Closed benfulton closed 5 years ago
Thanks @benfulton, got it. I was going to push you guys in this direction so it's exciting you are wanting to do this. :-)
To be clear, we will need:
rtstats
user account with the correct UID (picked up from Karst or via SCT2)
pm2
(and any other admin tasks via sudo and/or ACLs (please document these)@benfulton Can we verify whether rtstats is a valid group account on IU's systems? I can't find it in AD or via getent on karst. If not, I can ask sct2 about it.
No, just use hpastats then. Or rthpcmon if there's no other.
Let's do this on both devel and prod in case that was not clear already.
Apologies for this being buried by other things. The "hpastats" user now exists on dev:
[root@dev ~]# id hpastats
uid=1162697(hpastats) gid=1162697(hpastats) groups=1162697(hpastats),2001(hpc)
I've dumped everybody's keys into it that should have access to the server via cat ${EXTANT_AUTORIZED_KEYS} >> /home/hpastats/.ssh/authorized_keys. Will ensure this behavior continues for prod / is in Ansible
@benfulton Did you get a chance to try using the new group account on devel? Should we replicate this on prod?
Additional requests from Ben:
Hey, would you put
/etc/nginx/conf.d/rtstats.conf
in thehpc
group?
In essence, he wants to setup a new web service served to the public by an nginx reverse proxy. Ray is going to setup edit access and the ability for Ben to restart nginx on the devel
... once everything is done, we will revert the setting back to usual settings and also deploy the updates to prod.
Also see https://github.com/IUSCA/int-issues/issues/34 created by @informaticianme .
/etc/nginx/conf.d/rtstats.conf is now owned root:hpc, and a wrapper has been added at /opt/sca/sbin/nginx-service.sh to facilitate Ben restarting Nginx after making changes
Looks good! I also asked that the /web directory be moved to the hpc group so it can be writable by anyone.
Just checking in here - are things working as intended with this @benfulton ?
Yes, everything looks good.
We’d like to have a group set up on rtstats and rtstats-devel to run the various web services – Rails, HPCDashboard, HPCDasboard2, hpc-user-index, etc. This will save us the trouble of having a service started by one user that another user can’t restart or kill. There is currently an rtstats account on the machine that would be fine for this use…if that doesn’t work there is an hpastats account that is fine as well. Can we get this added before working on the production machine?
Thanks!