Page MenuHomePhabricator

Trusty instances do not show the motd banners
Closed, ResolvedPublic

Description

Instances running Ubuntu Trusty (tools-trusty as bastion and tools-exec-12 as execution node) do not show the Tools motd banners:

[tim@passepartout ~]$ ssh -o ControlPath=none trusty.tools.wmflabs.org

If you are having access problems, please see: https://wikitech.wikimedia.org/wiki/Access#Accessing_public_and_private_instances
Last login: Thu Dec 25 08:39:59 2014 from e177164030.adsl.alicedsl.de
scfc@tools-trusty:~$ Abgemeldet
Connection to trusty.tools.wmflabs.org closed.
[tim@passepartout ~]$ ssh -o 'ControlPath none' trusty.tools.wmflabs.org

If you are having access problems, please see: https://wikitech.wikimedia.org/wiki/Access#Accessing_public_and_private_instances
Last login: Thu Dec 25 11:23:39 2014 from e177164030.adsl.alicedsl.de
scfc@tools-trusty:~$ Abgemeldet
Connection to trusty.tools.wmflabs.org closed.
[tim@passepartout ~]$ ssh -o 'ControlPath none' tools-exec-12.eqiad.wmflabs
Last login: Thu Aug 21 19:19:32 2014 from bastion1.eqiad.wmflabs
scfc@tools-exec-12:~$ Abgemeldet
Connection to tools-exec-12.eqiad.wmflabs closed.
[tim@passepartout ~]$

Details

Related Gerrit Patches:
operations/puppet : productionLabs: Create /etc/motd unconditionally
operations/puppet : productionFix motd on Trusty instances

Event Timeline

scfc created this task.Dec 25 2014, 11:28 AM
scfc updated the task description. (Show Details)
scfc added a project: Toolforge.
scfc added a subscriber: scfc.
scfc updated the task description. (Show Details)Dec 25 2014, 11:30 AM
scfc set Security to None.
scfc added a comment.Dec 25 2014, 11:50 AM

This bug seems to be related. Apparently, the configuration of pam_motd is different for console and sshd logins:

scfc@toolsbeta-exec-01:~$ fgrep motd /etc/pam.d/*
/etc/pam.d/login:# This includes a dynamically generated part from /run/motd.dynamic
/etc/pam.d/login:# and a static (admin-editable) part from /etc/motd.
/etc/pam.d/login:session    optional   pam_motd.so  motd=/run/motd.dynamic noupdate
/etc/pam.d/login:session    optional   pam_motd.so
/etc/pam.d/sshd:session    optional     pam_motd.so # [1]
scfc@toolsbeta-exec-01:~$

Change 181789 had a related patch set uploaded (by Tim Landscheidt):
Fix motd on Trusty instances

https://gerrit.wikimedia.org/r/181789

Patch-For-Review

scfc moved this task from Triage to In Progress on the Toolforge board.Feb 18 2015, 5:22 PM

Change 204748 had a related patch set uploaded (by Tim Landscheidt):
Labs: Create /etc/motd unconditionally

https://gerrit.wikimedia.org/r/204748

faidon added a subscriber: faidon.Apr 17 2015, 11:56 AM

Labs' outdated PAM config is a problem that needs to be solved. See T85910.

Change 181789 abandoned by Tim Landscheidt:
Fix motd on Trusty instances

Reason:
As a workaround for T85910, Iceb1b0f0782a2c9fd36004fda80dff3ad2125008 is more suitable.

https://gerrit.wikimedia.org/r/181789

Change 204748 abandoned by Tim Landscheidt:
Labs: Create /etc/motd unconditionally

Reason:
Fair enough.

https://gerrit.wikimedia.org/r/204748

scfc moved this task from In Progress to Backlog on the Toolforge board.
valhallasw triaged this task as Medium priority.Apr 27 2015, 12:24 PM
valhallasw added a subscriber: valhallasw.
chasemp assigned this task to coren.Dec 3 2015, 2:41 PM
chasemp added a subscriber: chasemp.

this should be fixed now I believe?

coren closed this task as Resolved.Dec 3 2015, 2:46 PM

It is, as a side effect of the PAM fix.

hashar added a subscriber: hashar.Jun 1 2016, 10:11 AM

The PAM fixed is explained on https://lists.wikimedia.org/pipermail/labs-l/2015-December/004158.html which namely involves running on the instance /usr/local/sbin/cleanup-pam-config.

I have caught a few trusty instances on CI and beta cluster, got them fixed.