agopu
commented
5 years ago Thanks @benfulton, got it. I was going to push you guys in this direction so it's exciting you are wanting to do this. :-)
Closed benfulton closed 5 years ago
agopu
commented
5 years ago Thanks @benfulton, got it. I was going to push you guys in this direction so it's exciting you are wanting to do this. :-)
agopu
commented
5 years ago To be clear, we will need:
rtstats user account with the correct UID (picked up from Karst or via SCT2)
pm2 (and any other admin tasks via sudo and/or ACLs (please document these)
rperigo
commented
5 years ago @benfulton Can we verify whether rtstats is a valid group account on IU's systems? I can't find it in AD or via getent on karst. If not, I can ask sct2 about it.
benfulton
commented
5 years ago No, just use hpastats then. Or rthpcmon if there's no other.
agopu
commented
5 years ago Let's do this on both devel and prod in case that was not clear already.
rperigo
commented
5 years ago Apologies for this being buried by other things. The "hpastats" user now exists on dev:
[root@dev ~]# id hpastats
uid=1162697(hpastats) gid=1162697(hpastats) groups=1162697(hpastats),2001(hpc)I've dumped everybody's keys into it that should have access to the server via cat ${EXTANT_AUTORIZED_KEYS} >> /home/hpastats/.ssh/authorized_keys. Will ensure this behavior continues for prod / is in Ansible
agopu
commented
5 years ago @benfulton Did you get a chance to try using the new group account on devel? Should we replicate this on prod?
agopu
commented
5 years ago Additional requests from Ben:
Hey, would you put
/etc/nginx/conf.d/rtstats.confin thehpcgroup?
In essence, he wants to setup a new web service served to the public by an nginx reverse proxy. Ray is going to setup edit access and the ability for Ben to restart nginx on the devel ... once everything is done, we will revert the setting back to usual settings and also deploy the updates to prod.
Also see https://github.com/IUSCA/int-issues/issues/34 created by @informaticianme .
rperigo
commented
5 years ago /etc/nginx/conf.d/rtstats.conf is now owned root:hpc, and a wrapper has been added at /opt/sca/sbin/nginx-service.sh to facilitate Ben restarting Nginx after making changes
benfulton
commented
5 years ago Looks good! I also asked that the /web directory be moved to the hpc group so it can be writable by anyone.
rperigo
commented
5 years ago Just checking in here - are things working as intended with this @benfulton ?
benfulton
commented
5 years ago Yes, everything looks good.
We’d like to have a group set up on rtstats and rtstats-devel to run the various web services – Rails, HPCDashboard, HPCDasboard2, hpc-user-index, etc. This will save us the trouble of having a service started by one user that another user can’t restart or kill. There is currently an rtstats account on the machine that would be fine for this use…if that doesn’t work there is an hpastats account that is fine as well. Can we get this added before working on the production machine?
Thanks!