Page MenuHomePhabricator
Create Task
Maniphest T64529

Create l10nupdate users and group with id 10002
Closed, ResolvedPublic
Actions

Description

The production manifests to install an application server rely on user/group l10nupdate with GID 10002 and an UID generated locally on each application server. The home dir is hardcoded everywhere to point to /home/l10nupdate

On labs, /home is a shared folder and puppet can not set the uid/gid for /home/l10nupdate because NFS prevents to do so. Additionally each instance would assign a different UID to l10nupdate user which would cause the files to change of UID whenever puppet run on a different instance.

A way to solve it would be to create a l10nupdate user with UID 10002 and a l10nupdate group with GID 10002. The ids would then be usable on the NFS server and they will be identical on each instances.

Version: unspecified
Severity: normal

Details

Reference
bz62529

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 3:00 AM
bzimport added a project: Beta-Cluster-Infrastructure.
bzimport set Reference to bz62529.
bzimport added a subscriber: Unknown Object (MLST).
hashar created this task.Mar 11 2014, 1:20 PM
hashar added a comment.Mar 11 2014, 1:39 PM

As discussed with Coren, we need to fix the ID madness in production.

hashar added a comment.Mar 11 2014, 1:48 PM

Coren instructed to:

  1. create a l10nupdate group at https://wikitech.wikimedia.org/wiki/Special:NovaServiceGroup (done)
  1. get rid of hardcoded gid/uid in puppet manifests
gerritbot added a comment.Mar 11 2014, 2:15 PM

Change 118071 had a related patch set uploaded by Hashar:
Tweak l10nupdate user/group creations for beta cluster

https://gerrit.wikimedia.org/r/118071

gerritbot added a comment.Mar 14 2014, 1:38 PM

Change 118071 merged by coren:
beta: skip l10nupdate user/group creation

https://gerrit.wikimedia.org/r/118071

hashar added a comment.Mar 14 2014, 1:39 PM

I did create a l10nupdate user using the wikitech interface and Coren tweaked it is uid/gid:

$ ldaplist -l passwd l10nupdate

dn: uid=l10nupdate,ou=people,dc=wikimedia,dc=org
uid: l10nupdate
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: ldappublickey
objectClass: shadowaccount
objectClass: posixaccount
objectClass: top
loginShell: /usr/local/bin/sillyshell
uidNumber: 602
gidNumber: 602
sn: L10nupdate
homeDirectory: /home/l10nupdate
mail: hashar@free.fr
cn: L10nupdate

Aka GID/UID set to 602.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL