[MediaWiki-commits] [Gerrit] operations/puppet[production]: role::mariadb::analytics::custom_repl_slave: add EventLoggin...

Tue, 11 Jul 2017 04:17:37 -0700 

Elukey has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/364412 )

Change subject: role::mariadb::analytics::custom_repl_slave: add EventLogging 
cleaner user
......................................................................

role::mariadb::analytics::custom_repl_slave: add EventLogging cleaner user

This user should allow the upcoming eventlogging_cleaner.py script
to authenticate via unix socket domain in localhost to the log
database. The mysql grants are not automatically deployed, they will
need to be added manually to mariadb.

Bug: T170118
Change-Id: I39925ad25eafdce076f8f44ec09865b3c900b4ef
---
M modules/role/manifests/mariadb.pp
M modules/role/templates/mariadb/grants/production-m4.sql.erb
2 files changed, 20 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/12/364412/1

diff --git a/modules/role/manifests/mariadb.pp 
b/modules/role/manifests/mariadb.pp
index 32bdc0f..ea08d81 100644
--- a/modules/role/manifests/mariadb.pp
+++ b/modules/role/manifests/mariadb.pp
@@ -210,6 +210,21 @@
     # Only 'replicate' this many rows at a time.
     $batch_size  = 1000
 
+    group { 'eventlog':
+        ensure  => 'present',
+        system  => true,
+    }
+
+    user { 'eventlogcleaner':
+        gid        => 'eventlog',
+        shell      => '/bin/false',
+        home       => '/nonexistent',
+        comment    => 'EventLogging cleaner user',
+        system     => true,
+        managehome => false,
+        require    => Group['eventlog'],
+    }
+
     file { '/usr/local/bin/eventlogging_sync.sh':
         ensure => present,
         owner  => 'root',
diff --git a/modules/role/templates/mariadb/grants/production-m4.sql.erb 
b/modules/role/templates/mariadb/grants/production-m4.sql.erb
index d92395a..ffed382 100644
--- a/modules/role/templates/mariadb/grants/production-m4.sql.erb
+++ b/modules/role/templates/mariadb/grants/production-m4.sql.erb
@@ -23,3 +23,8 @@
 
 GRANT ALTER, CREATE, CREATE TEMPORARY TABLES, DELETE, DROP, INDEX, INSERT, 
LOCK TABLES, SELECT, UPDATE
     ON `log`.* TO 'eventlog'@'10.64.32.158';
+
+
+-- eventlog script responsible to sanitize/delete sensitive data over time
+
+GRANT ALTER, SELECT, UPDATE ON `log`.* TO 'eventlogcleaner'@'localhost';
\ No newline at end of file

-- 
To view, visit https://gerrit.wikimedia.org/r/364412
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I39925ad25eafdce076f8f44ec09865b3c900b4ef
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Elukey <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to