Page MenuHomePhabricator

Trusty instances do not show the motd banners
Closed, ResolvedPublic

Description

Instances running Ubuntu Trusty (tools-trusty as bastion and tools-exec-12 as execution node) do not show the Tools motd banners:

[tim@passepartout ~]$ ssh -o ControlPath=none trusty.tools.wmflabs.org

If you are having access problems, please see: https://wikitech.wikimedia.org/wiki/Access#Accessing_public_and_private_instances
Last login: Thu Dec 25 08:39:59 2014 from e177164030.adsl.alicedsl.de
scfc@tools-trusty:~$ Abgemeldet
Connection to trusty.tools.wmflabs.org closed.
[tim@passepartout ~]$ ssh -o 'ControlPath none' trusty.tools.wmflabs.org

If you are having access problems, please see: https://wikitech.wikimedia.org/wiki/Access#Accessing_public_and_private_instances
Last login: Thu Dec 25 11:23:39 2014 from e177164030.adsl.alicedsl.de
scfc@tools-trusty:~$ Abgemeldet
Connection to trusty.tools.wmflabs.org closed.
[tim@passepartout ~]$ ssh -o 'ControlPath none' tools-exec-12.eqiad.wmflabs
Last login: Thu Aug 21 19:19:32 2014 from bastion1.eqiad.wmflabs
scfc@tools-exec-12:~$ Abgemeldet
Connection to tools-exec-12.eqiad.wmflabs closed.
[tim@passepartout ~]$

Event Timeline

scfc updated the task description. (Show Details)
scfc added a project: Toolforge.
scfc added a subscriber: scfc.
scfc set Security to None.

This bug seems to be related. Apparently, the configuration of pam_motd is different for console and sshd logins:

scfc@toolsbeta-exec-01:~$ fgrep motd /etc/pam.d/*
/etc/pam.d/login:# This includes a dynamically generated part from /run/motd.dynamic
/etc/pam.d/login:# and a static (admin-editable) part from /etc/motd.
/etc/pam.d/login:session    optional   pam_motd.so  motd=/run/motd.dynamic noupdate
/etc/pam.d/login:session    optional   pam_motd.so
/etc/pam.d/sshd:session    optional     pam_motd.so # [1]
scfc@toolsbeta-exec-01:~$

Change 181789 had a related patch set uploaded (by Tim Landscheidt):
Fix motd on Trusty instances

https://gerrit.wikimedia.org/r/181789

Patch-For-Review

Change 204748 had a related patch set uploaded (by Tim Landscheidt):
Labs: Create /etc/motd unconditionally

https://gerrit.wikimedia.org/r/204748

Labs' outdated PAM config is a problem that needs to be solved. See T85910.

Change 181789 abandoned by Tim Landscheidt:
Fix motd on Trusty instances

Reason:
As a workaround for T85910, Iceb1b0f0782a2c9fd36004fda80dff3ad2125008 is more suitable.

https://gerrit.wikimedia.org/r/181789

Change 204748 abandoned by Tim Landscheidt:
Labs: Create /etc/motd unconditionally

Reason:
Fair enough.

https://gerrit.wikimedia.org/r/204748

valhallasw added a subscriber: valhallasw.
chasemp added a subscriber: chasemp.

this should be fixed now I believe?

It is, as a side effect of the PAM fix.

The PAM fixed is explained on https://lists.wikimedia.org/pipermail/labs-l/2015-December/004158.html which namely involves running on the instance /usr/local/sbin/cleanup-pam-config.

I have caught a few trusty instances on CI and beta cluster, got them fixed.