Petr should be able to deploy and otherwise take care of operational tasks on the RESTBase cluster. I am thus requesting to grant him membership of the restbase-roots group.
Username: ppchelko
Full name: Petr Pchelko
Petr should be able to deploy and otherwise take care of operational tasks on the RESTBase cluster. I am thus requesting to grant him membership of the restbase-roots group.
Username: ppchelko
Full name: Petr Pchelko
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | • Cmjohnson | T126283 Requesting restbase-roots access to RESTBase cluster for Petr Pchelko | |||
Restricted Task |
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSxkE+b4Jc+3FoCgYqZvQJZ8a0Hk2UhC2Qb1zi1CiThsE8oBPf6n1Mki58o/mHBrtfgAPutCFFylkLwuPDE5tDojENvNx3roMxEmpQhDTs3iKTfXF98IVdsrI8gmrpCQoy+fny3K/O89rmAza2WTK2ogB2rDBLRAC0hYz6pzuA38+4ybmYbqVn/SQSDyMsX0366xBsn3r6pEwyttZsLhO/5HDG1O5cUkrxwXr5XACIGGHZyG2ev2uLtZj/6py5skxvp2xLs1/m7qP1Sykvz8QungW7KfyzNCVKb07RxKlsUQEnAqnQY2fnB3VjKSe4FNUafQHkmFJ1MLr0zH31uMOF pchelko@Petrs-MBP.corp.wikimedia.org
Change 269369 had a related patch set uploaded (by Dzahn):
admin: add ppchelko to restbase-admins
Hm, actually, with restbase-admins you are not able to deploy, you can:
For deployment, one needs to be in the restbase-roots group, so I'd say to go ahead and retitle this as @Pchelolo needing restbase-roots access.
or maybe an alternative is to amend the permissions the restbase-admins have with the deploy commands, so that all admins can deploy. would it be easy to list the needed command to be added to sudo privileges?
That's a bit tricky and error-prone because the target repo is owned by root on the nodes, and we use ansible to deploy, which spawns its own local commands when performing the fetch and check-out phases.
User added but adding to restbase-roots group will require an approval in ops meeting.
Change 272513 had a related patch set uploaded (by Dzahn):
admin: add bast-only group for ppchelko
approved in meeting (https://office.wikimedia.org/wiki/Operations/Operations_Meeting_Notes/TechOps-2016-02-22#Access_Requests)
merged, followed-up with access to bastion hosts
[restbase1001:~] $ id ppchelko uid=12460(ppchelko) gid=500(wikidev) groups=500(wikidev),744(restbase-roots)
[bast1001:~] $ id ppchelko uid=12460(ppchelko) gid=500(wikidev) groups=500(wikidev),707(bastiononly)
etc.. the same on all restbase hosts as soon as puppet ran