(node/rucio01.ls.lsst.org) deploy rucio#1488
Open
dtapiacl wants to merge 5 commits intoproductionfrom
Open
Conversation
dtapiacl
force-pushed
the
IT-5489_rucio_puppet_2
branch
2 times, most recently
from
0f0bedc to
ecb9a51
Compare
dtapiacl
force-pushed
the
IT-5489_rucio_puppet_2
branch
6 times, most recently
from
57112a3 to
84f370e
Compare
dtapiacl
requested review from
badenerb,
cbarria,
gseriche,
igonzalezcl and
jhoblitt
jhoblitt
requested changes
Oct 4, 2024
| ]: | ||
| ensure => file, | ||
| mode => '0644', | ||
| owner => 'saluser', |
Member
There was a problem hiding this comment.
Why is saluser being used as the role user? This isn't a tssw related service and it doesn't interact with sal/dds.
Contributor
Author
There was a problem hiding this comment.
They want to use saluser as a service account to manage the xrootd related services.
Member
There was a problem hiding this comment.
Changing the ownership of these files to saluser does not allow the saluser to start or stop those services. Nor does it grant saluser the ability to trigger systemd to re-read those files after they have changed.
Member
There was a problem hiding this comment.
I also object to role accounts editing service units. Changes should be made via puppet.
dtapiacl
force-pushed
the
IT-5489_rucio_puppet_2
branch
3 times, most recently
from
b2eda09 to
02fb506
Compare
dtapiacl
force-pushed
the
IT-5489_rucio_puppet_2
branch
from
02fb506 to
178c315
Compare
dtapiacl
force-pushed
the
IT-5489_rucio_puppet_2
branch
3 times, most recently
from
2b82ae1 to
6396b9e
Compare
dtapiacl
force-pushed
the
IT-5489_rucio_puppet_2
branch
2 times, most recently
from
6594564 to
6c82a76
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Requirements per ticket information on IT-5509:
• Install the following rpms, xrootd, xrootd-selinux, xrootd-libs, xrootd-client, xrootd-client-libs, xrootd-server-libs, xrootd-server
• modify the /lib/systemd/system/xrootd@.service and /lib/systemd/system/cmsd@.service and change the User and Group inside these two unit files to saluser and it group (current it is user xrootd)
• Change the owner of directory /etc/xrootd, /var/{log, run, spool}/xrootd to saluser (this probably need to be done every time there is an update of the xrootd rpms)
• Allow user bwhite and wyang to do a) sudo su - saluser and b) sudo systemctl restart xrootd@summit. We will add Sajid Ali to this list of users once he has an account
• Place VM in BTS-LHN network.
• Mount the filesystems KT mentioned.