % sudo cumin 'maps1*' 'sudo chmod -R a+r /srv/deployment/tilerator /srv/deployment/kartotherian'

Gehel subscribed.Apr 15 2019, 2:23 PM

permissions reset via:

cumin 'A:maps' 'chmod -R a+r /srv/deployment/kartotherian'
cumin 'A:maps' 'chmod -R a+r /srv/deployment/tilerator'
Stashbot added a comment.Apr 15 2019, 2:55 PM

Mentioned in SAL (#wikimedia-operations) [2019-04-15T14:55:48Z] <gehel> deploying tilerator to maps1001 to validate deployment is working - T220982

Gehel added a comment.EditedApr 15 2019, 2:57 PM

Deployment seems to be a noop:

gehel@deploy1001:/srv/deployment/tilerator/deploy$ scap deploy --environment stretch --limit-hosts maps1001.eqiad.wmnet "check deployment is working - T220982" 
 
14:54:10 Started deploy [tilerator/deploy@fac7e5e] (stretch)
14:54:10 Deploying Rev: HEAD = fac7e5eb13df89801f9866070627c89d60e9b36b
14:54:10 Started deploy [tilerator/deploy@fac7e5e] (stretch): check deployment is working - T220982
14:54:10 
== DEFAULT ==
:* maps1001.eqiad.wmnet
tilerator/deploy: fetch stage(s): 100% (ok: 1; fail: 0; left: 0)
tilerator/deploy: config_deploy stage(s): 100% (ok: 1; fail: 0; left: 0)
tilerator/deploy: promote and restart_service stage(s):   0% (ok: 0; fail: 0; letilerator/deploy: promote and restart_service stage(s): 100% (ok: 1; fail: 0; letilerator/deploy: promote and restart_service stage(s): 100% (ok: 1; fail: 0; left: 0)
14:54:13 
== DEFAULT ==
:* maps1001.eqiad.wmnet
tilerator/deploy: finalize stage(s): 100% (ok: 1; fail: 0; left: 0)
14:54:14 Finished deploy [tilerator/deploy@fac7e5e] (stretch): check deployment is working - T220982 (duration: 00m 04s)
14:54:14 Finished deploy [tilerator/deploy@fac7e5e] (stretch) (duration: 00m 04s)
gehel@maps1001:~$ ls -lh /srv/deployment/tilerator/deploy/.git/config-files/etc/tilerator/config.yaml 
-rw-r--r-- 1 deploy-service deploy-service 6.3K Apr 15 14:43 /srv/deployment/tilerator/deploy/.git/config-files/etc/tilerator/config.yaml
Stashbot added a comment.Apr 15 2019, 5:41 PM

Mentioned in SAL (#wikimedia-operations) [2019-04-15T17:41:31Z] <akosiaris> force puppet agent run on maps* after moving config-vars.yaml file for kartotherian, tilerator, tileratorui T220982

colewhite triaged this task as High priority.Apr 16 2019, 3:41 PM
herron subscribed.Apr 24 2019, 3:33 PM

Is there anything left to do before closing this?

jijiki subscribed.Jun 24 2019, 5:45 PM

@Gehel @CDanis should we mark this as resolved?

Gehel closed this task as Resolved.Jun 24 2019, 5:45 PM
Gehel claimed this task.

no further issues seen, let's get this closed.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits