Reimage hgssh1.dmz.scl3 as CentOS 7

RESOLVED FIXED

Status

Infrastructure & Operations
MOC: Projects
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: gps, Assigned: ryanc)

Tracking

Details

(Reporter)

Description

2 years ago
hgssh1 needs to be reimaged before it can be put back in service.

Please reimage the machine as CentOS 7 instead of RHEL 6. Settings should be similar to hgssh3, which is currently using CentOS 7.

Please don't wipe the machine until fubar and hwine have given the all clear, as they may have files on this machine that need to be backed up.
Flags: needinfo?(klibby)
Flags: needinfo?(hwine)
(Reporter)

Comment 1

2 years ago
FWIW, there is ~22GB of data in /root. Not sure if any of it is valuable. Looks like there might be some old repo snapshots in there.
I have nothing in ~root that need preserving. Thanks for checking
Flags: needinfo?(hwine)
(Assignee)

Comment 3

2 years ago
Tossing this to Vinh to handle. Please reach out to me before proceeding with this.
Assignee: nobody → vhua
Status: NEW → ASSIGNED
I have nothing on hgssh1; a lot of the stuff in /root is old broken repos from the old days. Burn it.
Flags: needinfo?(klibby)
(Assignee)

Comment 5

2 years ago
Alright,

Rolling with this since Vinh is out of the office today.
(Assignee)

Comment 6

2 years ago
CentOS7 installed, Puppet'd -- For some reason after Puppet I am unable to login.
Assignee: vhua → rchilds
(Assignee)

Comment 7

2 years ago
Enabled root login in ssh config.

Let me know if you should need anything else.
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
mm, I'm still getting permission denied as myself and root.
Flags: needinfo?(rchilds)
made some changes to puppet configs for other hg things and I can get in now.
Flags: needinfo?(rchilds)
new issue(s)... wondering if this is in any way related to the testing that :digi did yesterday...  cc/NI :digi, JIC

1) the only user accounts created are for the vpn_devservices people, plus the system users I create in hg.pp. no IT sysadmin accounts exist. while not bad, in and of itself, it does not match hgssh3

2) my dotfiles (ie from ldap_users/files/klibby/) aren't being copied out by puppet

the above suggests something is rotten in the state of denmark, but I don't know what.
Flags: needinfo?(rchilds)
Flags: needinfo?(bhourigan)
(Assignee)

Comment 11

2 years ago
I'll just kickstart this again.
Status: RESOLVED → REOPENED
Flags: needinfo?(rchilds)
Resolution: FIXED → ---
(Assignee)

Comment 12

2 years ago
Still the same thing,

Had to enable root login in SSH config, then was able to login with, -l root

Notice: /Stage[main]/Ldap_users::Root/Ssh_authorized_key[ldapuser_root_ashish_gen_4]/ensure: created
Notice: /Stage[main]/Ldap_users::Root/Ssh_authorized_key[ldapuser_root_mpressman_gen_5]/ensure: created
Notice: /Stage[main]/Ldap_users::Root/Ssh_authorized_key[ldapuser_root_rchilds_gen_1]/ensure: created

But still only these home directories are created,

[root@hgssh1.dmz.scl3 ~]# ls -alh /home/
total 8.0K
drwxr-xr-x. 12 root         root         4.0K Apr 22 17:32 .
dr-xr-xr-x. 17 root         root         4.0K Apr 22 17:27 ..
drwxr-xr-x   2 root         root            6 Apr 22 17:27 archive
drwx------   3 arr          arr            83 Apr 22 17:27 arr
drwx------   3 gszorc       gszorc         83 Apr 22 17:27 gszorc
drwx------   2 hg           hg             84 Apr 22 17:32 hg
drwx------   2 hg-aggregate hg-aggregate   72 Apr 22 17:32 hg-aggregate
drwx------   3 hwine        hwine          83 Apr 22 17:27 hwine
drwx------   3 jwatkins     jwatkins       83 Apr 22 17:27 jwatkins
drwx------   3 klibby       klibby         83 Apr 22 17:27 klibby
drwx------   3 lthomson     lthomson       83 Apr 22 17:27 lthomson
drwx------   3 smacleod     smacleod       83 Apr 22 17:27 smacleod
Status: REOPENED → ASSIGNED
(Reporter)

Comment 13

2 years ago
Why is lthomson getting an account? I'm pretty sure she was OK with losing her devservices access...
she's still in the vpn_devservices ldap group. bug 126618.

anyways, I fixed the user issue. in hiera/site.yaml there's a section called 'base_minimally_managed_users' that has all of the oddball ssh servers in it. normally, hosts get added to it *after* initial puppetization, so IT accounts are all there. on a re-install, though, it's already there so puppet doesn't add them.

*sigh*

removed hgssh1, re-ran puppet, put it back. :gps, should be all set to throw ansible at it.
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago2 years ago
Flags: needinfo?(bhourigan)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.