Page MenuHomePhabricator
Create Task
Maniphest T86903

Change mwdeploy homeDirectory field in LDAP from /home/mwdeploy to /var/lib/mwdeploy
Closed, DeclinedPublic
Actions

Description

Some random puppet change has been pushed early today around 8:00am UTC which caused the Beta cluster scap to fails.

The root cause is that mwdeploy homedir is /home/mwdeploy but should be /var/lib/mwdeploy , thus the scap script wrapper fails to ssh-add because it can't find the ssh key.

$ getent passwd mwdeploy
mwdeploy:x:603:603:mwdeploy:/home/mwdeploy:/bin/bash
$ ldaplist -l passwd mwdeploy|grep homeDirectory
	homeDirectory: /home/mwdeploy
$

We would need to update the mwdeploy homeDirectory in LDAP to point to /var/lib/mwdeploy. We did the same for the jenkins-deploy user used by Jenkins slaves:

$ ldaplist -l passwd jenkins-deploy|grep homeDirectory
	homeDirectory: /mnt/home/jenkins-deploy

Related Objects
Search...

Event Timeline

hashar created this task.Jan 15 2015, 11:12 AM
hashar raised the priority of this task from to Needs Triage.
hashar updated the task description. (Show Details)
hashar added projects: Beta-Cluster-Infrastructure, acl*sre-team, Cloud-VPS.
hashar added subscribers: mmodell, yuvipanda, hashar, Aklapper.
hashar mentioned this in T86668: Make all ldap users have a sane shell (/bin/bash).Jan 15 2015, 11:16 AM
Reedy subscribed.Jan 15 2015, 1:42 PM

I blame @yuvipanda

07:19 YuviPanda: set home of mwdeploy to /home/mwdeploy in LDAP
greg mentioned this in T86901: beta-scap-eqiad fails due to ssh-add not finding mwdeploy ssh key.Jan 15 2015, 5:08 PM
yuvipanda closed this task as Declined.Jan 15 2015, 6:39 PM
yuvipanda claimed this task.

It's /home/mwdeploy in prod, should be /home/mwdeploy in beta.

hashar added a comment.Jan 15 2015, 9:10 PM
In T86903#980010, @yuvipanda wrote:

It's /home/mwdeploy in prod, should be /home/mwdeploy in beta.

Yeah that make sense. Though on labs /home/ is shared on all instances whereas /var/lib/mwdeploy is local to the instance. That is probably why the private key was put there.

Then if one has root and can access /home, he can access /var/lib/mwdeploy on deployment-bastion. So it is not a big deal.

greg moved this task from To Triage to Done on the Beta-Cluster-Infrastructure board.Jan 17 2015, 6:35 PM
Aklapper added a project: Cloud-Services.Apr 29 2015, 12:20 PM
Phabricator_maintenance removed a subscriber: yuvipanda.Jun 7 2017, 6:55 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL