Last modified: 2014-03-14 20:58:08 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T64595, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 62595 - Create l10nupdate user in ldap
Create l10nupdate user in ldap
Status: RESOLVED FIXED
Product: Wikimedia Labs
Classification: Unclassified
Infrastructure (Other open bugs)
unspecified
All All
: Unprioritized normal
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-03-13 02:17 UTC by Bryan Davis
Modified: 2014-03-14 20:58 UTC (History)
4 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Bryan Davis 2014-03-13 02:17:34 UTC 
I would like to have a system user named 'l10nupdate' created in LDAP with group 'l10nupdate'. This user is needed by the mediawiki::sync class.
Comment 1 Bryan Davis 2014-03-13 02:23:36 UTC 
This may be invalid? `id l10nupdate` returns 'uid=602(l10nupdate) gid=602(l10nupdate) groups=602(l10nupdate)' on the deployment-scap.eqiad.wmflabs instance and `grep l10nupdate /etc/passwd` returns no matches.

I filed the bug because I got this notice when trying to apply puppet:

    err: /Stage[main]/Groups::L10nupdate/Group[l10nupdate]/gid: change from 602 to 10002 failed: Could not set gid on group[l10nupdate]: Execution of '/usr/sbin/groupmod -g 10002 l10nupdate' returned 10: groupmod: group 'l10nupdate' does not exist in /etc/group
Comment 2 Bryan Davis 2014-03-13 02:37:34 UTC 
Ok so it turns out that the root problem is that groups::l10nupdate in admins.pp defines the gid for l10nupdate as 10002 rather than the 602 that is in labs ldap. I'll work around the issue by making the gid realm specific.
Comment 3 Marc A. Pelletier 2014-03-13 03:13:00 UTC 
A probably better solution is not not use the gid but the group name; this has the virtue of not caring what the gid is.  :-)
Comment 4 Marc A. Pelletier 2014-03-13 03:14:12 UTC 
(Specifically in your case, don't attempt to create the group at all since it already exists; this attempts to renumber a local group that does not exist)
Comment 5 Gerrit Notification Bot 2014-03-13 03:18:56 UTC 
Change 118071 had a related patch set uploaded by coren:
beta: skip l10nupdate user/group creation

https://gerrit.wikimedia.org/r/118071
Comment 6 Gerrit Notification Bot 2014-03-14 13:38:46 UTC 
Change 118071 merged by coren:
beta: skip l10nupdate user/group creation

https://gerrit.wikimedia.org/r/118071
Comment 7 Antoine "hashar" Musso (WMF) 2014-03-14 13:39:03 UTC 
I did create a l10nupdate user using the wikitech interface and Coren tweaked it is uid/gid:

$ ldaplist -l passwd l10nupdate

dn: uid=l10nupdate,ou=people,dc=wikimedia,dc=org
	uid: l10nupdate
	objectClass: person
	objectClass: organizationalPerson
	objectClass: inetorgperson
	objectClass: ldappublickey
	objectClass: shadowaccount
	objectClass: posixaccount
	objectClass: top
	loginShell: /usr/local/bin/sillyshell
	uidNumber: 602
	gidNumber: 602
	sn: L10nupdate
	homeDirectory: /home/l10nupdate
	mail: hashar@free.fr
	cn: L10nupdate

Aka GID/UID set to 602.

The email is mine, we would need a generic email somehow.
Comment 8 Antoine "hashar" Musso (WMF) 2014-03-14 20:58:08 UTC 
Fixed up by Coren, the account no more have any user email :-]
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links