Guillaume is the new ops engineer in the Discovery team.
email: glederrey@wikimedia.org
wikitech username: gehel (https://wikitech.wikimedia.org/wiki/User:Gehel) - this should be the shell username as well
SSH public key for production is available in Gerrit change I2fb8ffd3250fa770720c002361b32d4355c0fc59
Guillaume should be in the following groups:
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | fgiunchedi | T125651 Access for new Discovery OpsEng: Guillaume Lederrey | |||
| Restricted Task |
Change 267919 had a related patch set uploaded (by Filippo Giunchedi):
Adding user gehel (Guillaume Lederrey) to user list
also:
analytics-search-users - for access to deploy and debug search jobs on the analytics cluster
Maybe:
analytics-privatedata-users - We have cirrus logs that are stored here, additionally would be required to query the data generated by jobs run from analytics-search-users. Not sure if gehel will be doing anything with these or not.
Hello!
Following https://wikitech.wikimedia.org/wiki/Ops_Clinic_Duty#Access_requests to speed up the request. We'd need the approval in this task of Gehel's supervisor before proceeding (possibly @Tfinc ?). The three days has almost passed since this request has been filed, I updated https://phabricator.wikimedia.org/project/view/956/ to reflect it.
@Gehel: if you have time can you check https://phabricator.wikimedia.org/L3 ?
Luca
Addendum: the new user will be added to the groups only after TechOps meeting review, that will happen on Monday 08th.
Luca
@elukey: https://phabricator.wikimedia.org/L3 reviewed and "signed". Thanks for the help !
@Gehel Do you need anything else from us? membership on mailing lists? access to private IRC channels? membership in WMF LDAP group (means login on tools like icinga/graphite)? access to private tickets in phabricator? anything you are blocked ?
@Dzahn: only thing I know of at the moment is the access to graphite / icinga / grafana. I am already in WMF-NDA on phabricator, I have been invited to a few IRC channels (-staff, _security) and a few private mailing list (discovery-private, ops, ...).
I will probably discover at some point that I am missing something, but I should be good for the moment.
@Gehel Alright, so the LDAP group "wmf' was missing. I just added you to that, so you should be able to login on icinga/graphite/grafana now, using your wikitech/labs user.
@terbium:~# sudo ldaplist -l group wmf | grep gehel
member: uid=gehel,ou=people,dc=wikimedia,dc=org
Change 267919 merged by Dzahn:
Adding user gehel (Guillaume Lederrey) to user list and to necessary groups
@Gehel on bast1001, your user has just been created
Notice: Finished catalog run in 33.79 seconds
[bast1001:~] $ id gehel
uid=13593(gehel) gid=500(wikidev) groups=500(wikidev),705(deployment)
same on elastic1001 and you are a root there:
[elastic1001:~] $ id gehel
uid=13593(gehel) gid=500(wikidev) groups=500(wikidev),709(elasticsearch-roots)
let us know if anything is missing
Change 269674 had a related patch set uploaded (by Filippo Giunchedi):
admin: add gehel to ops
reopening, missing ops group access, see related review https://gerrit.wikimedia.org/r/269674
the ops group is a different level of access, that shouldn't get tacked onto this ticket.
giving back to pool since it's pending approval, to be handled by on-duty person and in next meeting please
@Krenair, you are indeed correct, ops ldap group membership was missing and added now