Page MenuHomePhabricator
Create Task
Maniphest T140422

madhuvishy is moving to operations on 7/18/16
Closed, ResolvedPublic
Actions

Description

So we should:

  • add her to ?

https://office.wikimedia.org/wiki/Operations/On(Off)boarding

Details

SubjectRepoBranchLines +/-
nagios_common: add Madhu to sms (ops paging) groupoperations/puppetproduction+1 -1
icinga: let Madhu run commands from webuioperations/puppetproduction+5 -5
madhu: transition to ops for admin.yamloperations/puppetproduction+10 -10
Add ssh key for user Madhuvishy to root-authorized-keyslabs/privatemaster+2 -0
Customize query in gerrit

Related Objects

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
Restricted Application added subscribers: Zppix, Aklapper. · View Herald TranscriptJul 14 2016, 9:28 PM
chasemp triaged this task as Medium priority.Jul 14 2016, 9:29 PM
chasemp added a project: SRE-Access-Requests.
Legoktm awarded a token.Jul 14 2016, 9:30 PM
gerritbot subscribed.Jul 14 2016, 10:01 PM

Change 299078 had a related patch set uploaded (by Rush):
madhu: transition to ops

https://gerrit.wikimedia.org/r/299078

gerritbot added a project: Patch-For-Review.Jul 14 2016, 10:01 PM
chasemp mentioned this in rOPUP5581dbbaf194: madhu: transition to ops.Jul 14 2016, 10:03 PM
AlexMonk-WMF subscribed.Jul 14 2016, 10:09 PM
yuvipanda added a subscriber: madhuvishy.Jul 14 2016, 10:48 PM
yuvipanda subscribed.
bd808 subscribed.EditedJul 14 2016, 11:07 PM
Dzahn subscribed.EditedJul 15 2016, 12:31 AM

how about +2 in Gerrit? LDAP ops group.

ops mailing list

access to password store (add GPG key )

AlexMonk-WMF added a comment.Jul 15 2016, 12:32 AM

to ops/puppet? it's given by ldap/ops, which I imagine should be on a generic ops onboarding list somewhere

Peachey88 subscribed.Jul 15 2016, 12:33 AM
In T140422#2464795, @Dzahn wrote:

how about +2 in Gerrit?

There is a few LDAP groups that do that inherently (that staff are commonly in I believe), probably best to check the groups the user is in.

Dzahn added a comment.Jul 15 2016, 12:36 AM

https://office.wikimedia.org/wiki/Operations/On%28Off%29boarding

Dzahn added a comment.Jul 15 2016, 12:41 AM
  • ops mailing list was already done

@madhuvishy when you get to it we'll need a GPG key to add you to https://office.wikimedia.org/wiki/Pwstore That will give you all the "misc" passwords we have in ops.

gerritbot added a comment.Jul 15 2016, 7:41 PM

Change 299196 had a related patch set uploaded (by Dzahn):
icinga: let Madhu run commands from webui

https://gerrit.wikimedia.org/r/299196

gerritbot added a comment.Jul 15 2016, 7:43 PM

Change 299198 had a related patch set uploaded (by Dzahn):
nagios_common: add Madhu to sms (ops paging) group

https://gerrit.wikimedia.org/r/299198

Andrew subscribed.Jul 15 2016, 7:46 PM

I granted Madhu admin/admin in keystone so she should be able to view all the stats &c in Horizon.

Dzahn mentioned this in rOPUP80abffb2c528: icinga: let Madhu run commands from webui.Jul 15 2016, 7:46 PM
Dzahn mentioned this in rOPUP93af9c470365: nagios_common: add Madhu to sms (ops paging) group.
Southparkfan awarded a token.Jul 15 2016, 9:59 PM
chasemp updated the task description. (Show Details)Jul 18 2016, 1:13 PM
chasemp updated the task description. (Show Details)
yuvipanda added a comment.Jul 18 2016, 1:15 PM

Should get a new key setup for labs root, and probably good to rotate all keys anyway.

yuvipanda updated the task description. (Show Details)Jul 18 2016, 1:17 PM
chasemp updated the task description. (Show Details)Jul 18 2016, 1:18 PM
yuvipanda updated the task description. (Show Details)Jul 18 2016, 1:18 PM
chasemp updated the task description. (Show Details)Jul 18 2016, 1:19 PM
chasemp updated the task description. (Show Details)
chasemp updated the task description. (Show Details)Jul 18 2016, 1:21 PM
chasemp added a comment.Jul 18 2016, 3:53 PM
In T140422#2470486, @yuvipanda wrote:

Should get a new key setup for labs root, and probably good to rotate all keys anyway.

@madhuvishy can you sync up w/ yuvi w/ a new labs root key?

Dzahn added a comment.EditedJul 18 2016, 4:36 PM
  • Should we order a yubikey (via OIT?) and set it up ?
Dzahn updated the task description. (Show Details)Jul 18 2016, 4:40 PM
mark subscribed.Jul 18 2016, 5:00 PM

Madhu is approved for Ops access. Yes, she should also get a Yubikey. :)

chasemp mentioned this in rOPUP95c3111f9b5e: madhu: transition to ops.Jul 18 2016, 5:22 PM
Dzahn added a comment.Jul 18 2016, 6:19 PM
  • added to ops-private
  • added to root@ mail
Dzahn updated the task description. (Show Details)Jul 18 2016, 6:19 PM
chasemp added a comment.Jul 18 2016, 6:25 PM

I asked madhu to change her user key along with the role/access change before https://gerrit.wikimedia.org/r/#/c/299078/. Seems appropriate in case of ever key forwarding, etc. Just good sense I hope :)

chasemp mentioned this in rOPUP73f0412ad6b4: WIP for a key change before merge -- madhu: transition to ops.Jul 18 2016, 6:29 PM
chasemp mentioned this in rOPUP3bcfd4a2c6d4: madhu: transition to ops for admin.yaml.Jul 18 2016, 7:13 PM
chasemp mentioned this in rOPUP58bac88260f9: madhu: transition to ops for admin.yaml.Jul 18 2016, 7:17 PM
gerritbot added a comment.Jul 18 2016, 7:18 PM

Change 299078 merged by Rush:
madhu: transition to ops for admin.yaml

https://gerrit.wikimedia.org/r/299078

gerritbot added a comment.Jul 18 2016, 7:18 PM

Change 299597 had a related patch set uploaded (by Madhuvishy):
Add ssh key for user Madhuvishy to root-authorized-keys

https://gerrit.wikimedia.org/r/299597

gerritbot added a comment.Jul 18 2016, 7:20 PM

Change 299597 merged by Rush:
Add ssh key for user Madhuvishy to root-authorized-keys

https://gerrit.wikimedia.org/r/299597

chasemp added a comment.Jul 18 2016, 7:20 PM

also: https://gerrit.wikimedia.org/r/#/c/299595

chasemp updated the task description. (Show Details)Jul 18 2016, 7:21 PM
madhuvishy added a comment.EditedJul 18 2016, 7:25 PM

As for getting a Yubikey - I requested a new one and OIT has placed an order.

chasemp mentioned this in rOPUPbdb2a18c414d: nagios_common: add Madhu to sms (ops paging) group.Jul 18 2016, 7:29 PM
chasemp mentioned this in rOPUP64055690ce7b: icinga: let Madhu run commands from webui.
chasemp updated the task description. (Show Details)Jul 18 2016, 8:12 PM
chasemp updated the task description. (Show Details)Jul 18 2016, 8:19 PM
Dzahn mentioned this in rOPUP089cf286370a: icinga: let Madhu run commands from webui.Jul 18 2016, 8:33 PM
gerritbot added a comment.Jul 18 2016, 8:38 PM

Change 299196 merged by Dzahn:
icinga: let Madhu run commands from webui

https://gerrit.wikimedia.org/r/299196

Dzahn updated the task description. (Show Details)Jul 18 2016, 8:38 PM
chasemp updated the task description. (Show Details)Jul 18 2016, 8:52 PM
gerritbot added a comment.Jul 18 2016, 8:57 PM

Change 299198 merged by Dzahn:
nagios_common: add Madhu to sms (ops paging) group

https://gerrit.wikimedia.org/r/299198

Dzahn mentioned this in rOPUPbb0bf871bef6: nagios_common: add Madhu to sms (ops paging) group.Jul 18 2016, 8:58 PM
Dzahn mentioned this in rOPUPe5ecd597d435: nagios_common: add Madhu to sms (ops paging) group.
Dzahn updated the task description. (Show Details)Jul 18 2016, 9:01 PM
madhuvishy added a comment.Jul 19 2016, 6:54 AM

Pasting public gpg key here - if this isn't the best idea, happy to make a new one.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQENBFeNymQBCACipjHijiP7teB91169kIlv/L8O8HorhyvjvU/u4xpPjvZUZWR+
N79bN8wUBdAnAn836Yxyaq56lymlK3OAYTrHLUMEYe7p0uWoTnmQHRi8RAmLTq03
XLvbEpFEcIvhurjv0V9Lbp3d4GufbyziJaLZd71nEfoGWgph7GC3kLK40JOMqQOv
heaoqhgSU4BB6t27gkhOSRHUedAM1p1KEP91ihxtEOrXusRIcb00Pd/C/ZwwepsF
pmEhCJrsqfvql0a1DVTKu60jCfkkX1gA94e2xtZqXDV2XbHWTrW0duW9FrHK4kor
/G9vjkb7pEohVKZ607JSu4mJO7z7gGtcsd7vABEBAAG0QE1hZGh1bWl0aGEgVmlz
d2FuYXRoYW4gKE1hZGh1dmlzaHkpIDxtdmlzd2FuYXRoYW5Ad2lraW1lZGlhLm9y
Zz6JAT4EEwECACgFAleNymQCGwMFCQWjmoAGCwkIBwMCBhUIAgkKCwQWAgMBAh4B
AheAAAoJEKTR2sc7lHxNEx8IAIgpX1NnUkOjGyVgk465JmTtIXUGKl3Hiu4bLRie
91wd9pDmpDzF0yUqpKxs1tn/XrqaZZ9ekzZp7+358pgiNWsabyW/ESUaaED4l+1l
QI7fRdwxxFflkMFsp1Ducn+FStwkKMUQt04Rva2PjQkiV/aVQHMMAWHQ1R4jGfDG
cLOunWCH4p5OGzCeRxw7OIuHGH2KDTn89oLOrfzsroBikyLFzfY/6cUT5Ya3IWGj
h8MS6BwCvhHuyOQr06E/3slB1WT2b9zxKIYDi5mnbydghFA0T5DwzOL7wXDzBhRA
UoBeiL4uu39To9l9f2ArbQ6EPnKyw2NrecrKzpR4Mlkpcg+5AQ0EV43KZAEIALFH
wJgbjrVvID1dKfeKDvjcAi9EQBqAliakTAXmVaSHCXJ0EFvaDKIbsDqlx0gLv2eX
pdYh2JpkbsyyzwXui3vmN7JX2G1Pg4wOGkfMrDl7IAKBpgToqPWpTmoPdIICUVJc
W2P2JzpjZxp3dyAkFnoEbITOEuk1AiP7OQ5HMAilz3eTmSQVWS7R7Nez0NwyV7RF
2rc0XMcFXf6Z2SbiR/6MH2BjCkbTJLvQCppDTQEYHYgPdvf70XpDUwbppvuqqm8h
uLlaGUl1+GkJiQIcRHhxbz0+rU4yP9FmErMaIg4ycbb0h+rCu6kOjSekJBKSOPgT
zSQW4iJbWc0jnSAsTG0AEQEAAYkBJQQYAQIADwUCV43KZAIbDAUJBaOagAAKCRCk
0drHO5R8TU3oB/4nODdgoiSXC44mKuDMIoamWSSbqzrwx9wrTE0H3uIYC91zXNF5
vR97BGcoK3dwGGT3Cxq8gE9jd5VPFr+dYyMk/yaJRA5FtE1NlwLJTz+o8lbgEZkG
qpCwhuydt3KoJ2VwJakXEFbj3Le4pQZZO7ngMFQ+/xn7+oPrEaIdpV4UeZdbhDFN
1ym4yH8d81eW5Gp8uUAYz4gFbZmjoliVjOFM+6mj7zpUXwnCFMJw+wupHaRCi3zF
1SMk2uisNLaoCehgDQrV5rGV6kdhTAHddRQnyB7bu6ZZSgg5UD+L36PtXHd58pFG
gynQgbD/2/6vIJYsAo1JsmttwMLG9EPsaFBY
=ev1Y
-----END PGP PUBLIC KEY BLOCK-----
elukey added subscribers: MoritzMuehlenhoff, elukey.Jul 19 2016, 1:07 PM

@madhuvishy for the pwstore part I think that you should follow up with @MoritzMuehlenhoff when he'll be back (I think July 25th). Not sure if other people manage it as well though :)

I am ops duty this week so please let me know if you are blocked with anything!

Gehel added subscribers: ArielGlenn, Gehel.Jul 19 2016, 1:14 PM

Looking at the recent history of the pw repository, at least @Dzahn and @ArielGlenn have recent commits, so they should be able to add your keys.

I can already sign yours, ping me on IRC and we can do a video identification...

elukey mentioned this in rOPUPf28b0d40d6b7: Add addshore and zfilipin back to the deployment group.Jul 19 2016, 2:21 PM
elukey mentioned this in rOPUP0684e20448af: Add addshore and zfilipin back to the deployment group.Jul 19 2016, 2:25 PM
elukey added a comment.Jul 22 2016, 10:51 AM

We'd need to fix some pwstore issues so this could be a good occasion to add Madhu's key. Best to wait a bit for Moritz in my opinion!

Krenair moved this task from Triage to In Progress on the Cloud-Services board.Jul 23 2016, 2:16 PM
MoritzMuehlenhoff added a comment.Jul 25 2016, 6:46 AM

I'll drop those people with an expired PGP key later on, so that we can add her to pwstore.

MoritzMuehlenhoff added a comment.Jul 25 2016, 7:50 AM

@madhuvishy : Please upload your PGP key to the public keyserver network by running

gpg --send-key FINGERPRINT_OF_YOUR_KEY

pool.sks-keyservers.net is usually preconfigured in most GnuPG distributions (but they all sync amonst each other)

madhuvishy added a comment.Jul 25 2016, 6:37 PM

@MoritzMuehlenhoff Done! http://keys.gnupg.net/pks/lookup?op=get&search=0xA4D1DAC73B947C4D

Dzahn added a comment.Jul 26 2016, 5:53 AM

@Andrew @yuvipanda as list admins of labs-l and labs-announce, how about the remaining checkbox " Add as mod to labs-l/labs-announce"? does that really mean moderator or does it mean list admin? did you already share the password(s)?

MoritzMuehlenhoff added a comment.Jul 26 2016, 7:19 AM
In T140422#2493224, @madhuvishy wrote:

@MoritzMuehlenhoff Done! http://keys.gnupg.net/pks/lookup?op=get&search=0xA4D1DAC73B947C4D

Got it, the only thing missing now is two signatures on that key: https://wikitech.wikimedia.org/wiki/PGP_Keys#Signing_keys

Dzahn assigned this task to yuvipanda.Jul 28 2016, 11:23 PM

Hey Yuvi, could you please do the checkbox about labs lists? Otherwise i'd have to reset the password for all you admins. And not sure if it really meant "mod" or "admin".

yuvipanda added a comment.Jul 28 2016, 11:24 PM

@Dzahn I meant 'admin'. I don't have the password at all, I've just been using the mailman master password, which is probably pretty unhealthy. Can you reset it anyway?

Dzahn added a comment.Jul 28 2016, 11:28 PM

I would prefer it if the list admins could handle administration of their lists. The password needs to be shared with the other admins.

yuvipanda added a comment.Jul 28 2016, 11:29 PM

Sure, I'll do that later then. There's no hurry for us to finish that box off.

Dzahn added a subscriber: ema.Aug 3 2016, 8:10 PM

cc: @ema the pwstore part should also be unblocked now.

madhuvishy added a comment.Aug 3 2016, 8:39 PM

Still needed to be add as labs root. This is not done yet

madhuvishy added a comment.Aug 3 2016, 9:34 PM

The labs root thing is all good now. Thanks @yuvipanda

ema added a comment.Aug 4 2016, 6:41 AM

@madhuvishy: your PGP key does not seem to be signed yet: https://wikitech.wikimedia.org/wiki/PGP_Keys#Signing_keys. Ping me if you want to schedule a mini-keysigning party today on hangout.

RobH reassigned this task from yuvipanda to madhuvishy.Aug 15 2016, 6:42 PM
RobH subscribed.

I signed via hangout, and @madhuvishy listed off her key fingerprint.

I've signed and pushed to keyservers. We'll need a second signature for the pwstore access. We've chatted in IRC, and @madhuvishy is aware of next steps.

Assigning this to @madhuvishy until key has two signatures, then this can escalate to either @Dzahn or @MoritzMuehlenhoff for pwstore access update.

RobH removed a project: Patch-For-Review.Aug 15 2016, 8:04 PM
RobH reassigned this task from madhuvishy to MoritzMuehlenhoff.Aug 17 2016, 3:12 PM

Mortiz mentioned (in IRC a day or two ago) he would take care of the pwstore stuff, so I'm assigning this task to him.

MoritzMuehlenhoff closed this task as Resolved.Aug 18 2016, 1:10 PM

Her key is now signed and I've added it to the pwstore. Also the password files have been re-encrypted. @madhuvishy : Docs are at https://office.wikimedia.org/wiki/Pwstore, let me know if you run into any problems.

Since pwstore was the last missing bit, closing the ticket.

Phabricator_maintenance removed a subscriber: yuvipanda.Jun 7 2017, 6:41 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL