Last modified: 2014-06-05 18:46:35 UTC
I had to put a $::realm based variable into the ::mediawiki::users puppet class to make it apply on deployment-prep (beta) hosts. This is caused by the gid of the l10nupdate group being 602 in the labs LDAP server rather than 10002 as defined in the ::mediawiki::users Puppet class. I doubt that the l10nupdate group is in use outside the deployment-prep project. It should be possible to update LDAP to change the group id from 602 to 10002 and subsequently run a `find` script on deployment-prep's instances and NFS shares to update file ownership to the new gid.
I'm going to change this tomorrow. After that some file ownership will need to change... via running something like this on the beta salt master: $ salt -E '*' cmd.run 'find / -user 602 -print0 | xargs -0 chown -h 10002' (And then whatever the equivalent is for gid)
On deployment-bastion, /home/l10nupdate and /mnt/srv/scap-stage-dir/php-master/cache/l10n contain all of the files owned by the l10nupdate user. /home/l10nupdate is on nfs so it only needsto be changed from one host rather than all. The salt commands that I will run to correct the ownership are: find /home/l10nupdate -user 602 -exec chown -h 10002 {} \; find /home/l10nupdate -group 602 -exec chgrp -h 10002 {} \; salt '*' cmd.run 'nice -n 19 find / -fstype nfs -prune -o -user 602 -exec chown -h 10002 {} +' salt '*' cmd.run 'nice -n 19 find / -fstype nfs -prune -o -group 602 -exec chgrp -h 10002 {} +'
LDAP and file system fixed. Thanks Andrew!