[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-cvs] [487] More host status updates
|
From: |
bob |
|
Subject: |
[Savannah-cvs] [487] More host status updates |
|
Date: |
Thu, 20 Oct 2022 21:10:55 -0400 (EDT) |
Revision: 487
http://svn.savannah.gnu.org/viewvc/?view=rev&root=administration&revision=487
Author: rwp
Date: 2022-10-20 21:10:53 -0400 (Thu, 20 Oct 2022)
Log Message:
-----------
More host status updates
Modified Paths:
--------------
trunk/sviki/SavannahHosts.mdwn
Modified: trunk/sviki/SavannahHosts.mdwn
===================================================================
--- trunk/sviki/SavannahHosts.mdwn 2022-10-18 22:15:52 UTC (rev 486)
+++ trunk/sviki/SavannahHosts.mdwn 2022-10-21 01:10:53 UTC (rev 487)
@@ -53,6 +53,8 @@
+-------------------------------------+
|download0 |internal0 | Okay | Okay |
|download1 |internal0 | Okay | FAIL |
+ |frontend1 |internal0 | Okay | Okay |
+ |frontend2 |internal0 | Okay | Okay |
|internal1 |internal0 | Okay | Okay |
|mgt0 |internal0 | Okay | Okay |
|nfs1 |internal0 | Okay | Okay |
@@ -59,6 +61,13 @@
|vcs0 |internal0 | Okay | Okay |
|vcs1 |internal0 | Okay | FAIL |
|vcs2 |internal0 | Okay | FAIL |
+ +-------------------------------------+
+ |download1 |internal1 | Okay | FAIL |
+ |frontend1 |internal1 | Okay | FAIL |
+ |frontend2 |internal1 | Okay | FAIL |
+ |vcs0 |internal1 | Okay | FAIL |
+ |vcs1 |internal1 | Okay | FAIL |
+ |vcs2 |internal1 | Okay | FAIL |
| HTTP port 80 |
+-------------------------------------+
@@ -620,15 +629,22 @@
here is out of sync with what we actually did. Also we need to audit
our list and remove some of the extra ones that we added in haste.
- CREATE DATABASE savane CHARACTER SET utf8;
+ CREATE DATABASE savane CHARACTER SET utf8mb4;
GRANT ALL ON savane.* TO root@localhost;
- GRANT ALL ON savane.* TO savannahscripts@$WEBIP IDENTIFIED BY '******';
- GRANT SELECT, SHOW VIEW ON savane.* TO 'nss-user'@'$VCSIP' IDENTIFIED BY
'******';
- GRANT SELECT, SHOW VIEW ON savane.* TO 'nss-user'@'$DOWNLOADIP' IDENTIFIED
BY '******';
+ GRANT ALL ON savane.* TO 'savannahscripts'@'$IPADDR' IDENTIFIED BY
'********';
+ GRANT SELECT, SHOW VIEW ON savane.* TO 'nss-user'@'%' IDENTIFIED BY
'********';
GRANT ALL ON savane.* TO 'nss-root'@'$VCSIP' IDENTIFIED BY '******';
GRANT ALL ON savane.* TO 'nss-root'@'$DOWNLOADIP' IDENTIFIED BY '******';
FLUSH PRIVILEGES;
+The only write-access accounts are IP locked to the database server
+itself, the web UI frontend systems, and the administrative management
+system. One by local root socket access and the two remote clients by
+explicit IP address. The others are read-only access and to simplify
+configuration we are using a wildcard address. Note that network
+access to the database system is restricted by firewall rules so
+limiting them here is redundant and not needed.
+
Create a read-only user `savane_ro`
to enable safer troubleshooting of database issues
(see `internal0:/root/agn/create-savane-readonly-user.sh` for full details)
@@ -635,6 +651,12 @@
GRANT SELECT, SHOW VIEW ON savane.* TO savane_ro@frontend0.savannah.gnu.org
IDENTIFIED BY '******';
+To remove and discard an access revoke it.
+
+ REVOKE ALL ON savane.* FROM 'savannahscripts'@'209.51.188.188';
+ DROP USER 'savannahscripts'@'209.51.188.188';
+ FLUSH PRIVILEGES;
+
Set up munin-node. (libcache-cache-perl is needed for the extra mysql
plugin.) Then install the extra mysql plugin with all of the
suggested interfaces.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Savannah-cvs] [487] More host status updates,
bob <=