Page MenuHomePhabricator
Create Task
Maniphest T342968

Requesting access to releasers-wikibase for darthmon_wmde
Closed, DeclinedPublicRequest
Actions

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Wikitech username: Monica Pinedo (WMDE)
  • Email address: monica.pinedo@wikimedia.de
  • SSH public key (must be a separate key from Wikimedia cloud SSH access): ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIExSTDAxRmRvMSo4Bsx1cA0Tske9hEKa8qCltQDpV7pE monicapinedo@wmde-102496
  • Requested group membership: releasers-wikibase
  • Reason for access: As part of the Wikibase Suite Team at WMDE will be preparing and ultimately publishing new tarball release packages of Wikibase software on releases.wikimedia.org
  • Name of approving party (manager for WMF/WMDE staff): I am the Engineering Manager of the team making the Wikibase Suite releases. WMF approval not needed.
  • Ensure you have signed the L3 Wikimedia Server Access Responsibilities document:
  • Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
  • - User has provided the following: wikitech username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - The provided SSH key has been confirmed out of band and is verified not being used in WMCS.
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

SubjectRepoBranchLines +/-
admin: drop ssh key for dartmonoperations/puppetproduction+1 -2
admin: new ssh key for user darthmonoperations/puppetproduction+1 -1
admin: add darthmon to releasers-wikibaseoperations/puppetproduction+9 -5
Customize query in gerrit

Related Objects

Event Timeline

darthmon_wmde created this task.Jul 28 2023, 1:28 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 28 2023, 1:28 PM
darthmon_wmde updated the task description. (Show Details)Jul 28 2023, 1:40 PM
WMDE-leszek added a comment.Jul 31 2023, 9:32 AM

Once this is done, I boldly suggest to mark @darthmon_wmde as approval person for that group: https://gerrit.wikimedia.org/r/c/operations/puppet/+/943511

fgiunchedi added subscribers: KFrancis, fgiunchedi.Aug 1 2023, 9:53 AM

@KFrancis hello, we'd need verification that this user has an NDA on file, would you mind checking? Thank you in advance!

WMDE-leszek added a comment.Aug 1 2023, 10:47 AM

@fgiunchedi not sure if that is good enough but I was able to locate T222788 about Mónica's NDA.

MoritzMuehlenhoff subscribed.Aug 1 2023, 10:53 AM
In T342968#9058234, @fgiunchedi wrote:

@KFrancis hello, we'd need verification that this user has an NDA on file, would you mind checking? Thank you in advance!

Mónica is in the tracking sheet (https://docs.google.com/spreadsheets/d/1xQNx5s2yErvayCMzvk9VkIA2ZihFXSBEhT5Z5ziCsi4/edit?pli=1#gid=1925010937) and I can confirm that she has an existing NDA.

KFrancis added a comment.Aug 1 2023, 4:55 PM

Hi all, I am confirming there in an NDA on file. Please proceed with the access request. Thanks!

fgiunchedi added a comment.Aug 2 2023, 3:26 PM

Thank you @MoritzMuehlenhoff @KFrancis !

@darthmon_wmde the following actions are missing (see task description for details)

  • Sign L3
  • Verification of your ssh keys out of band, the easiest would be to public the public key on your wiki user page

thank you !

fgiunchedi updated the task description. (Show Details)Aug 2 2023, 3:27 PM

@WMDE-leszek we're seeking approvals as you are listed as an approval party for releasers-wikibase group, thank you !

fgiunchedi added a comment.Aug 2 2023, 3:32 PM

@darthmon_wmde hello, you mentioned you'll be managing the wikibase releases, as such I take it you'll be added to approval in https://github.com/wikimedia/operations-puppet/blob/production/modules/admin/data/data.yaml#L224 ? Does the list need any further update? thank you!

RhinosF1 subscribed.Aug 2 2023, 3:36 PM
WMDE-leszek added a comment.Aug 2 2023, 8:51 PM

approved

darthmon_wmde added a comment.Aug 4 2023, 8:36 AM

hi! firs of all thanks a lot for the quick reaction to this!

darthmon_wmde added a comment.Aug 4 2023, 8:37 AM

L3 signed on Jan 25 2021, 9:44 PM.

Screenshot from 2023-08-04 10-33-26.png (574×852 px, 79 KB)

darthmon_wmde added a comment.Aug 4 2023, 8:38 AM
In T342968#9063457, @fgiunchedi wrote:

@darthmon_wmde hello, you mentioned you'll be managing the wikibase releases, as such I take it you'll be added to approval in https://github.com/wikimedia/operations-puppet/blob/production/modules/admin/data/data.yaml#L224 ? Does the list need any further update? thank you!

not for the moment, thanks for checking

darthmon_wmde added a comment.Aug 4 2023, 9:25 AM
  • Verification of your ssh keys out of band, the easiest would be to public the public key on your wiki user page

done

fgiunchedi added a comment.Aug 4 2023, 9:36 AM
In T342968#9068565, @darthmon_wmde wrote:

L3 signed on Jan 25 2021, 9:44 PM.

Screenshot from 2023-08-04 10-33-26.png (574×852 px, 79 KB)

thank you! my bad for not checking via username and only first name!

In T342968#9068665, @darthmon_wmde wrote:
  • Verification of your ssh keys out of band, the easiest would be to public the public key on your wiki user page

done

I am failing to find the update, on which wiki / user did you make the update? I checked the following:

fgiunchedi updated the task description. (Show Details)Aug 4 2023, 9:37 AM
darthmon_wmde added a comment.EditedAug 7 2023, 8:45 AM

apologies, @fgiunchedi , I may have misunderstood. I added it to https://wikitech.wikimedia.org/wiki/Special:Preferences#mw-prefsection-openstack. Is that alright? Did you mean to add it to the front user page?

fgiunchedi added a comment.Aug 7 2023, 9:13 AM
In T342968#9072890, @darthmon_wmde wrote:

apologies, @fgiunchedi , I may have misunderstood. I added it to https://wikitech.wikimedia.org/wiki/Special:Preferences#mw-prefsection-openstack. Is that alright? Did you mean to add it to the front user page?

Yes I meant to the user front page (wikitech preferences ssh keys are for cloud/wmcs, not production), for example here is fine: https://www.mediawiki.org/wiki/User:Monica_Pinedo_Bajo_(WMDE)

darthmon_wmde added a comment.Aug 7 2023, 10:49 AM
In T342968#9072997, @fgiunchedi wrote:
In T342968#9072890, @darthmon_wmde wrote:

apologies, @fgiunchedi , I may have misunderstood. I added it to https://wikitech.wikimedia.org/wiki/Special:Preferences#mw-prefsection-openstack. Is that alright? Did you mean to add it to the front user page?

Yes I meant to the user front page (wikitech preferences ssh keys are for cloud/wmcs, not production), for example here is fine: https://www.mediawiki.org/wiki/User:Monica_Pinedo_Bajo_(WMDE)

Done!

thanks for the clarification and apologies again for the mishap :)

Eevans updated the task description. (Show Details)Aug 7 2023, 9:27 PM
gerritbot added a comment.Aug 7 2023, 9:38 PM

Change 946632 had a related patch set uploaded (by Eevans; author: Eevans):

[operations/puppet@production] admin: add darthmon to releasers-wikibase

https://gerrit.wikimedia.org/r/946632

gerritbot added a project: Patch-For-Review.Aug 7 2023, 9:38 PM
Eevans claimed this task.Aug 8 2023, 9:24 PM
gerritbot added a comment.Aug 10 2023, 4:13 PM

Change 946632 merged by Eevans:

[operations/puppet@production] admin: add darthmon to releasers-wikibase

https://gerrit.wikimedia.org/r/946632

Eevans added a comment.Aug 10 2023, 4:21 PM

Hi @darthmon_wmde, this should now be complete.

I'll close the issue, but don't hesitate to reopen if you have any issues!

Maintenance_bot removed a project: Patch-For-Review.Aug 10 2023, 4:30 PM
Eevans closed this task as Resolved.Aug 10 2023, 4:49 PM
Eevans reopened this task as Open.Aug 11 2023, 12:26 AM

@darthmon_wmde this seems to be the same key used to access Wikimedia Cloud Services. Could you please generate a separate SSH key for accessing Wikimedia production and post the pubkey here and to your user page?

darthmon_wmde added a comment.EditedAug 11 2023, 10:16 AM
In T342968#9085732, @Eevans wrote:

@darthmon_wmde this seems to be the same key used to access Wikimedia Cloud Services. Could you please generate a separate SSH key for accessing Wikimedia production and post the pubkey here and to your user page?

this sounds weird since I created this key just before posting it here and I have not used it otherwise

I happily create another one in any case:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM5JYD88f9NiE6Kg0G7lIVdsZUC2Sp8gDif/kgnkuq/j monicapinedo@wmde-102496

darthmon_wmde updated the task description. (Show Details)Aug 11 2023, 10:22 AM

I copied it on my wiki profile https://www.mediawiki.org/wiki/User:Monica_Pinedo_Bajo_(WMDE)

Eevans added a comment.Aug 11 2023, 2:47 PM
In T342968#9086433, @darthmon_wmde wrote:
In T342968#9085732, @Eevans wrote:

@darthmon_wmde this seems to be the same key used to access Wikimedia Cloud Services. Could you please generate a separate SSH key for accessing Wikimedia production and post the pubkey here and to your user page?

this sounds weird since I created this key just before posting it here and I have not used it otherwise

You know, I thought it was weird to me as well; I'd have sworn I checked prior to adding it, but afterward/now the new key shows up in both places...

eevans@mwmaint1002:~$ cross-validate-accounts 
darthmon uses the same SSH key(s) in WMCS and production:
  {'AAAAC3NzaC1lZDI1NTE5AAAAIAKqqF3EjMr1y5oM+5qfjBrQq/BhRsoHLA4DGZYtWKaE'}
eevans@mwmaint1002:~$

I happily create another one in any case:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM5JYD88f9NiE6Kg0G7lIVdsZUC2Sp8gDif/kgnkuq/j monicapinedo@wmde-102496

I'll add your new key; Thanks!

gerritbot added a comment.Aug 11 2023, 4:51 PM

Change 948164 had a related patch set uploaded (by Eevans; author: Eevans):

[operations/puppet@production] admin: new ssh key for user darthmon

https://gerrit.wikimedia.org/r/948164

gerritbot added a project: Patch-For-Review.Aug 11 2023, 4:51 PM

Change 948164 merged by Eevans:

[operations/puppet@production] admin: new ssh key for user darthmon

https://gerrit.wikimedia.org/r/948164

Eevans closed this task as Resolved.Aug 11 2023, 4:54 PM

Ok, this is done; Thanks!

eevans@mwmaint1002:~$ cross-validate-accounts 
eevans@mwmaint1002:~$
Maintenance_bot removed a project: Patch-For-Review.Aug 11 2023, 5:10 PM
darthmon_wmde mentioned this in T344367: Login rejected on horizon.wikimedia.org.Aug 16 2023, 4:21 PM
Clement_Goubert reopened this task as Open.Aug 18 2023, 9:06 AM
Clement_Goubert subscribed.

This new key has been added to WMCS apparently:

darthmon uses the same SSH key(s) in WMCS and production:
  {'AAAAC3NzaC1lZDI1NTE5AAAAIM5JYD88f9NiE6Kg0G7lIVdsZUC2Sp8gDif/kgnkuq/j'}
gerritbot added a comment.Aug 21 2023, 9:54 AM

Change 951064 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] admin: drop ssh key for dartmon

https://gerrit.wikimedia.org/r/951064

gerritbot added a project: Patch-For-Review.Aug 21 2023, 9:54 AM
gerritbot added a comment.Aug 21 2023, 9:57 AM

Change 951064 merged by Jbond:

[operations/puppet@production] admin: drop ssh key for dartmon

https://gerrit.wikimedia.org/r/951064

jbond subscribed.EditedAug 21 2023, 9:59 AM

@darthmon_wmde I have removed this ssh key from the production ssh config. please update this task with a new ssh key that is not used in the WMCS environment. please also update the status back to open once the new key has been added

Maintenance_bot removed a project: Patch-For-Review.Aug 21 2023, 10:10 AM
jbond triaged this task as Medium priority.Aug 21 2023, 10:14 AM
jbond changed the task status from Open to Stalled.Aug 21 2023, 1:56 PM
CDanis reassigned this task from Eevans to darthmon_wmde.Sep 25 2023, 5:42 PM
CDanis added a subscriber: Eevans.
Dzahn subscribed.Nov 13 2023, 7:10 PM

This task has been stalled since August. As far as I can tell we are still waiting for a new SSH key. Any updates on that?

Dzahn moved this task from Untriaged to Awaiting User Input on the SRE-Access-Requests board.Nov 13 2023, 7:10 PM
Aklapper added a comment.Dec 5 2023, 9:18 PM

@darthmon_wmde ping

jhathaway subscribed.Dec 12 2023, 8:48 PM

@darthmon_wmde do you still need this access?

WMDE-leszek added a comment.Dec 13 2023, 8:50 AM

hi folks. @darthmon_wmde is currently off. I'll remind her of a missing ssh key once she's back in January. Stalling until then so it does not show up in your boards confusingly etc. (ah no, it is already stalled phabricator just reminded me)

herron closed this task as Invalid.Dec 18 2023, 2:56 PM
herron subscribed.

Hello! Grooming the backlog today. Given that we've been in a holding pattern on this for some time I'll temporarily close as 'invalid' (since we're needing user input in order to proceed) with the understanding that it'll be reopened by the requestor when ready to proceed. Thanks!

darthmon_wmde updated the task description. (Show Details)Feb 22 2024, 8:17 PM
darthmon_wmde reopened this task as Open.Feb 22 2024, 8:19 PM

I am very sorry - this ticket got out of my sight and I completely forgot about it. Could we pick it up anew, please?

I just added my new public ssh key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIExSTDAxRmRvMSo4Bsx1cA0Tske9hEKa8qCltQDpV7pE monicapinedo@wmde-102496

ayounsi subscribed.Feb 23 2024, 10:07 AM

Can you update the key present on your mediawiki page as well ? Thanks

jcrespo changed the task status from Open to Stalled.Mar 25 2024, 10:42 AM
jcrespo subscribed.

Hola, @darthmon_wmde ! A ver si conseguimos cerrar esto de una vez por todas :-D. Si podrías actualizar la clave con tu cuenta con una edición en tu página de usuario de MediaWiki (pero no en la opción de openstack de wikitech!, que es cuando salta el problema de reuso de claves).

Stalling this until then.

Dzahn awarded a token.Apr 8 2024, 9:19 PM
BCornwall closed this task as Invalid.Tue, Apr 23, 8:10 PM
BCornwall subscribed.

Closing this until the original poster can get this done.

BCornwall changed the task status from Invalid to Declined.Tue, Apr 23, 8:11 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL