Page MenuHomePhabricator

Access for new Discovery OpsEng: Guillaume Lederrey
Closed, ResolvedPublic


Guillaume is the new ops engineer in the Discovery team.

wikitech username: gehel ( - this should be the shell username as well

SSH public key for production is available in Gerrit change I2fb8ffd3250fa770720c002361b32d4355c0fc59

Guillaume should be in the following groups:

  • analytics-search-users
  • deployment
  • elasticsearch-roots

Related Objects


Event Timeline

Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald Transcript
Gehel updated the task description. (Show Details)
Gehel changed Security from None to Access Request.
Gehel edited subscribers, added: Gehel, EBernhardson; removed: Aklapper, StudiesWorld.

Change 267919 had a related patch set uploaded (by Filippo Giunchedi):
Adding user gehel (Guillaume Lederrey) to user list


analytics-search-users - for access to deploy and debug search jobs on the analytics cluster


analytics-privatedata-users - We have cirrus logs that are stored here, additionally would be required to query the data generated by jobs run from analytics-search-users. Not sure if gehel will be doing anything with these or not.


Following to speed up the request. We'd need the approval in this task of Gehel's supervisor before proceeding (possibly @Tfinc ?). The three days has almost passed since this request has been filed, I updated to reflect it.

@Gehel: if you have time can you check ?


Addendum: the new user will be added to the groups only after TechOps meeting review, that will happen on Monday 08th.


elukey triaged this task as Medium priority.Feb 4 2016, 11:32 AM

@Gehel Do you need anything else from us? membership on mailing lists? access to private IRC channels? membership in WMF LDAP group (means login on tools like icinga/graphite)? access to private tickets in phabricator? anything you are blocked ?

@Dzahn: only thing I know of at the moment is the access to graphite / icinga / grafana. I am already in WMF-NDA on phabricator, I have been invited to a few IRC channels (-staff, _security) and a few private mailing list (discovery-private, ops, ...).

I will probably discover at some point that I am missing something, but I should be good for the moment.

@Gehel Alright, so the LDAP group "wmf' was missing. I just added you to that, so you should be able to login on icinga/graphite/grafana now, using your wikitech/labs user.

@terbium:~# sudo ldaplist -l group wmf | grep gehel
member: uid=gehel,ou=people,dc=wikimedia,dc=org

Change 267919 merged by Dzahn:
Adding user gehel (Guillaume Lederrey) to user list and to necessary groups

@Gehel on bast1001, your user has just been created

Notice: Finished catalog run in 33.79 seconds
[bast1001:~] $ id gehel
uid=13593(gehel) gid=500(wikidev) groups=500(wikidev),705(deployment)

same on elastic1001 and you are a root there:

[elastic1001:~] $ id gehel
uid=13593(gehel) gid=500(wikidev) groups=500(wikidev),709(elasticsearch-roots)

let us know if anything is missing

Dzahn claimed this task.

checked access to elastic1001: it's working


Change 269674 had a related patch set uploaded (by Filippo Giunchedi):
admin: add gehel to ops

fgiunchedi added a subscriber: fgiunchedi.

reopening, missing ops group access, see related review

the ops group is a different level of access, that shouldn't get tacked onto this ticket.

Dzahn removed Dzahn as the assignee of this task.Feb 10 2016, 5:41 PM

giving back to pool since it's pending approval, to be handled by on-duty person and in next meeting please

Change 269674 merged by Filippo Giunchedi:
admin: add gehel to ops

fgiunchedi claimed this task.

related has been merged, resolving

Dzahn closed subtask Restricted Task as Resolved.Feb 11 2016, 7:12 PM
Dzahn removed a project: Patch-For-Review.

Should the ops access have included ldap/ops as well?

@Krenair, you are indeed correct, ops ldap group membership was missing and added now

@Krenair, @fgiunchedi: Thanks for taking care of the lost newbie that I am!