Last modified: 2014-03-14 13:39:30 UTC
The production manifests to install an application server rely on user/group l10nupdate with GID 10002 and an UID generated locally on each application server. The home dir is hardcoded everywhere to point to /home/l10nupdate On labs, /home is a shared folder and puppet can not set the uid/gid for /home/l10nupdate because NFS prevents to do so. Additionally each instance would assign a different UID to l10nupdate user which would cause the files to change of UID whenever puppet run on a different instance. A way to solve it would be to create a l10nupdate user with UID 10002 and a l10nupdate group with GID 10002. The ids would then be usable on the NFS server and they will be identical on each instances.
As discussed with Coren, we need to fix the ID madness in production.
Coren instructed to: 1) create a l10nupdate group at https://wikitech.wikimedia.org/wiki/Special:NovaServiceGroup (done) 2) get rid of hardcoded gid/uid in puppet manifests
Change 118071 had a related patch set uploaded by Hashar: Tweak l10nupdate user/group creations for beta cluster https://gerrit.wikimedia.org/r/118071
Change 118071 merged by coren: beta: skip l10nupdate user/group creation https://gerrit.wikimedia.org/r/118071
I did create a l10nupdate user using the wikitech interface and Coren tweaked it is uid/gid: $ ldaplist -l passwd l10nupdate dn: uid=l10nupdate,ou=people,dc=wikimedia,dc=org uid: l10nupdate objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: ldappublickey objectClass: shadowaccount objectClass: posixaccount objectClass: top loginShell: /usr/local/bin/sillyshell uidNumber: 602 gidNumber: 602 sn: L10nupdate homeDirectory: /home/l10nupdate mail: hashar@free.fr cn: L10nupdate Aka GID/UID set to 602.
