[Labs-l] RFC: Webtools setup
Ryan Lane
rlane32 at gmail.com
Fri Feb 15 02:05:17 UTC 2013
On Thu, Feb 14, 2013 at 5:56 PM, Tim Landscheidt <tim at tim-landscheidt.de>wrote:
> (anonymous) wrote:
>
> > I'm not sure about what you mean. The tools uids should not collision
> > with the LDAP users, and we should have a central store of them. We
> > talked about this in irc some time ago, with no clear results. Although
> > I think it would be safe to start tool uids with eg. 50000.
>
> The problem I see is that user TOOL on instance A creates a
> file on /data/project, and on instance B it must appear that
> this file belongs to user TOOL on that machine. So either
> glusterfs must somehow handle this with some magic, or we
> have to synchronize users and groups project-wide so that
> user TOOL has uid 50000 on all instances. The latter should
> be possible by changing the puppet module to check that
> "user TOOL exists with uid 50000", but if glusterfs had some
> automatic mapping that would be even greater.
>
>
Well, it's just NSS handling the mapping. The filesystem is just a normal
posix filesystem and knows about uids and gids, not the mappings. If the
users/groups are created as system accounts on the instances then it would
need to occur on all of the instances. LDAP accounts are automatically
accessible between all projects, but I'm not sure if we want to create LDAP
accounts for this.
Note that project groups are 50000+ right now. Maybe we should have some
ranges defined somewhere in puppet?
- Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wikimedia.org/pipermail/labs-l/attachments/20130214/a8f52f9c/attachment-0001.html>
More information about the Labs-l
mailing list