Page MenuHomePhabricator
Create Task
Maniphest T379265

Cleanup the UNIX runuser accross all the airflow instances
Closed, ResolvedPublic
Actions

Description

We've come to realize that the UNIX user in the airflow contains does _not_ matter in terms of HDFS access and permissions. What does matter is the kerberos principal.

The following is a message sent by @BTullis :

We get a shell on the test-k8s scheduler container.

btullis@deploy2002:~$ kubectl exec -it airflow-scheduler-64f556f665-9qxmb -c airflow-production -- bash
airflow@airflow-scheduler-64f556f665-9qxmb:/opt/airflow$ id
uid=900(airflow) gid=900(airflow) groups=900(airflow)

We list our HDFS home directory, which is /user/analytics

airflow@airflow-scheduler-64f556f665-9qxmb:/opt/airflow$ hdfs dfs -ls|head -n 3
Found 18 items
drwx------   - analytics analytics                            0 2024-11-07 00:00 .Trash
drwx------   - analytics analytics                            0 2023-01-25 17:28 .flink

We write a file to it:

airflow@airflow-scheduler-64f556f665-9qxmb:/opt/airflow$ echo "Hello World" | hdfs dfs -put - hello.txt

It's owned by analytics

airflow@airflow-scheduler-64f556f665-9qxmb:/opt/airflow$ hdfs dfs -ls hello.txt
-rw-r-----   3 analytics analytics         12 2024-11-07 12:39 hello.txt

We run a spark3-submit job as this user and it works:

airflow@airflow-scheduler-64f556f665-9qxmb:/opt/airflow$ spark3-submit --master yarn --deploy-mode cluster /usr/local/lib/python3.9/site-packages/pyspark/examples/src/main/python/pi.py 10

It's all based on the default principal in the keytab.

airflow@airflow-scheduler-64f556f665-9qxmb:/opt/airflow$ klist|head -n2
Ticket cache: FILE:/tmp/airflow_krb5_ccache/krb5cc
Default principal: analytics/airflow-test-k8s.discovery.wmnet@WIKIMEDIA

I bet that if we had multiple principals in the keytab (or multiple keytabs) we could probably run as different users by passing the spark.kerberos.principal parameter to spark:
https://spark.apache.org/docs/3.5.2/running-on-yarn.html#yarn-specific-kerberos-configuration

So, in light of that information, let's:

Details

SubjectRepoBranchLines +/-
Revert "airflow: remove fsGroup stanzas as all containers are running with the same uid/gid"operations/deployment-chartsmaster+7 -1
airflow: remove fsGroup stanzas as all containers are running with the same uid/gidoperations/deployment-chartsmaster+1 -7
airflow: render the spark/hadoop/hdfs/yarn configuration filesoperations/deployment-chartsmaster+496 -9
Customize query in gerrit

Related Objects
Search...

Event Timeline

brouberol created this task.Nov 7 2024, 3:13 PM
CodeReviewBot added a project: Patch-For-Review.Nov 7 2024, 3:31 PM

brouberol opened https://gitlab.wikimedia.org/repos/data-engineering/airflow/-/merge_requests/28

Only publish a single airflow image

CodeReviewBot added a comment.Nov 7 2024, 4:04 PM

brouberol merged https://gitlab.wikimedia.org/repos/data-engineering/airflow/-/merge_requests/28

Only publish a single airflow image

BTullis added a comment.Nov 7 2024, 4:06 PM

We might want to tidy up the images if we no longer need them, too. https://wikitech.wikimedia.org/wiki/Docker-registry#Deleting_images
I've never done this, so we might want to check in with Infrastructure-Foundations just to be sure what we're doing.

gerritbot added a comment.Nov 7 2024, 4:19 PM

Change #1087903 had a related patch set uploaded (by Brouberol; author: Brouberol):

[operations/deployment-charts@master] airflow: render the spark/hadoop/hdfs/yarn configuration files

https://gerrit.wikimedia.org/r/1087903

Ottomata added a comment.Nov 7 2024, 4:24 PM

Interesting!

run as different users by passing the spark.kerberos.principal parameter to spark

How will this work for non Spark? E.g. SimpleSkeinOperator or URLDeleteOperator?

brouberol updated the task description. (Show Details)Nov 7 2024, 4:31 PM
brouberol updated the task description. (Show Details)
BTullis added a comment.Nov 7 2024, 5:10 PM
In T379265#10300385, @Ottomata wrote:

Interesting!

run as different users by passing the spark.kerberos.principal parameter to spark

How will this work for non Spark? E.g. SimpleSkeinOperator or URLDeleteOperator?

Still to be tested, but based on the fact that plain hdfs dfs -put works in bash, I would expect that any other filesystem based operations would be the same.

BTullis added a comment.Nov 7 2024, 5:50 PM
In T379265#10300385, @Ottomata wrote:

Interesting!

run as different users by passing the spark.kerberos.principal parameter to spark

How will this work for non Spark? E.g. SimpleSkeinOperator or URLDeleteOperator?

Oh I see, do you mean?
If we have multiple principals in one keytab, how would the non-spark operations know which principal to use?

I've had a quick look.

If we find that we need multiple credential caches, we could configure the KRB5CCNAME environment variable (https://web.mit.edu/kerberos/krb5-1.13/doc/admin/env_variables.html) and set this to DIR:/var/kerberos or similar.
Then we would just need to be able to run kinit <principal> for each of the principals for which need to keep a fresh credential cache in that directory. The airflow kerberos command doesn't do that by default at the moment, but it would be easy enough for us to replace this with our own tooling, or maybe even add that functionality to airflow.

brouberol moved this task from Backlog - project to In Progress on the Data-Platform-SRE (2024.10.19 - 2024.11.08) board.Nov 7 2024, 9:36 PM
bking subscribed.Nov 7 2024, 10:14 PM
gerritbot added a comment.Nov 8 2024, 8:29 AM

Change #1087903 merged by Brouberol:

[operations/deployment-charts@master] airflow: render the spark/hadoop/hdfs/yarn configuration files

https://gerrit.wikimedia.org/r/1087903

brouberol updated the task description. (Show Details)Nov 8 2024, 8:30 AM
Maintenance_bot removed a project: Patch-For-Review.Nov 8 2024, 8:30 AM
brouberol added a comment.Nov 8 2024, 8:40 AM
brouberol@build2001:~$ sudo -i docker-registryctl delete-tags docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-wmde
We're about to delete the following tags for image docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-wmde:
2024-09-30-140133-41ea2e753e212daa7e629c1250483541628ef4bb
2024-09-30-201732-2e16654a5fb27caa8d4caaba0adb40a2c698941d
2024-10-02-104728-dced184460bb23579922f79635b52a72e0133ed9
2024-10-03-062733-f05d651d30211a2a0a0aca6ee8090cf2952907c7
2024-10-03-113720-09516d4222c90df922eb97b14b94194c5a092645
2024-10-23-160439-be3bc0ab22340f0cc36c9ff6a2e807945f54a10b
2024-10-30-072621-9a3d4fd936a645aeafba4dd3eb545b1a372e622c
2024-11-05-102154-c8283287719a9f3c1c01f1ac6e906eeb45ed870a
2024-11-05-112404-8f09ae087aa25d2ff087a5c533267bb8866a90cd
2024-11-05-131346-0fc1fb8e6bd426fae9e5ecdfeba9c920900a28bf
2024-11-07-090322-8a86a1726a5f6b284d66d413ee69b234a97e8acb
Ok to proceed? (y/n)y
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-wmde:2024-09-30-140133-41ea2e753e212daa7e629c1250483541628ef4bb[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-wmde:2024-09-30-201732-2e16654a5fb27caa8d4caaba0adb40a2c698941d[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-wmde:2024-10-02-104728-dced184460bb23579922f79635b52a72e0133ed9[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-wmde:2024-10-03-062733-f05d651d30211a2a0a0aca6ee8090cf2952907c7[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-wmde:2024-10-03-113720-09516d4222c90df922eb97b14b94194c5a092645[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-wmde:2024-10-23-160439-be3bc0ab22340f0cc36c9ff6a2e807945f54a10b[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-wmde:2024-10-30-072621-9a3d4fd936a645aeafba4dd3eb545b1a372e622c[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-wmde:2024-11-05-102154-c8283287719a9f3c1c01f1ac6e906eeb45ed870a[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-wmde:2024-11-05-112404-8f09ae087aa25d2ff087a5c533267bb8866a90cd[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-wmde:2024-11-05-131346-0fc1fb8e6bd426fae9e5ecdfeba9c920900a28bf[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-wmde:2024-11-07-090322-8a86a1726a5f6b284d66d413ee69b234a97e8acb[DONE]
brouberol@build2001:~$ sudo -i docker-registryctl delete-tags docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-platform-eng
We're about to delete the following tags for image docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-platform-eng:
2024-09-30-140133-41ea2e753e212daa7e629c1250483541628ef4bb
2024-09-30-201732-2e16654a5fb27caa8d4caaba0adb40a2c698941d
2024-10-02-104728-dced184460bb23579922f79635b52a72e0133ed9
2024-10-03-062733-f05d651d30211a2a0a0aca6ee8090cf2952907c7
2024-10-03-113720-09516d4222c90df922eb97b14b94194c5a092645
2024-10-23-160439-be3bc0ab22340f0cc36c9ff6a2e807945f54a10b
2024-10-30-072621-9a3d4fd936a645aeafba4dd3eb545b1a372e622c
2024-11-05-102154-c8283287719a9f3c1c01f1ac6e906eeb45ed870a
2024-11-05-112404-8f09ae087aa25d2ff087a5c533267bb8866a90cd
2024-11-05-131346-0fc1fb8e6bd426fae9e5ecdfeba9c920900a28bf
2024-11-07-090322-8a86a1726a5f6b284d66d413ee69b234a97e8acb
Ok to proceed? (y/n)y
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-platform-eng:2024-09-30-140133-41ea2e753e212daa7e629c1250483541628ef4bb[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-platform-eng:2024-09-30-201732-2e16654a5fb27caa8d4caaba0adb40a2c698941d[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-platform-eng:2024-10-02-104728-dced184460bb23579922f79635b52a72e0133ed9[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-platform-eng:2024-10-03-062733-f05d651d30211a2a0a0aca6ee8090cf2952907c7[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-platform-eng:2024-10-03-113720-09516d4222c90df922eb97b14b94194c5a092645[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-platform-eng:2024-10-23-160439-be3bc0ab22340f0cc36c9ff6a2e807945f54a10b[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-platform-eng:2024-10-30-072621-9a3d4fd936a645aeafba4dd3eb545b1a372e622c[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-platform-eng:2024-11-05-102154-c8283287719a9f3c1c01f1ac6e906eeb45ed870a[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-platform-eng:2024-11-05-112404-8f09ae087aa25d2ff087a5c533267bb8866a90cd[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-platform-eng:2024-11-05-131346-0fc1fb8e6bd426fae9e5ecdfeba9c920900a28bf[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-platform-eng:2024-11-07-090322-8a86a1726a5f6b284d66d413ee69b234a97e8acb[DONE]
brouberol@build2001:~$ sudo -i docker-registryctl delete-tags docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-product
We're about to delete the following tags for image docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-product:
2024-09-30-140133-41ea2e753e212daa7e629c1250483541628ef4bb
2024-09-30-201732-2e16654a5fb27caa8d4caaba0adb40a2c698941d
2024-10-02-104728-dced184460bb23579922f79635b52a72e0133ed9
2024-10-03-062733-f05d651d30211a2a0a0aca6ee8090cf2952907c7
2024-10-03-113720-09516d4222c90df922eb97b14b94194c5a092645
2024-10-23-160439-be3bc0ab22340f0cc36c9ff6a2e807945f54a10b
2024-10-30-072621-9a3d4fd936a645aeafba4dd3eb545b1a372e622c
2024-11-05-102154-c8283287719a9f3c1c01f1ac6e906eeb45ed870a
2024-11-05-112404-8f09ae087aa25d2ff087a5c533267bb8866a90cd
2024-11-05-131346-0fc1fb8e6bd426fae9e5ecdfeba9c920900a28bf
2024-11-07-084034-0fc1fb8e6bd426fae9e5ecdfeba9c920900a28bf
2024-11-07-090322-8a86a1726a5f6b284d66d413ee69b234a97e8acb
Ok to proceed? (y/n)y
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-product:2024-09-30-140133-41ea2e753e212daa7e629c1250483541628ef4bb[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-product:2024-09-30-201732-2e16654a5fb27caa8d4caaba0adb40a2c698941d[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-product:2024-10-02-104728-dced184460bb23579922f79635b52a72e0133ed9[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-product:2024-10-03-062733-f05d651d30211a2a0a0aca6ee8090cf2952907c7[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-product:2024-10-03-113720-09516d4222c90df922eb97b14b94194c5a092645[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-product:2024-10-23-160439-be3bc0ab22340f0cc36c9ff6a2e807945f54a10b[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-product:2024-10-30-072621-9a3d4fd936a645aeafba4dd3eb545b1a372e622c[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-product:2024-11-05-102154-c8283287719a9f3c1c01f1ac6e906eeb45ed870a[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-product:2024-11-05-112404-8f09ae087aa25d2ff087a5c533267bb8866a90cd[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-product:2024-11-05-131346-0fc1fb8e6bd426fae9e5ecdfeba9c920900a28bf[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-product:2024-11-07-084034-0fc1fb8e6bd426fae9e5ecdfeba9c920900a28bf[GONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-product:2024-11-07-090322-8a86a1726a5f6b284d66d413ee69b234a97e8acb[DONE]
brouberol@build2001:~$ sudo -i docker-registryctl delete-tags docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-research
We're about to delete the following tags for image docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-research:
2024-09-30-140133-41ea2e753e212daa7e629c1250483541628ef4bb
2024-09-30-201732-2e16654a5fb27caa8d4caaba0adb40a2c698941d
2024-10-02-104728-dced184460bb23579922f79635b52a72e0133ed9
2024-10-03-062733-f05d651d30211a2a0a0aca6ee8090cf2952907c7
2024-10-03-113720-09516d4222c90df922eb97b14b94194c5a092645
2024-10-23-160439-be3bc0ab22340f0cc36c9ff6a2e807945f54a10b
2024-10-30-072621-9a3d4fd936a645aeafba4dd3eb545b1a372e622c
2024-11-05-102154-c8283287719a9f3c1c01f1ac6e906eeb45ed870a
2024-11-05-112404-8f09ae087aa25d2ff087a5c533267bb8866a90cd
2024-11-05-131346-0fc1fb8e6bd426fae9e5ecdfeba9c920900a28bf
2024-11-07-090322-8a86a1726a5f6b284d66d413ee69b234a97e8acb
Ok to proceed? (y/n)y
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-research:2024-09-30-140133-41ea2e753e212daa7e629c1250483541628ef4bb[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-research:2024-09-30-201732-2e16654a5fb27caa8d4caaba0adb40a2c698941d[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-research:2024-10-02-104728-dced184460bb23579922f79635b52a72e0133ed9[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-research:2024-10-03-062733-f05d651d30211a2a0a0aca6ee8090cf2952907c7[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-research:2024-10-03-113720-09516d4222c90df922eb97b14b94194c5a092645[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-research:2024-10-23-160439-be3bc0ab22340f0cc36c9ff6a2e807945f54a10b[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-research:2024-10-30-072621-9a3d4fd936a645aeafba4dd3eb545b1a372e622c[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-research:2024-11-05-102154-c8283287719a9f3c1c01f1ac6e906eeb45ed870a[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-research:2024-11-05-112404-8f09ae087aa25d2ff087a5c533267bb8866a90cd[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-research:2024-11-05-131346-0fc1fb8e6bd426fae9e5ecdfeba9c920900a28bf[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-research:2024-11-07-090322-8a86a1726a5f6b284d66d413ee69b234a97e8acb[DONE]
brouberol@build2001:~$ sudo -i docker-registryctl delete-tags docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-search
We're about to delete the following tags for image docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-search:
2024-09-30-140133-41ea2e753e212daa7e629c1250483541628ef4bb
2024-09-30-201732-2e16654a5fb27caa8d4caaba0adb40a2c698941d
2024-10-02-104728-dced184460bb23579922f79635b52a72e0133ed9
2024-10-03-062733-f05d651d30211a2a0a0aca6ee8090cf2952907c7
2024-10-03-113720-09516d4222c90df922eb97b14b94194c5a092645
2024-10-23-160439-be3bc0ab22340f0cc36c9ff6a2e807945f54a10b
2024-10-30-072621-9a3d4fd936a645aeafba4dd3eb545b1a372e622c
2024-11-05-102154-c8283287719a9f3c1c01f1ac6e906eeb45ed870a
2024-11-05-112404-8f09ae087aa25d2ff087a5c533267bb8866a90cd
2024-11-05-131346-0fc1fb8e6bd426fae9e5ecdfeba9c920900a28bf
2024-11-07-084034-0fc1fb8e6bd426fae9e5ecdfeba9c920900a28bf
2024-11-07-090322-8a86a1726a5f6b284d66d413ee69b234a97e8acb
Ok to proceed? (y/n)y
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-search:2024-09-30-140133-41ea2e753e212daa7e629c1250483541628ef4bb[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-search:2024-09-30-201732-2e16654a5fb27caa8d4caaba0adb40a2c698941d[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-search:2024-10-02-104728-dced184460bb23579922f79635b52a72e0133ed9[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-search:2024-10-03-062733-f05d651d30211a2a0a0aca6ee8090cf2952907c7[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-search:2024-10-03-113720-09516d4222c90df922eb97b14b94194c5a092645[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-search:2024-10-23-160439-be3bc0ab22340f0cc36c9ff6a2e807945f54a10b[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-search:2024-10-30-072621-9a3d4fd936a645aeafba4dd3eb545b1a372e622c[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-search:2024-11-05-102154-c8283287719a9f3c1c01f1ac6e906eeb45ed870a[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-search:2024-11-05-112404-8f09ae087aa25d2ff087a5c533267bb8866a90cd[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-search:2024-11-05-131346-0fc1fb8e6bd426fae9e5ecdfeba9c920900a28bf[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-search:2024-11-07-084034-0fc1fb8e6bd426fae9e5ecdfeba9c920900a28bf[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics-search:2024-11-07-090322-8a86a1726a5f6b284d66d413ee69b234a97e8acb[DONE]
brouberol@build2001:~$ sudo -i docker-registryctl delete-tags docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics
We're about to delete the following tags for image docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics:
2024-09-30-140133-41ea2e753e212daa7e629c1250483541628ef4bb
2024-09-30-201732-2e16654a5fb27caa8d4caaba0adb40a2c698941d
2024-10-02-104728-dced184460bb23579922f79635b52a72e0133ed9
2024-10-03-062733-f05d651d30211a2a0a0aca6ee8090cf2952907c7
2024-10-03-113720-09516d4222c90df922eb97b14b94194c5a092645
2024-10-23-160439-be3bc0ab22340f0cc36c9ff6a2e807945f54a10b
2024-10-30-072621-9a3d4fd936a645aeafba4dd3eb545b1a372e622c
2024-11-05-102154-c8283287719a9f3c1c01f1ac6e906eeb45ed870a
2024-11-05-112404-8f09ae087aa25d2ff087a5c533267bb8866a90cd
2024-11-05-131346-0fc1fb8e6bd426fae9e5ecdfeba9c920900a28bf
2024-11-07-084034-0fc1fb8e6bd426fae9e5ecdfeba9c920900a28bf
2024-11-07-090322-8a86a1726a5f6b284d66d413ee69b234a97e8acb
Ok to proceed? (y/n)y
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics:2024-09-30-140133-41ea2e753e212daa7e629c1250483541628ef4bb[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics:2024-09-30-201732-2e16654a5fb27caa8d4caaba0adb40a2c698941d[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics:2024-10-02-104728-dced184460bb23579922f79635b52a72e0133ed9[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics:2024-10-03-062733-f05d651d30211a2a0a0aca6ee8090cf2952907c7[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics:2024-10-03-113720-09516d4222c90df922eb97b14b94194c5a092645[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics:2024-10-23-160439-be3bc0ab22340f0cc36c9ff6a2e807945f54a10b[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics:2024-10-30-072621-9a3d4fd936a645aeafba4dd3eb545b1a372e622c[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics:2024-11-05-102154-c8283287719a9f3c1c01f1ac6e906eeb45ed870a[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics:2024-11-05-112404-8f09ae087aa25d2ff087a5c533267bb8866a90cd[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics:2024-11-05-131346-0fc1fb8e6bd426fae9e5ecdfeba9c920900a28bf[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics:2024-11-07-084034-0fc1fb8e6bd426fae9e5ecdfeba9c920900a28bf[DONE]
docker-registry.discovery.wmnet/repos/data-engineering/airflow/analytics:2024-11-07-090322-8a86a1726a5f6b284d66d413ee69b234a97e8acb[DONE]
brouberol@build2001:~$
brouberol updated the task description. (Show Details)Nov 8 2024, 8:40 AM
Gehel edited projects, added Data-Platform-SRE (2024.11.09 - 2024.11.29); removed Data-Platform-SRE (2024.10.19 - 2024.11.08).Nov 8 2024, 9:48 AM
Gehel moved this task from Backlog - project to In Progress on the Data-Platform-SRE (2024.11.09 - 2024.11.29) board.
gerritbot added a comment.Nov 8 2024, 11:26 AM

Change #1088543 had a related patch set uploaded (by Brouberol; author: Brouberol):

[operations/deployment-charts@master] airflow: remove fsGroup stanzas as all containers are running with the same uid/gid

https://gerrit.wikimedia.org/r/1088543

gerritbot added a project: Patch-For-Review.Nov 8 2024, 11:26 AM
brouberol moved this task from In Progress to Needs Review on the Data-Platform-SRE (2024.11.09 - 2024.11.29) board.Nov 8 2024, 11:26 AM
Gehel triaged this task as High priority.Nov 8 2024, 2:23 PM
gerritbot added a comment.Nov 13 2024, 1:02 PM

Change #1088543 merged by Brouberol:

[operations/deployment-charts@master] airflow: remove fsGroup stanzas as all containers are running with the same uid/gid

https://gerrit.wikimedia.org/r/1088543

Maintenance_bot removed a project: Patch-For-Review.Nov 13 2024, 1:31 PM
brouberol closed this task as Resolved.Nov 13 2024, 1:47 PM
brouberol moved this task from Needs Review to Done on the Data-Platform-SRE (2024.11.09 - 2024.11.29) board.
gerritbot added a comment.Nov 13 2024, 2:17 PM

Change #1090860 had a related patch set uploaded (by Brouberol; author: Brouberol):

[operations/deployment-charts@master] Revert "airflow: remove fsGroup stanzas as all containers are running with the same uid/gid"

https://gerrit.wikimedia.org/r/1090860

gerritbot added a project: Patch-For-Review.Nov 13 2024, 2:17 PM

Change #1090860 merged by Brouberol:

[operations/deployment-charts@master] Revert "airflow: remove fsGroup stanzas as all containers are running with the same uid/gid"

https://gerrit.wikimedia.org/r/1090860

Maintenance_bot removed a project: Patch-For-Review.Nov 13 2024, 2:31 PM
Gehel moved this task from Done to Reported on the Data-Platform-SRE (2024.11.09 - 2024.11.29) board.Nov 15 2024, 2:22 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits