[DM-29399] Create postgres read-only service account for pipetask plot navigator - Jira

XML

Word

Printable

Details

Type: Story
Status: Done
Resolution: Done
Fix Version/s: None
Component/s: Developer Infrastructure
Labels:
None

Team:
Data Facility
Urgent?:
No

Description

I have submitted a service account request for a svcplotnavigator account, for the Pipetask Plot Navigator service to use; we need a corresponding postgres account to be able to load gen3 butlers from /project/hsc/gen3repos.

Attachments

Issue Links

blocks

DM-28509 Figure out how to host gen3 plot browser

Done

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Christopher Stephens [X] (Inactive) added a comment - 24/Mar/21 7:55 PM

should be good to go. let me know if you have any questions.

[lsstdb1] # \du svcpl*

 List of roles

 Role name | Attributes | Member of

------------------+------------+-------------------------

 svcplotnavigator | | {rc2_owner,gen3_r_role}

[lsstdb1] # \dn svcpl*

List of schemas

 Name | Owner

------------------+------------------

 svcplotnavigator | svcplotnavigator

(1 row)

Show

Christopher Stephens [X] (Inactive) added a comment - 24/Mar/21 7:55 PM should be good to go. let me know if you have any questions. [lsstdb1] # \du svcpl* List of roles Role name | Attributes | Member of ------------------+------------+------------------------- svcplotnavigator | | {rc2_owner,gen3_r_role} [lsstdb1] # \dn svcpl* List of schemas Name | Owner ------------------+------------------ svcplotnavigator | svcplotnavigator (1 row)

Hide

Permalink

Andrew Manning [X] (Inactive) added a comment - 30/Mar/21 1:19 PM

Christopher Stephens [X], we are seeing timeout errors when trying to connect using the new account. We are trying with the commands below (entering no password in either case since the service account was requested with no password).

root@debugger-0:/# psql --username=svcplotnavigator --dbname=lsstdb1 --host=lsst-pg-prod1.ncsa.illinois.edu --port=5432

root@debugger-0:/# psql --username=svcplotnavigator --dbname=lsstdb1 --host=lsst-pg-prod1.ncsa.illinois.edu --port=5432 --password

Password:

The service account request included the restriction that the origin IP must be 141.142.218.242, the address of our Kubernetes cluster node (hence the lack of need for a password since the account is only read-only too).

Any idea what may be preventing the account from working?

Show

Andrew Manning [X] (Inactive) added a comment - 30/Mar/21 1:19 PM Christopher Stephens [X] , we are seeing timeout errors when trying to connect using the new account. We are trying with the commands below (entering no password in either case since the service account was requested with no password). root@debugger-0:/# psql --username=svcplotnavigator --dbname=lsstdb1 --host=lsst-pg-prod1.ncsa.illinois.edu --port=5432 root@debugger-0:/# psql --username=svcplotnavigator --dbname=lsstdb1 --host=lsst-pg-prod1.ncsa.illinois.edu --port=5432 --password Password: The service account request included the restriction that the origin IP must be 141.142.218.242, the address of our Kubernetes cluster node (hence the lack of need for a password since the account is only read-only too). Any idea what may be preventing the account from working?

People

Assignee:: Christopher Stephens [X] (Inactive)

Reporter:: Tim Morton [X] (Inactive)

Watchers:: Andrew Manning [X] (Inactive), Christopher Stephens [X] (Inactive), Tim Morton [X] (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 24/Mar/21 6:10 PM

Updated:: 30/Mar/21 1:19 PM

Resolved:: 24/Mar/21 8:03 PM

Jenkins

No builds found.

Data Management