Page MenuHomePhabricator
Create Task
Maniphest T269461

k8s_infrastructure_users: rsyslog and echostore share the same id
Closed, ResolvedPublic
Actions

Description

In private repo, the users rsyslog and echostore share the same id.

I *guess* echostore currently wins as it comes last in the list and because it seems to be working, at least deployments do.

The docs say [1][2]:

UID: a string which identifies the end user and attempts to be more consistent and unique than username.

So maybe we could just drop the numeric ID from hiera and use the username as UID as well (as I think we aim for them to be unique anyways)?

When we decide to change that, we could also rename the "type" field to "group" to better reflect what it actually is.

The proposed patch adds to new "after-migration" tasks:

  • Remove the packages_from_future gate after migrating all clusters to kubernetes 1.16
  • Remove the groups gate after migrating all user stanzas from type to groups

[1] https://kubernetes.io/docs/reference/access-authn-authz/authentication/#authentication-strategies
[2] https://kubernetes.io/docs/reference/access-authn-authz/authentication/#static-token-file

Details

ProjectBranchLines +/-Subject
operations/puppetproduction+0 -24infrastructure_users: Remove comments with old schema
operations/puppetproduction+1 -7k8s_infrastructure_users: Remove special case for old schema
labs/privatemaster+49 -50Migrate kubernetes infrastructure_users to new syntax
operations/puppetproduction+2 -8k8s users: Remove special case for migration, use list of groups
labs/privatemaster+5 -2Migrate two k8s users to groups syntax
operations/puppetproduction+23 -2k8s_infrastructure_users: Amend to support groups, avoid uid conflicts
Customize query in gerrit

Related Objects
Search...

Event Timeline

JMeybohm created this task.Dec 4 2020, 6:01 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 4 2020, 6:01 PM
gerritbot added a comment.Dec 8 2020, 4:13 PM

Change 647011 had a related patch set uploaded (by Alexandros Kosiaris; owner: Alexandros Kosiaris):
[operations/puppet@production] k8s_infrastructure_users: Amend to support groups, avoid uid conflicts

https://gerrit.wikimedia.org/r/647011

gerritbot added a project: Patch-For-Review.Dec 8 2020, 4:13 PM
JMeybohm claimed this task.Jan 5 2021, 10:22 AM
JMeybohm triaged this task as Medium priority.Jan 18 2021, 11:29 AM
JMeybohm updated the task description. (Show Details)
gerritbot added a comment.Jan 18 2021, 11:30 AM

Change 647011 merged by JMeybohm:
[operations/puppet@production] k8s_infrastructure_users: Amend to support groups, avoid uid conflicts

https://gerrit.wikimedia.org/r/647011

Maintenance_bot removed a project: Patch-For-Review.Jan 18 2021, 12:10 PM
gerritbot added a comment.Wed, Mar 24, 1:46 PM

Change 674585 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[labs/private@master] Migrate two k8s users to groups syntax

https://gerrit.wikimedia.org/r/674585

gerritbot added a project: Patch-For-Review.Wed, Mar 24, 1:46 PM
gerritbot added a comment.Wed, Mar 24, 1:50 PM

Change 674585 merged by JMeybohm:
[labs/private@master] Migrate two k8s users to groups syntax

https://gerrit.wikimedia.org/r/674585

JMeybohm mentioned this in rLPRI0f9c345749f3: Migrate two k8s users to groups syntax.Wed, Mar 24, 1:52 PM
gerritbot added a comment.Wed, Mar 24, 1:54 PM

Change 674607 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] k8s users: Remove special case for migration, use list of groups

https://gerrit.wikimedia.org/r/674607

gerritbot added a comment.Tue, Apr 6, 10:35 AM

Change 674607 merged by JMeybohm:

[operations/puppet@production] k8s users: Remove special case for migration, use list of groups

https://gerrit.wikimedia.org/r/674607

Maintenance_bot removed a project: Patch-For-Review.Tue, Apr 6, 11:12 AM
gerritbot added a comment.Thu, Apr 8, 9:34 AM

Change 677825 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[labs/private@master] Migrate kubernetes infrastructure_users to new syntax

https://gerrit.wikimedia.org/r/677825

gerritbot added a project: Patch-For-Review.Thu, Apr 8, 9:34 AM
gerritbot added a comment.Thu, Apr 8, 9:39 AM

Change 677825 merged by JMeybohm:

[labs/private@master] Migrate kubernetes infrastructure_users to new syntax

https://gerrit.wikimedia.org/r/677825

JMeybohm mentioned this in rLPRI5ffecd8094a6: Migrate kubernetes infrastructure_users to new syntax.Thu, Apr 8, 9:41 AM
gerritbot added a comment.Thu, Apr 8, 10:44 AM

Change 677839 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] k8s_infrastructure_users: Remove special case for old schema

https://gerrit.wikimedia.org/r/677839

gerritbot added a comment.Thu, Apr 8, 10:57 AM

Change 677839 merged by JMeybohm:

[operations/puppet@production] k8s_infrastructure_users: Remove special case for old schema

https://gerrit.wikimedia.org/r/677839

JMeybohm closed this task as Resolved.Thu, Apr 8, 10:58 AM

Users and template migrated to use the username as user ID and a YAML list of groups instead of "type".

gerritbot added a comment.Thu, Apr 8, 2:50 PM

Change 677926 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] infrastructure_users: Remove comments with old schema

https://gerrit.wikimedia.org/r/677926

gerritbot added a comment.Thu, Apr 8, 3:01 PM

Change 677926 merged by JMeybohm:

[operations/puppet@production] infrastructure_users: Remove comments with old schema

https://gerrit.wikimedia.org/r/677926

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL