Page MenuHomePhabricator
Create Task
Maniphest T233978

Drop 'designate_pool_manager' database from m5 and remove associated grants
Closed, ResolvedPublic
Actions

Description

This database is no longer used by our designate deployment. Note that the 'designate' database IS still used and important.

Details

ProjectBranchLines +/-Subject
operations/puppetproduction+0 -10production-m5.sql.erb: Remove grants from designate_pool_manager
operations/puppetproduction+0 -1 Kdesignate: remove mitaka files and templates and a mitaka-specific arg
operations/puppetproduction+1 -1dumps-misc.sh.erb: Remove designate_pool_manager from backups
Customize query in gerrit

Related Objects
Search...

Event Timeline

Andrew created this task.Sep 26 2019, 6:20 PM
Marostegui triaged this task as Medium priority.Sep 27 2019, 10:42 AM
Marostegui moved this task from Triage to Backlog on the DBA board.
Andrew removed Andrew as the assignee of this task.Sep 27 2019, 2:03 PM
gerritbot added a comment.Sep 30 2019, 9:19 AM

Change 539839 had a related patch set uploaded (by Marostegui; owner: Marostegui):
[operations/puppet@production] dumps-misc.sh.erb: Remove designate_pool_manager from backups

https://gerrit.wikimedia.org/r/539839

gerritbot added a project: Patch-For-Review.Sep 30 2019, 9:19 AM
gerritbot added a comment.Oct 3 2019, 5:30 AM

Change 539839 merged by Marostegui:
[operations/puppet@production] dumps-misc.sh.erb: Remove designate_pool_manager from backups

https://gerrit.wikimedia.org/r/539839

Maintenance_bot removed a project: Patch-For-Review.Oct 3 2019, 6:10 AM
Marostegui claimed this task.Oct 3 2019, 6:37 AM
Marostegui moved this task from Backlog to In progress on the DBA board.
Stashbot added a comment.Oct 3 2019, 6:37 AM

Mentioned in SAL (#wikimedia-operations) [2019-10-03T06:37:56Z] <marostegui> Rename tables on m5 master on designate_pool_manager - T233978

Marostegui added a comment.Oct 3 2019, 6:39 AM

I have renamed the tables, will leave them like this for a few days to make sure nothing breaks

+----------------------------------+
| Tables_in_designate_pool_manager |
+----------------------------------+
| TO_DROP_migrate_version          |
| TO_DROP_pool_manager_statuses    |
+----------------------------------+

@Andrew let me know if you see something on your end.

gerritbot added a comment.Oct 3 2019, 6:41 AM

Change 540534 had a related patch set uploaded (by Marostegui; owner: Marostegui):
[operations/puppet@production] production-m5.sql.erb: Remove grants from designate_pool_manager

https://gerrit.wikimedia.org/r/540534

gerritbot added a project: Patch-For-Review.Oct 3 2019, 6:41 AM
Marostegui added a comment.Oct 3 2019, 6:43 AM

@Andrew does this need to be removed? https://github.com/wikimedia/puppet/blob/production/hieradata/common/profile/openstack/base/designate.yaml#L7

Marostegui added a comment.Oct 3 2019, 7:32 AM

Apart from the grants at: https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/540534/1/modules/role/templates/mariadb/grants/production-m5.sql.erb

The following need to be also dropped from the DB:

GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, CREATE TEMPORARY TABLES ON `designate\\_pool\\_manager`.* TO 'designate'@'208.80.154.12'
208.80.154.135
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, CREATE TEMPORARY TABLES ON `designate\\_pool\\_manager`.* TO 'designate'@'208.80.154.135'
208.80.155.117
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, CREATE TEMPORARY TABLES ON `designate\\_pool\\_manager`.* TO 'designate'@'208.80.155.117'
gerritbot added a comment.Oct 3 2019, 2:06 PM

