Page MenuHomePhabricator

Change mwdeploy homeDirectory field in LDAP from /home/mwdeploy to /var/lib/mwdeploy
Closed, DeclinedPublic


Some random puppet change has been pushed early today around 8:00am UTC which caused the Beta cluster scap to fails.

The root cause is that mwdeploy homedir is /home/mwdeploy but should be /var/lib/mwdeploy , thus the scap script wrapper fails to ssh-add because it can't find the ssh key.

$ getent passwd mwdeploy
$ ldaplist -l passwd mwdeploy|grep homeDirectory
	homeDirectory: /home/mwdeploy

We would need to update the mwdeploy homeDirectory in LDAP to point to /var/lib/mwdeploy. We did the same for the jenkins-deploy user used by Jenkins slaves:

$ ldaplist -l passwd jenkins-deploy|grep homeDirectory
	homeDirectory: /mnt/home/jenkins-deploy

Event Timeline

hashar raised the priority of this task from to Needs Triage.
hashar updated the task description. (Show Details)
hashar added subscribers: mmodell, yuvipanda, hashar, Aklapper.

I blame @yuvipanda

07:19 YuviPanda: set home of mwdeploy to /home/mwdeploy in LDAP
yuvipanda claimed this task.

It's /home/mwdeploy in prod, should be /home/mwdeploy in beta.

It's /home/mwdeploy in prod, should be /home/mwdeploy in beta.

Yeah that make sense. Though on labs /home/ is shared on all instances whereas /var/lib/mwdeploy is local to the instance. That is probably why the private key was put there.

Then if one has root and can access /home, he can access /var/lib/mwdeploy on deployment-bastion. So it is not a big deal.