Page MenuHomePhabricator

Remove grants for the old dbproxy hosts from the misc databases
Open, NormalPublic

Description

Once the old proxies are not active, we need to remove those grants from the databases.
The list of proxies and IPs:

Details

Related Gerrit Patches:

Event Timeline

Marostegui triaged this task as Normal priority.Aug 27 2019, 9:19 AM
Marostegui created this task.
Marostegui moved this task from Triage to In progress on the DBA board.

Mentioned in SAL (#wikimedia-operations) [2019-08-27T09:21:30Z] <marostegui> Remove grants for dbproxy1004 and dbproxy1009 from m4 hosts (db1107 and db1108) - T231280

m4: Grants removed on db1107 and db1108 for dbproxy1004 and dbproxy1009

dbproxy1004.eqiad.wmnet has address 10.64.16.148
dbproxy1009.eqiad.wmnet has address 10.64.32.158

The users were eventlog and haproxy.

root@db1107.eqiad.wmnet[mysql]> select user,host from user where host='10.64.32.148' or host='10.64.32.158';
Empty set (0.00 sec)

root@db1107.eqiad.wmnet[mysql]>
Marostegui updated the task description. (Show Details)Aug 27 2019, 9:24 AM

Mentioned in SAL (#wikimedia-operations) [2019-09-05T05:42:56Z] <marostegui> Remove grants for dbproxy1005 T231280 T231967

Marostegui updated the task description. (Show Details)Sep 5 2019, 6:01 AM

I have removed the following grants that were for dbproxy1005, from m5 databases (and also checked they don't exist anywhere else):

# host 10.64.16.155
155.16.64.10.in-addr.arpa domain name pointer dbproxy1005.eqiad.wmnet.
+----------------+--------------+
| user           | host         |
+----------------+--------------+
| designate      | 10.64.16.155 |
| haproxy        | 10.64.16.155 |
| labsdbaccounts | 10.64.16.155 |
| root           | 10.64.16.155 |
| ssastry        | 10.64.16.155 |
| testreduce     | 10.64.16.155 |
+----------------+--------------+
6 rows in set (0.00 sec)
root@db1133.eqiad.wmnet[(none)]> select user,host from mysql.user where host='10.64.16.155';
Empty set (0.00 sec)
Marostegui updated the task description. (Show Details)Sep 5 2019, 6:03 AM

Mentioned in SAL (#wikimedia-operations) [2019-10-07T07:09:58Z] <marostegui> Remove grants for dbproxy1006 on m1 databases - T231280

The following grants for dbproxy1006 IP's have been removed from m1 databases:

# host dbproxy1006
dbproxy1006.eqiad.wmnet has address 10.64.16.159


root@db1135.eqiad.wmnet[mysql]> select user,host from user where host='10.64.16.159';
+--------------+--------------+
| user         | host         |
+--------------+--------------+
| bacula       | 10.64.16.159 |
| etherpadlite | 10.64.16.159 |
| haproxy      | 10.64.16.159 |
| librenms     | 10.64.16.159 |
| rddmarc      | 10.64.16.159 |
| rt           | 10.64.16.159 |
+--------------+--------------+
6 rows in set (0.00 sec)

After removing them:

root@db1135.eqiad.wmnet[mysql]> select user,host from user where host='10.64.16.159';
Empty set (0.00 sec)
Marostegui updated the task description. (Show Details)Oct 7 2019, 7:12 AM

Change 545142 had a related patch set uploaded (by Marostegui; owner: Marostegui):
[operations/software@master] report_users: Remove dbproxy1004,dbproxy1009

https://gerrit.wikimedia.org/r/545142

Change 545142 merged by jenkins-bot:
[operations/software@master] report_users: Remove dbproxy1004,dbproxy1009

https://gerrit.wikimedia.org/r/545142