Change 540609 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] designate: remove mitaka files and templates and a mitaka-specific arg

https://gerrit.wikimedia.org/r/540609

Andrew added a comment.Oct 3 2019, 2:06 PM
In T233978#5543342, @Marostegui wrote:

@Andrew does this need to be removed? https://github.com/wikimedia/puppet/blob/production/hieradata/common/profile/openstack/base/designate.yaml#L7

It does! Patch coming up.

gerritbot added a comment.Oct 3 2019, 5:46 PM

Change 540609 merged by Andrew Bogott:
[operations/puppet@production] designate: remove mitaka files and templates and a mitaka-specific arg

https://gerrit.wikimedia.org/r/540609

gerritbot added a comment.Oct 4 2019, 6:07 AM

Change 540534 merged by Marostegui:
[operations/puppet@production] production-m5.sql.erb: Remove grants from designate_pool_manager

https://gerrit.wikimedia.org/r/540534

Stashbot added a comment.Oct 10 2019, 6:33 AM

Mentioned in SAL (#wikimedia-operations) [2019-10-10T06:33:31Z] <marostegui> Revoke privileges from designate user on the designate_pool_manager database - T233978

Marostegui added a comment.Oct 10 2019, 6:37 AM

Grants removed for the designate_pool_manager DB:

root@db1133.eqiad.wmnet[(none)]> show grants for 'designate'@'208.80.154.12';
+------------------------------------------------------------------------------------------------------------------------------------+
| Grants for designate@208.80.154.12                                                                                                 |
+------------------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'designate'@'208.80.154.12' IDENTIFIED BY PASSWORD '*x'               |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, CREATE TEMPORARY TABLES ON `designate`.* TO 'designate'@'208.80.154.12' |
| GRANT INDEX ON `designate`.`recordsets` TO 'designate'@'208.80.154.12'                                                             |
| GRANT INDEX ON `designate`.`domains` TO 'designate'@'208.80.154.12'                                                                |
| GRANT INDEX ON `designate`.`records` TO 'designate'@'208.80.154.12'                                                                |
+------------------------------------------------------------------------------------------------------------------------------------+
5 rows in set (0.00 sec)

root@db1133.eqiad.wmnet[(none)]> show grants for 'designate'@'208.80.154.135';
+-------------------------------------------------------------------------------------------------------------------------------------+
| Grants for designate@208.80.154.135                                                                                                 |
+-------------------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'designate'@'208.80.154.135' IDENTIFIED BY PASSWORD '*x'               |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, CREATE TEMPORARY TABLES ON `designate`.* TO 'designate'@'208.80.154.135' |
+-------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

root@db1133.eqiad.wmnet[(none)]> show grants for 'designate'@'208.80.155.117';
+--------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for designate@208.80.155.117                                                                                                        |
+--------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'designate'@'208.80.155.117' IDENTIFIED BY PASSWORD '*x'                      |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES ON `designate`.* TO 'designate'@'208.80.155.117' |
+--------------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
Stashbot added a comment.Oct 10 2019, 6:45 AM

Mentioned in SAL (#wikimedia-operations) [2019-10-10T06:45:40Z] <marostegui> Drop designate_pool_manager database from m5 - T233978

Marostegui closed this task as Resolved.Oct 10 2019, 6:46 AM

I have dropped the database.
It didn't have much data:

mysql.py -hdb1117:3325 designate_pool_manager -e "select count(*) from migrate_version; select count(*) from pool_manager_statuses"
+----------+
| count(*) |
+----------+
|        1 |
+----------+
+----------+
| count(*) |
+----------+
|       12 |
+----------+

However, I have taken a temporary mysqldump:

root@cumin1001:/home/marostegui/T233978# pwd
/home/marostegui/T233978
root@cumin1001:/home/marostegui/T233978# ls -lh
total 8.0K
-rw-r--r-- 1 root root 5.0K Oct 10 06:42 designate_pool_manager.sql
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL