The following hosts are no longer in service:
labweb1001.wikimedia.org has address 208.80.154.160 labweb1001.wikimedia.org has IPv6 address 2620:0:861:2:208:80:154:160 labweb1002.wikimedia.org has address 208.80.155.109 labweb1002.wikimedia.org has IPv6 address 2620:0:861:4:208:80:155:109
Please revoke their labswiki grants that were present on s6. Firewall rules are controlled by the profile::openstack::eqiad1::labweb_hosts hiera key which was already updated. Thank you!
| Subject | Repo | Branch | Lines +/- | |
|---|---|---|---|---|
| production-m5.sql: Remove grants for labweb1001/labweb1002 | operations/puppet | production | +0 -12 |
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Unknown Object (Task) | |||||
| Resolved | Andrew | T305414 Q4:(Need By: TBD) rack/setup/install cloudweb100[34] | |||
| Resolved | Request | Cmjohnson | T313861 decommission labweb1001 and labweb1002 | ||
| Resolved | Marostegui | T314528 Revoke MariaDB grants for labweb1001/1002 |
Change 820286 had a related patch set uploaded (by Marostegui; author: Marostegui):
[operations/puppet@production] production-m5.sql: Remove grants for labweb1001/labweb1002
In s6:
root@db1131.eqiad.wmnet[(none)]> select user,host from mysql.user where host like '208.80.154.160'; +----------------+----------------+ | User | Host | +----------------+----------------+ | wikiadmin | 208.80.154.160 | | wikiuser202206 | 208.80.154.160 | +----------------+----------------+ 2 rows in set (0.002 sec) root@db1131.eqiad.wmnet[(none)]> select user,host from mysql.user where host like '208.80.155.109'; +----------------+----------------+ | User | Host | +----------------+----------------+ | wikiadmin | 208.80.155.109 | | wikiuser202206 | 208.80.155.109 | +----------------+----------------+ 2 rows in set (0.002 sec)
In m5:
root@db1107.eqiad.wmnet[(none)]> select user,host from mysql.user where host like '208.80.155.109'; +---------------+----------------+ | User | Host | +---------------+----------------+ | striker | 208.80.155.109 | | striker_admin | 208.80.155.109 | +---------------+----------------+ 2 rows in set (0.002 sec) root@db1107.eqiad.wmnet[(none)]> select user,host from mysql.user where host like '208.80.154.160'; +---------------+----------------+ | User | Host | +---------------+----------------+ | striker | 208.80.154.160 | | striker_admin | 208.80.154.160 | +---------------+----------------+ 2 rows in set (0.002 sec)
Change 820286 merged by Marostegui:
[operations/puppet@production] production-m5.sql: Remove grants for labweb1001/labweb1002
Mentioned in SAL (#wikimedia-operations) [2022-08-04T07:55:11Z] <marostegui> Remove grants for 208.80.154.160/208.80.155.109 T314528
In m5:
root@db1107.eqiad.wmnet[(none)]> drop user if exists 'striker'@'208.80.155.109'; Query OK, 0 rows affected (0.002 sec) root@db1107.eqiad.wmnet[(none)]> drop user if exists 'striker'@'208.80.154.160'; Query OK, 0 rows affected (0.002 sec) root@db1107.eqiad.wmnet[(none)]> drop user if exists 'striker_admin'@'208.80.155.109'; Query OK, 0 rows affected (0.001 sec) root@db1107.eqiad.wmnet[(none)]> drop user if exists 'striker_admin'@'208.80.154.160'; Query OK, 0 rows affected (0.002 sec)
In s6:
root@db1173.eqiad.wmnet[(none)]> drop user if exists 'wikiadmin'@'208.80.154.160'; Query OK, 0 rows affected (0.004 sec) root@db1173.eqiad.wmnet[(none)]> drop user if exists 'wikiadmin'@'208.80.155.109'; Query OK, 0 rows affected (0.003 sec) root@db1173.eqiad.wmnet[(none)]> drop user if exists 'wikiuser202206'@'208.80.154.160'; Query OK, 0 rows affected (0.003 sec) root@db1173.eqiad.wmnet[(none)]> drop user if exists 'wikiuser202206'@'208.80.155.109'; Query OK, 0 rows affected (0.003 sec)
Jaime noticed some errors that come from labweb100* hosts after removing the grants from s6, are they really stopped? https://logstash.wikimedia.org/goto/8ef951621bcce1785d40f4be2fcc088c