Page MenuHomePhabricator

Remove scholarships grants from m2
Closed, ResolvedPublic

Description

After merging: https://gerrit.wikimedia.org/r/c/operations/puppet/+/739667 we need to remove the grants from the DB itself.
scholarships lives on m2.

Event Timeline

root@db1183.eqiad.wmnet[(none)]> REVOKE SELECT, LOCK TABLES, SHOW VIEW, EVENT, TRIGGER ON `scholarships`.* FROM `dump`@`10.64.32.26`;
Query OK, 0 rows affected (0.001 sec)


root@db1183.eqiad.wmnet[(none)]> REVOKE SELECT, LOCK TABLES, SHOW VIEW, EVENT, TRIGGER ON `scholarships`.* FROM `dump`@`10.64.16.31`;
Query OK, 0 rows affected (0.002 sec)

root@db1183.eqiad.wmnet[(none)]> REVOKE SELECT, LOCK TABLES, SHOW VIEW, EVENT, TRIGGER ON `scholarships`.* FROM `dump`@`10.64.0.95`;
Query OK, 0 rows affected (0.001 sec)

root@db2133.codfw.wmnet[(none)]> REVOKE SELECT, LOCK TABLES, SHOW VIEW, EVENT, TRIGGER ON `scholarships`.* FROM `dump`@`10.192.0.114`;
Query OK, 0 rows affected (0.033 sec)

root@db2133.codfw.wmnet[(none)]> REVOKE SELECT, LOCK TABLES, SHOW VIEW, EVENT, TRIGGER ON `scholarships`.* FROM `dump`@`10.192.16.96`;
Query OK, 0 rows affected (0.033 sec)

root@db2133.codfw.wmnet[(none)]> REVOKE SELECT, LOCK TABLES, SHOW VIEW, EVENT, TRIGGER ON `scholarships`.* FROM `dump`@`10.192.48.161`;
Query OK, 0 rows affected (0.033 sec)

Mentioned in SAL (#wikimedia-operations) [2021-11-22T06:46:19Z] <marostegui> Revoke dump grants for scholarships database T296166

Apart from the backup users, all these needs clean up

root@db1183.eqiad.wmnet[(none)]> select user,host from mysql.user where user like 'scholar%';
+------------------+-------------+
| User             | Host        |
+------------------+-------------+
| scholarships     | 10.%        |
| scholarships_app | 10.%        |
| scholarships     | 10.192.16.9 |
| scholarships_app | 10.192.16.9 |
| scholarships     | 10.64.0.135 |
| scholarships_app | 10.64.0.135 |
| scholarships     | 10.64.16.19 |
| scholarships_app | 10.64.16.19 |
+------------------+-------------+
8 rows in set (0.002 sec)
root@db1183.eqiad.wmnet[(none)]> drop user if exists 'scholarships'@'10.192.16.9'; drop user if exists 'scholarships_app'@'10.192.16.9';
Query OK, 0 rows affected (0.002 sec)

Query OK, 0 rows affected (0.001 sec)
root@db1183.eqiad.wmnet[mysql]> drop user if exists 'scholarships'@'10.%'; drop user if exists 'scholarships_app'@'10.%';
Query OK, 0 rows affected (0.002 sec)

Query OK, 0 rows affected (0.001 sec)

root@db1183.eqiad.wmnet[mysql]> drop user if exists 'scholarships'@'10.64.0.135'; drop user if exists 'scholarships_app'@'10.64.0.135';
Query OK, 0 rows affected (0.002 sec)

Query OK, 0 rows affected (0.001 sec)

root@db1183.eqiad.wmnet[mysql]>

Only left the active proxy grants - I will get them dropped tomorrow just in case.

This is all done:

root@db1183.eqiad.wmnet[(none)]> select user,host from mysql.user where user like 'scholar%';
Empty set (0.002 sec)

root@db1183.eqiad.wmnet[(none)]>
Marostegui added a parent task: Restricted Task.Tue, Nov 23, 6:51 AM