[Labs-l] [beta] new bastion + file perms changes
Antoine Musso
hashar+wmf at free.fr
Mon Nov 5 22:06:51 UTC 2012
Hello,
Any people having shell access to the beta cluster (deployment-prep
project in labs) should now use deployment-bastion to do their work
instead of deployment-dbdump.
The deployment-bastion instance is a bit more powerfull and has been
installed using puppet classes. So it should be robust and exempt of
hacks. If anything is wrong there, changes should be made to the puppet
classes.
Part of the reason for this change is stop us fighting with permissions
rights in /home/wikipedia/common. We had several issues:
- some people have a GID of 500 (wikidev) others have GID 550 (svn)
- some people forget to set their umask to 0002 to enable group write
by default.
- the beta autoupdater was using mwdeploy:mwdeploy and with the UID/GID
set in the jobrunner06 instance.
To fix that:
- I have changed the ownership of all files under
/home/wikipedia/common to use mwdeploy:mwdeploy with the uid/gid of
deployment-bastion instance.
- I removed the beta autoupdater from jobrunner06 and I am migrating it
to deployment-bastion so it will use the same UID/GID.
TODO: still have to figure out how to set the sudo policy to allow us to
sudo as mwdeploy directly. If anyone has any idea how to do it in
[[Special:NovaSudoer]], I would love to hear about it.
cheers,
--
Antoine "hashar" Musso
More information about the Labs-l
mailing list