allow non-roots to pool/depool certain DNS Discovery services
Open, MediumPublic
Actions

Assigned To

None

Authored By

	CDanis
	Apr 18 2020, 2:22 PM

Description

This came up in the context of @Addshore wanting to Discovery-depool all of WDQS@eqiad, since those servers were all badly lagged and one was depooled anyway.

The existing wdqs-admins privileges list already allows the pool/depool commands, but those don't allow you to manipulate DNS Discovery.

I think a reasonable implementation would be a discovery-depool / discovery-pool script that took the dnsdisc service name as its first argument (so that it is easy to express in sudoers rules a limit on which services can be modified by a given team), and a datacenter name as its second argument.

Related Objects

Mentioned In: T242453: Detect and alert and/or remediate Blazegraph deadlocks

Event Timeline

CDanis created this task.Apr 18 2020, 2:22 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 18 2020, 2:22 PM

CDanis triaged this task as Medium priority.Apr 18 2020, 2:22 PM

Addshore awarded a token.Apr 18 2020, 2:24 PM

Krenair subscribed.Apr 18 2020, 2:30 PM

Addshore mentioned this in T242453: Detect and alert and/or remediate Blazegraph deadlocks.Apr 18 2020, 2:58 PM

Any opinions on which SRE subteam should be tagged? Is the pooling tooling (;p) software, serviceops or infra foundations to you? Just asking because the new clinic duty dashboard asks us to process tickets that are only tagged SRE but nothing more specific.

jbond added projects: Puppet-Core, Traffic.May 22 2023, 3:49 PM

Restricted Application added a project: Infrastructure-Foundations. · View Herald TranscriptMay 22 2023, 3:49 PM

Addshore unsubscribed.Jun 27 2023, 12:40 PM

allow non-roots to pool/depool certain DNS Discovery servicesOpen, MediumPublicActions

Description

Related Objects

Event Timeline

allow non-roots to pool/depool certain DNS Discovery services
Open, MediumPublic
Actions