Page MenuHomePhabricator
Create Task
Maniphest T291384

Standardize the stats system user uid
Closed, ResolvedPublic
Actions

Description

In T285355, we just added a new host that has the stats system user. This user now has 4 different uids across the fleet. Now that everything is Buster, we should ensure that the stats user has the same uid everywhere.

We did this for other analytics system users in T287063: Refactor profile::analytics::cluster::users. We should be able to follow the same procedure from there.

Details

SubjectRepoBranchLines +/-
Standardize the stats system user uidoperations/puppetproduction+19 -14
Customize query in gerrit

Related Objects

Event Timeline

Ottomata created this task.Sep 20 2021, 1:46 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 20 2021, 1:46 PM
Ottomata added a comment.Sep 20 2021, 1:47 PM

The stats user is declared in statistics::user.

odimitrijevic assigned this task to Ottomata.Sep 30 2021, 5:21 PM
odimitrijevic triaged this task as High priority.
odimitrijevic moved this task from Incoming to Operational Excellence on the Analytics board.
odimitrijevic added a project: Analytics-Kanban.
Ottomata added a comment.EditedSep 30 2021, 7:31 PM

stats has uid 499 on 5 hosts, and 495 and 498 on two others. Let's use 499.

19:30:04 [@cumin1001:/home/otto] $ sudo cumin 'R:Class = statistics::user' 'getent passwd stats'
7 hosts will be targeted:
an-launcher1002.eqiad.wmnet,an-web1001.eqiad.wmnet,stat[1004-1008].eqiad.wmnet
Ok to proceed on 7 hosts? Enter the number of affected hosts to confirm or "q" to quit 7
===== NODE GROUP =====
(1) an-launcher1002.eqiad.wmnet
----- OUTPUT of 'getent passwd stats' -----
stats:x:495:496::/var/lib/stats:/bin/bash
===== NODE GROUP =====
(5) an-web1001.eqiad.wmnet,stat[1004,1006-1008].eqiad.wmnet
----- OUTPUT of 'getent passwd stats' -----
stats:x:499:499::/var/lib/stats:/bin/bash
===== NODE GROUP =====
(1) stat1005.eqiad.wmnet
----- OUTPUT of 'getent passwd stats' -----
stats:x:498:498::/var/lib/stats:/bin/bash
gerritbot added a comment.Sep 30 2021, 7:43 PM

Change 725098 had a related patch set uploaded (by Ottomata; author: Ottomata):

[operations/puppet@production] Standardize the stats system user uid

https://gerrit.wikimedia.org/r/725098

gerritbot added a project: Patch-For-Review.Sep 30 2021, 7:43 PM
Ottomata added a comment.Sep 30 2021, 7:52 PM

Razzi linked me to a nice change uid/gid script from Luca in https://phabricator.wikimedia.org/T231067#6851675

razzi added a comment.Sep 30 2021, 7:52 PM

We're gonna use the script @elukey wrote: https://phabricator.wikimedia.org/T231067#6863800

Ottomata added a comment.EditedSep 30 2021, 8:02 PM

Ok, holding on this for now, its late Thursday and I'm not working tomorrow; don't want to break anything.

BTW, we are using uid 918, not 499 based on comment in patch.

Ottomata added a project: Data-Engineering.Oct 21 2021, 5:16 PM
odimitrijevic added a project: Data-Engineering-Kanban.Oct 28 2021, 5:38 AM
Ottomata moved this task from Next Up to In Progress on the Data-Engineering-Kanban board.Oct 29 2021, 1:18 PM
mforns moved this task from Incoming (new tickets) to Ops Week on the Data-Engineering board.Nov 1 2021, 4:48 PM
odimitrijevic moved this task from In Progress to Paused on the Data-Engineering-Kanban board.Nov 18 2021, 6:21 PM
odimitrijevic removed a project: Analytics.Jan 12 2022, 12:29 AM
Ottomata moved this task from Paused to In Progress on the Data-Engineering-Kanban board.Mar 14 2022, 2:58 PM
gerritbot added a comment.Mar 15 2022, 2:34 PM

Change 725098 merged by Ottomata:

[operations/puppet@production] Standardize the stats system user uid

https://gerrit.wikimedia.org/r/725098

Stashbot added a comment.Mar 15 2022, 2:35 PM

Mentioned in SAL (#wikimedia-analytics) [2022-03-15T14:35:00Z] <ottomata> change stats uid and gid on all stat boxes to 918 - T291384

Ottomata moved this task from In Progress to Done on the Data-Engineering-Kanban board.Mar 15 2022, 2:53 PM
Maintenance_bot removed a project: Patch-For-Review.Mar 15 2022, 3:10 PM
Ottomata added a comment.Mar 15 2022, 3:25 PM

Done. Changed stats uid and gid on stat boxes using the following scripts:

#!/bin/bash

set -x

change_uid() {
    # $1 new uid
    # $2 username
    if id "$2" &>/dev/null
    then
        OLD_UID=$(id -u $2)
        usermod -u $1 $2
        find / \( -path /proc -o -path /mnt -o -path /sys -o -path /dev -o -path /media \) -prune -false -o -user $OLD_UID -print0 | xargs -0 chown -h $1
    fi
}

change_gid() {
    # $1 new gid
    # $2 username
    if getent group $2 &>/dev/null
    then
        OLD_GID=$(getent group $2 | cut -d ":" -f 3)
        groupmod -g $1 $2
        find / \( -path /proc -o -path /mnt -o -path /sys -o -path /dev -o -path /media \) -prune -false -o -group $OLD_GID -print0  | xargs -0 chgrp -h $1
    fi
}


change_uid 918 stats
change_gid 918 stats
Stashbot added a comment.Mar 15 2022, 5:24 PM

Mentioned in SAL (#wikimedia-analytics) [2022-03-15T17:24:35Z] <ottomata> also change stats uid and gid to 918 on an-web1001 - T291384

Ottomata added a comment.Mar 15 2022, 5:28 PM

I did not realize the stats user was also on an-web1001. Since puppet already changed the uid,gid there, I had to manually run the following to change the 499 uid and gid owned files to stats.

OLD_UID=499
find / \( -path /proc -o -path /mnt -o -path /sys -o -path /dev -o -path /media \) -prune -false -o -user $OLD_UID -print0 | xargs -0 chown -h stats

OLD_GID=499
find / \( -path /proc -o -path /mnt -o -path /sys -o -path /dev -o -path /media \) -prune -false -o -group $OLD_GID -print0  | xargs -0 chgrp -h stats
Ottomata closed this task as Resolved.Mar 22 2022, 4:18 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits