Once a new wiki is created we need to sanitize the data and create grants on sanitarium hosts. This process should ideally done via cookbook, the process would be something like:
cookbook $HOSTS $SECTION $WIKINAME -t $TASKID
Hosts: Sanitarium hosts
Section: The section where the new wiki was created (by default as of today is s5 but this could change)
Wikiname: The wiki to be sanitized
Phabricator task regarding to the wiki storage creation, example task: T314645
- Locally: Run the following on each host: redact_sanitarium.sh -d $WIKI -S /run/mysqld/mysqld.$SECTION.sock | mysql -S /run/mysqld/mysqld.$SECTION.sock $WIKI
- Locally: Run the following on each host: check_private_data.py -S /run/mysqld/mysqld.$SECTION.sock | mysql -S /run/mysqld/mysqld.$SECTION.sock
- Locally: Double check all private data is gone by running: check_private_data.py -S /run/mysqld/mysqld.$SECTION.sock
If the above is successful run the following - if the data isn't sanitized or any of the above steps above it should abort and never continue with the following steps:
- Remotely (can be done from cumin hosts by doing db-mysql $HOST:$PORT: Connect to the sanitarium host section and grab the clouddb hosts that hang from them by running: "show slave hosts"
- Remotely connect to those clouddb hosts and run the following commands:
set session sql_log_bin=0; create database $WIKI_p; GRANT SELECT, SHOW VIEW ON `$WIKI_p`.* TO `labsdbuser`;
Once the above is done, if possible create an automated comment on the phabricator task saying:
- Wiki sanitized
- Database "_p" created
- Grants assigned to labsdbuser
- Wiki ready for views creation