Page MenuHomePhabricator
Create Task
Maniphest T363937

Fundraising access request for KMorrow
Closed, ResolvedPublic
Actions

Description

This is a new access request for @KMorrow-WMF. They require the following access: (mark each box with an x)

  • civicrm web access
    • standard access
    • donor services access
  • ssh access - if specific hosts: frdev1001
  • mysql - if specific hosts or databases: list here
  • superset
  • other: please explain ----

New User Procedure / Checklist

When adding a new user to the fundraising / fr-tech ecosystem, we have a set of places where we need to create accounts and access.

Prerequisites

Before we can take any action to add a user, we need to verify that they are authorized to have such access. This requires confirmation from their manager and approval from the C level that access is approved.

[x] user_verification
Requires: user request
[x] access_rights: letter to C level (currently Lisa) verifying grant of access
[x] account name/contact info: verify on https://collab.wikimedia.org/wiki/Fundraising#Contact_List
[-] (if not advancement) add to okta notify list: create ITS ticket for adding to fr-tech okta notification list

Accounts and Services

[x] user account
Requires: user_verification
[x] Add the user to the users.yaml and group_members.yaml files as appropriate.
[x] Push out puppet changes.
[x] yubikey
Requires: useraccount and ITS request to send out yubikey to user
[x] physical: Make a request to ITS to have a key sent to the user
[x] account_setup: Get public side and add to puppet-private/manifests/passwords/yubico.pp
[x] follow_on: Make sure user can use yubikey for ssh access
[x] ssh
Requires: useraccount and yubikey
[x] key_setup: Send template/docs for generating keypair and ~/.ssh/config file
[x] account_setup: Get public side and add to puppet-private/secrets/ssh/default/$username
[x] follow_on: Verify user can ssh using correct creds and passphrases when needed.
[x] mysql
Requires: useraccount, yubikey, ssh
[x] account_setup
    [x] Create user block in ~/puppet-private/secrets/mysql_grants/fundraising_qa
    [x] Ensure user is in correct blocks for select rights on dbs.
        - Generally use another user in same group as a guide
    [x] Run the grant script to get the grants.
    [x] Copy/paste to execute the grants on appropriate dbs.
    [x] Create the user a ~/.my.cnf file with the original password from account creation.
[ ] follow_on: Verify user can ssh to the required host and log in to mysql.

Event Timeline

spatton created this task.May 1 2024, 7:27 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 1 2024, 7:27 PM
spatton updated the task description. (Show Details)May 1 2024, 7:39 PM
spatton added a subscriber: KMorrow-WMF.
Dwisehaupt subscribed.May 1 2024, 9:54 PM

Access approved.

Date: Wed, 1 May 2024 13:59:49
From: Lisa Seitz Gruwell
To: Sam Patton
Cc: Fundraising Tech Ops
Subject: Re: Approval to give two Fundraisers yubikeys for test reporting?
----------------------------------------

Yes, approved. 
Dwisehaupt updated the task description. (Show Details)May 1 2024, 9:57 PM
Dwisehaupt moved this task from Triage to Up Next on the fundraising-tech-ops board.May 2 2024, 7:19 PM
Dwisehaupt added a comment.May 2 2024, 7:25 PM

Created ITS request for yubikey.

Dwisehaupt updated the task description. (Show Details)Wed, May 8, 5:53 PM
KMorrow-WMF added a comment.Wed, May 8, 8:12 PM

Generated ssh key-pair. Contents of the public side of the key:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII+Tq0YDiVT9hjG79omlUnvrrsxdk6/UGP1rlzUch6G3 kmorrow-ctr@wikimedia.org
Dwisehaupt updated the task description. (Show Details)Wed, May 8, 9:27 PM
KMorrow-WMF added a comment.Fri, May 10, 9:33 PM

Received Yubikey today, here is the public side of it:

Cccccbijinvg
Dwisehaupt updated the task description. (Show Details)Fri, May 10, 9:52 PM

@KMorrow-WMF Thanks. If you have set up your ssh config file as specified in https://wikitech.wikimedia.org/wiki/Fundraising/techops/docs/frack_ssh_access#SSH_Config_file you should be able to ssh frdev1002 and connect.

Dwisehaupt closed this task as Resolved.Mon, May 13, 4:30 PM
Dwisehaupt claimed this task.
Dwisehaupt updated the task description. (Show Details)
Dwisehaupt moved this task from Up Next to Done on the fundraising-tech-ops board.

Verified logins are working.

spatton updated the task description. (Show Details)Mon, May 13, 8:41 PM
Dwisehaupt reopened this task as Open.Mon, May 13, 9:59 PM
Dwisehaupt moved this task from Done to In Progress on the fundraising-tech-ops board.
Dwisehaupt updated the task description. (Show Details)Mon, May 13, 10:02 PM

Set up with mysql access for getting data with scripts. Ready for testing.

Dwisehaupt closed this task as Resolved.Tue, May 14, 4:32 PM
Dwisehaupt moved this task from In Progress to Done on the fundraising-tech-ops board.

Verified scripts that call mysql are working.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL