In production, the 'sql' shell script will transparently connect a mysql client to the database of whatever project name is passed in parameter. We need a similar wrapper in beta.
The production script relies on wikiadmin_pass which can only be run by members of the wikidev group. That in turns does not exist on beta.
Version: unspecified
Severity: enhancement
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=63803
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Open | None | T53494 Use Beta cluster as a true canary for code deployments (epic) | |||
| Open | None | T87220 Minimize infrastructure differences between Beta Cluster and production | |||
| Resolved | yuvipanda | T76392 Reduce [LOCAL HACK] changes on Beta Cluster to zero | |||
| Resolved | yuvipanda | T47706 shell wrapper to connect to databases |
As a workaround, I use the very lame:
$ cat sql
#!/bin/sh
USER=php -r 'include("/home/wikipedia/common/wmf-config/PrivateSettings.php"); print $wgDBuser;'
PASS=php -r 'include("/home/wikipedia/common/wmf-config/PrivateSettings.php"); print $wgDBpassword;'
HOST="deployment-sql"
mysql -u $USER -p$PASS -h $HOST
$
We should use the production sql script. It does not work right now because:
(In reply to Antoine "hashar" Musso from comment #2)
We should use the production sql script. It does not work right now because:
- wikiadmin_pass belongs to the wikidev group (which does not exist on beta)
The wikidev group does now exist in eqiad labs and beta.
- the password there is wrong, it is populated by puppet
This password is taken from the puppet variable $passwords::misc::scripts::wikiadmin_pass. Since we have a local puppet master for beta now we can override this variable with a local commit to /var/lib/git/labs/private/modules/passwords/manifests/init.pp on the deployment-salt host. If someone knows the password for the "wikiadmin" mysql account in beta I'd be happy to fix this.
[08:47] < bd808> hoo: We are just missing a password in the private puppet repo at this point. S.pringle probably knows what it is.
[08:47] < hoo> bd808: No, we don't
[08:47] < hoo> wikiadmin_pass is correct there
[08:48] < hoo> just the user is not wikiadmin, but mw
Fixed via a local commit in the puppet repo on deployment-salt:
$ git show --pretty 52fc928
commit 52fc92891d53267ff2ed82b917017c288cdebaa2
Author: Bryan Davis <bd808@wikimedia.org>
Date: Thu Aug 28 19:01:51 2014 +0000
[LOCAL HACK] Change MySQL admin user in sql script
For whatever reason the admin database user in beta has a different name than
in production. Hack puppet to make this change.
Bug: 45706
diff --git a/files/misc/scripts/sql b/files/misc/scripts/sql
index 2f1cddf..e5c62d1 100755
--- a/files/misc/scripts/sql
+++ b/files/misc/scripts/sql
@@ -26,7 +26,7 @@ fi
host=`echo 'echo wfGetLB()->getServerName(0);' | /usr/local/bin/mwscript eval.php --wiki="$lookupdb"`
# MySQL user credentials.
-MU=wikiadmin
+MU=mw
MP=`wikiadmin_pass`
# Execute mysql.Usage:
$ sql deploymentwiki (mw@deployment-db1) [deploymentwiki]>
Hmm, I wonder if the solution is not to just create a wikiadmin user on betacluster, and have things use that rather than the 'mw' user?
A workaround is currently applied for this on the beta cluster has a local hack:
[LOCAL HACK] T47706 Change MySQL admin user in sql script
files/misc/scripts/sql -MU=wikiadmin +MU=mw
That is probably the easiest :-) That will definitely please our DBA Sean whenever he needs to interact with the beta cluster DBs. We probably just need to create a user then apply the change to the PrivateSettings.php file.
I just created the wikiadmin user with same password as mw user and dropped that LOCAL HACK from deployment-salt. Seems to work fine on deployment-bastion.
And switched MW to run from that, by editing PrivateSettings.php on deployment-bastion and running scap. \o/