Page MenuHomePhabricator

Grant yurik access to sca1001 cluster for graphoid debugging/restarts
Closed, ResolvedPublic

Description

Obviously yurik, being the service owner of graphoid needs to be able:

  • to issue restarts to the service
  • assume the uid of the service itself for debugging
  • read the log file of the service locally should be need arise. (logstash should be preferred though)

https://phabricator.wikimedia.org/rOPUPa3c7cb9b9f6e14bf52383a7845ab9fd1ea66d97f added the necessary rights but they have not been yet assigned to the SCA cluster. For this to happen https://gerrit.wikimedia.org/r/#/c/208998/ needs to be merged. This is sudo access so deferring to the ops meeting on Monday.

Event Timeline

akosiaris created this task.May 6 2015, 5:18 PM
akosiaris raised the priority of this task from to Normal.
akosiaris updated the task description. (Show Details)
akosiaris added a project: SRE-Access-Requests.
akosiaris added a subscriber: akosiaris.
Restricted Application added a project: acl*sre-team. · View Herald TranscriptMay 6 2015, 5:18 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript

Change 208998 had a related patch set uploaded (by Alexandros Kosiaris):
Assign graphoid-admin to the SCA cluster

https://gerrit.wikimedia.org/r/208998

No meeting on Monday so it waits another week. Can we get manager sign-off in the meantime? That would have been tfinc but leave etc so... @Manybubbles ? (Whom I will add momentarily)

Yurik set Security to None.
Yurik added a subscriber: Westonnh.

I agree Yurik should have this access.

I approve as manager

request granted in may 18 ops meeting

Change 208998 merged by Alexandros Kosiaris:
Assign graphoid-admin to the SCA cluster

https://gerrit.wikimedia.org/r/208998

akosiaris closed this task as Resolved.May 18 2015, 6:53 PM
akosiaris claimed this task.
akosiaris added a subscriber: Yurik.

Resolving. user has been created and granted privileges as on patch. @Yurik, the sca cluster has a firewall and is accessible via bastion hosts. Don't forget to proxy via bast1001 or similar and remember you won't be able to connect via SSH from other hosts.