Page MenuHomePhabricator
Create Task
Maniphest T214922

Create cloudelastic-root group
Closed, ResolvedPublic
Actions

Description

Create cloudelastic-root group and add discovery members to this new group

Details

SubjectRepoBranchLines +/-
admin: create new system groups for cloudelastic nodesoperations/puppetproduction+5 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

Mathew.onipe created this task.Jan 29 2019, 3:41 PM
Mathew.onipe triaged this task as Medium priority.
gerritbot added a comment.Jan 29 2019, 3:42 PM

Change 487040 had a related patch set uploaded (by Mathew.onipe; owner: Mathew.onipe):
[operations/puppet@production] admin: create new system groups for cloudelastic nodes

https://gerrit.wikimedia.org/r/487040

gerritbot added a project: Patch-For-Review.Jan 29 2019, 3:42 PM
TJones edited projects, added Discovery-Search; removed Discovery-Search (Current work).Jan 29 2019, 11:46 PM
TJones moved this task from needs triage to Ops / SRE on the Discovery-Search board.
Mathew.onipe edited projects, added Discovery-Search (Current work); removed Discovery-Search.Jan 30 2019, 8:30 AM
Mathew.onipe moved this task from Incoming to Needs review on the Discovery-Search (Current work) board.
Joe subscribed.Feb 7 2019, 8:46 AM

Hi @Mathew.onipe I'd need more context on why we want to create this group please.

Mathew.onipe added a comment.Feb 7 2019, 9:36 AM

Hi @Joe
cloudelastic is a replica of cirrussearch like labsdb* is to maps*. So this group separates access to cloudelastic and our main search cluster. This will allow access to members of the cloud platform team who should not access search cluster

Joe added a comment.Feb 7 2019, 11:48 AM

ok great - this should be discussed in the SRE meeting on monday.

bd808 added a comment.Feb 7 2019, 7:50 PM

Related rights groups are wmcs-roots and wmcs-admin. Those 2 groups grant broader rights across Cloud Services bare metal instances (OpenStack servers, Wiki Replica databases). Keeping the rights for these cloud replicas separate from the rights for the production cirrussearch elasticsearch hosts is a good practice for cross-purpose limiting rights escalation issues.

Dzahn added a comment.Feb 11 2019, 7:09 PM

It was in the SRE meeting and there were no objections (SRE-2019-02-11#Access_Requests)

gerritbot added a comment.Feb 12 2019, 9:06 AM

Change 487040 merged by Gehel:
[operations/puppet@production] admin: create new system groups for cloudelastic nodes

https://gerrit.wikimedia.org/r/487040

Mathew.onipe moved this task from Needs review to Needs Reporting on the Discovery-Search (Current work) board.Feb 12 2019, 10:58 AM
debt closed this task as Resolved.Feb 15 2019, 7:00 PM
debt claimed this task.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits