Split out ldap management from mwmaint
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	• MoritzMuehlenhoff
	Fri, Jun 14, 7:51 AM

Description

Historically profile::openldap::management was co-hosted on the mwmaint servers. These will vanish when the wikikube migration is completed, so this task is about moving them to separate ldap-maint1001/ldap-maint2002 hosts.

Details

Subject	Repo	Branch	Lines +/-
offboard-user: New -H for ldapmodify	operations/puppet	production	+1 -1
Drop ldap-admins access group from mwmaint hosts	operations/puppet	production	+0 -1
Disable openldap::management timers on mwmaint hosts	operations/puppet	production	+0 -7
profile::openldap::management: Remove support for buster	operations/puppet	production	+2 -16
mwmaint: Stop including profile::openldap::management	operations/puppet	production	+6 -11
Enable account check on new ldap-main host in eqiad	operations/puppet	production	+1 -0
Add ldap-admins settings to new ldap-maint role	operations/puppet	production	+5 -0
Apply openldap::maintenance role to ldap-maint* hosts	operations/puppet	production	+1 -1
New openldap::management role	operations/puppet	production	+10 -0
profile::openldap::management: Add support for bookworm	operations/puppet	production	+15 -8
Add partman globbing for ldap-maint	operations/puppet	production	+3 -0
Add ldap-maint[12]001 to site.pp	operations/puppet	production	+1 -7

Event Timeline

• MoritzMuehlenhoff created this task.Fri, Jun 14, 7:51 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFri, Jun 14, 7:51 AM

Change #1043645 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Add ldap-maint[12]001 to site.pp

https://gerrit.wikimedia.org/r/1043645

gerritbot added a project: Patch-For-Review.Fri, Jun 14, 7:57 AM

Change #1043646 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Add partman globbing for ldap-maint

https://gerrit.wikimedia.org/r/1043646

Change #1043645 merged by Muehlenhoff:

[operations/puppet@production] Add ldap-maint[12]001 to site.pp

https://gerrit.wikimedia.org/r/1043645

Change #1043646 merged by Muehlenhoff:

[operations/puppet@production] Add partman globbing for ldap-maint

https://gerrit.wikimedia.org/r/1043646

Maintenance_bot removed a project: Patch-For-Review.Fri, Jun 14, 8:30 AM

Change #1043656 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] profile::openldap::management: Add support for bookworm

https://gerrit.wikimedia.org/r/1043656

gerritbot added a project: Patch-For-Review.Fri, Jun 14, 8:39 AM

Change #1043656 merged by Muehlenhoff:

[operations/puppet@production] profile::openldap::management: Add support for bookworm

https://gerrit.wikimedia.org/r/1043656

Change #1043680 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] New openldap::management role

https://gerrit.wikimedia.org/r/1043680

Change #1043680 merged by Muehlenhoff:

[operations/puppet@production] New openldap::management role

https://gerrit.wikimedia.org/r/1043680

Change #1043709 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Apply openldap::maintenance role to ldap-maint* hosts

https://gerrit.wikimedia.org/r/1043709

Change #1043709 merged by Muehlenhoff:

[operations/puppet@production] Apply openldap::maintenance role to ldap-maint* hosts

https://gerrit.wikimedia.org/r/1043709

Change #1043770 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Add ldap-admins settings to new ldap-maint role

https://gerrit.wikimedia.org/r/1043770

Change #1043770 merged by Muehlenhoff:

[operations/puppet@production] Add ldap-admins settings to new ldap-maint role

https://gerrit.wikimedia.org/r/1043770

Maintenance_bot removed a project: Patch-For-Review.Fri, Jun 14, 1:30 PM

Change #1043783 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Enable account check on new ldap-main host in eqiad

https://gerrit.wikimedia.org/r/1043783

gerritbot added a project: Patch-For-Review.Fri, Jun 14, 1:42 PM

Change #1043783 merged by Muehlenhoff:

[operations/puppet@production] Enable account check on new ldap-main host in eqiad

https://gerrit.wikimedia.org/r/1043783

Mentioned in SAL (#wikimedia-operations) [2024-06-14T13:49:15Z] <jmm@cumin2002> START - Cookbook sre.puppet.sync-netbox-hiera generate netbox hiera data: "new ldap-maint hosts - jmm@cumin2002 - T367490"

Mentioned in SAL (#wikimedia-operations) [2024-06-14T14:04:54Z] <jmm@cumin2002> END (PASS) - Cookbook sre.puppet.sync-netbox-hiera (exit_code=0) generate netbox hiera data: "new ldap-maint hosts - jmm@cumin2002 - T367490"

Maintenance_bot removed a project: Patch-For-Review.Fri, Jun 14, 2:30 PM

Change #1046318 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] mwmaint: Stop including profile::openldap::management

https://gerrit.wikimedia.org/r/1046318

gerritbot added a project: Patch-For-Review.Mon, Jun 17, 7:06 AM

Change #1046318 merged by Muehlenhoff:

[operations/puppet@production] mwmaint: Stop including profile::openldap::management

https://gerrit.wikimedia.org/r/1046318

Change #1046592 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Disable openldap::management timers on mwmaint hosts

https://gerrit.wikimedia.org/r/1046592

Change #1046594 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] profile::openldap::management: Remove support for buster

https://gerrit.wikimedia.org/r/1046594

Change #1046596 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Drop ldap-admins access group from mwmaint hosts

https://gerrit.wikimedia.org/r/1046596

Change #1046594 merged by Muehlenhoff:

[operations/puppet@production] profile::openldap::management: Remove support for buster

https://gerrit.wikimedia.org/r/1046594

Change #1046592 merged by Muehlenhoff:

[operations/puppet@production] Disable openldap::management timers on mwmaint hosts

https://gerrit.wikimedia.org/r/1046592

The LDAP management parts have been split off to the new ldap-maint1001/ldap-maint2001 hosts.

Change #1046596 merged by Muehlenhoff:

[operations/puppet@production] Drop ldap-admins access group from mwmaint hosts

https://gerrit.wikimedia.org/r/1046596

Saadfghjkl9988776655 subscribed.Wed, Jun 19, 8:22 AM

Maintenance_bot removed a project: Patch-For-Review.Wed, Jun 19, 8:30 AM

Change #1049536 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] offboard-user: New -H for ldapmodify

https://gerrit.wikimedia.org/r/1049536

gerritbot added a project: Patch-For-Review.Tue, Jun 25, 12:38 PM

Change #1049536 merged by Muehlenhoff: