Closed
Bug 1274277
Opened 10 years ago
Closed 9 years ago
Give MDN team members access to production data
Categories
(developer.mozilla.org Graveyard :: General, enhancement)
developer.mozilla.org Graveyard
General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: atopal, Assigned: rwatson)
References
Details
(Keywords: in-triage)
As the MDN product owner, I'd like to query a copy of the MDN database with production data, so I can quickly and frequently analyze and summarize data to make decisions.
For SUMO we solved this by providing a db slave behind VPN that required special access, sheeri commented about that on IRC:
> we can actually do better, and make a cluster, so that if we need to upgrade something it won't disrupt people (unless they're actually logging in to query)
|
||
Comment 1•10 years ago
|
||
OK, the cluster is up and running, and monitored. All that's left is putting in backups.
The hostname will be mdntools-rw-vip.db.scl3.mozilla.com and the db lives on port 3306 (usual mysql port).
By using the VIP, you will have connectivity even if we have to take a db host offline for maintenance.
(that means when you are connecting, please don't use localhost, because it will work most of the time, but not all of the time).
Currently all the users from production are inherited. If you want more users (e.g. personal ones), please let me know, and if they just need mysql or if you intend them to have a login/homedir on these machines.
So basically, we're all set, I just need a list of usernames (in standard mozilla first initial/last name format, or whatever their LDAP username is).
|
|
||
Comment 2•10 years ago
|
||
I am unable to connect. Here's what I tried.
When on the VPN, I can't ping mdntools-rw-vip.db.scl3.mozilla.com
If I ssh into developeradm.private.scl3.mozilla.com (jwhitlock), I can ping the host, but can't connect with the mysql command line. I tried this command line:
mysql -h mdntools-rw-vip.db.scl3.mozilla.com -v -p -u <prod user> <prod database name>
Any advice on connecting? If it needs to be added, my LDAP user is jwhitlock, same email as bugzilla.
Flags: needinfo?(scabral)
|
Reporter | |
Comment 3•10 years ago
|
||
Sheerie, thanks so much for this! Users who should have access with homedir:
atopal
jperrier
jpatonnier
all of them @mozill.com
salvador, I don't have access to bug 1276379, could you cc me please?
|
|
||
Comment 4•10 years ago
|
||
John - when I try from developeradm, I get a timeout:
[scabral@developeradm.private.scl3 ~]$ nc -vz mdntools-rw-vip.db.scl3.mozilla.com 3306
nc: connect to mdntools-rw-vip.db.scl3.mozilla.com port 3306 (tcp) failed: Connection timed out
I'll see what we have to do to get it so you (and others) can connect to the machine while on the VPN. Let me know if you also need access from developeradm, and we can open a netflow.
|
|
||
Comment 5•10 years ago
|
||
I don't need access from developeradm, unless I'm going to start making anonymized DBs myself. I just need access from somewhere - VPN, developeradm, whatever is easiest.
|
|
Reporter | |
Comment 6•10 years ago
|
||
Same here, Sheeri. I can't even ping mdntools-rw-vip.db.scl3.mozilla.com from VPN.
|
|
||
Updated•10 years ago
|
Flags: needinfo?(scabral)
|
|
||
Comment 7•10 years ago
|
||
adding :jabba and :atoll - can you create a VPN LDAP group for mdntools-rw-vip.db.scl3.mozilla.com aka 10.22.70.32? (and if you're not the right people to do that, please cc/needinfo whoever is?)
And then add atopal and jwhitlock to the group? Thanx!
Flags: needinfo?(rsoderberg)
Flags: needinfo?(jdow)
(In reply to Sheeri Cabral [:sheeri] from comment #7)
> adding :jabba and :atoll - can you create a VPN LDAP group for
> mdntools-rw-vip.db.scl3.mozilla.com aka 10.22.70.32? (and if you're not the
> right people to do that, please cc/needinfo whoever is?)
>
> And then add atopal and jwhitlock to the group? Thanx!
We can help, but not as part of some other team's bug - you'll need to file a bug blocking this one in Mozilla VPN: ACL Requests to get that. (I would normally do so, but having you file it saves us a round of signoffs and such.)
Flags: needinfo?(rsoderberg)
Flags: needinfo?(jdow)
|
|
Reporter | |
Comment 9•10 years ago
|
||
Thanks :atoll, I filed bug 1278107
|
|
||
Comment 10•10 years ago
|
||
:atopal confirmed access, and I sent a password to jwhitlock as well, who is on PTO. Calling this resolved; please reopen if there's an issue.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Comment 11•10 years ago
|
||
I do have access now. I also filed bug 1278991 for jperrier and jpatonnier.
|
|
||
Comment 12•10 years ago
|
||
I was able to access w/ password, thanks!
|
||
Comment 13•9 years ago
|
||
Hi Sheeri,
Can you add me to the list of authorized users? My username is "rjohnson".
Thanks!
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
||
Updated•9 years ago
|
Assignee: scabral → mpressman
|
|
||
Comment 14•9 years ago
|
||
rjohnson has been added
|
|
||
Comment 15•9 years ago
|
||
Hi Matt,
Sorry, I couldn't get to this until today, but I can't even ping mdntools-rw-vip.db.scl3.mozilla.com while connected to the VPN.
Also I can't ssh (or even ping) into developeradm.private.scl3.mozilla.com via the VPN.
Am I missing from an additional VPN group?
|
|
||
Comment 16•9 years ago
|
||
I've added the user to vpn_mdntools_rw_vip, but user was already a member of vpn_developer, which should grant 22 and 80 to deverloperadm. Reconnecting the vpn client is required to receive the new ACL.
|
|
||
Comment 17•9 years ago
|
||
I believe rjohnson now has database access. But since the bug is still open...
mpressman, jperrier is turning over maintenance of the MDN Community Dashboard to Janet Swisher (jswisher@mozilla.com), so she needs an account on the read-only database as well. I can open the ACL bug.
Flags: needinfo?(mpressman)
|
|
||
Comment 18•9 years ago
|
||
Pythian, can you create an account for jswisher@mozilla.com
Assignee: mpressman → team73
Flags: needinfo?(mpressman) → needinfo?(team73)
|
|
||
Updated•9 years ago
|
QA Contact: mpressman
|
||
Comment 19•9 years ago
|
||
User created in mdntools, based on similar user rjohnson.
I will see if jswisher is available in IRC to provide the password
Flags: needinfo?(team73)
|
|
||
Comment 20•9 years ago
|
||
jswisher, can you provide your IRC nick/username so I can provide you with the password for your db user.
|
|
||
Comment 21•9 years ago
|
||
IRC nick is jswisher
|
|
||
Comment 22•9 years ago
|
||
Discussed with jswisher in IRC.
I have provided the password.
|
|
||
Comment 23•9 years ago
|
||
[pythian.beebe]
Password provided, closing/resolved.
Status: REOPENED → RESOLVED
Closed: 10 years ago → 9 years ago
Resolution: --- → FIXED
|
|
||
Comment 24•9 years ago
|
||
I finally have a db environment on my system, but was not able to get access with the credentials I was provided. Need help to resolve. TIA
Status: RESOLVED → REOPENED
Flags: needinfo?(team73)
Resolution: FIXED → ---
|
|
||
Comment 25•9 years ago
|
||
My read-only connection works, and I ran this query:
SELECT User FROM mysql.user;
I did not see jswisher or any variants in the user list. I did see my own account, and other that I know have access. I suspect that it was lost in the last 2 months.
|
|
||
Comment 26•9 years ago
|
||
Looks like the user creation only made it to one of the two hosts in the cluster. I've added the grants for jswisher on the second host so now both have the grants.
Flags: needinfo?(team73)
|
|
||
Updated•9 years ago
|
Assignee: team73 → rwatson
|
|
Assignee | |
Comment 27•9 years ago
|
||
Hi Janet,
Did you get the access you needed after Matt's adjustment?
Flags: needinfo?(jswisher)
|
|
Assignee | |
Comment 29•9 years ago
|
||
Perfect, thanks for getting back to me.
Status: REOPENED → RESOLVED
Closed: 9 years ago → 9 years ago
Resolution: --- → FIXED
|
||
Updated•6 years ago
|
Product: developer.mozilla.org → developer.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•