Page MenuHomePhabricator

Access to people.wikimedia.org for Volker_E
Closed, ResolvedPublic

Description

In a conversation with @Dzahn earlier, I've realized that I don't have access for people.wikimedia.org.
It's solely needed for showcasing certain patched demos of OOUI (statically), not for statistics or deployment.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

This request ist reasonable to me, we talked. Since the latest changes this means it does not need any group membership, no sudo, no nothing. Just create the user as such and he should get bastion and rutherfordium which is people.wm.

You know you can also use tools.wmflabs.org for this kind of stuff too?

Andrew renamed this task from Access needed for people.wikimedia.org for showcasing to Access to people.wikimedia.org for Volker_E.Aug 22 2016, 5:47 PM

@Legoktm I've been reaching out on #wikimedia-operations to understand what's the common/recommended way for my (quite urgent) needs. The idea of people.wikimedia.org comes from showcasing work there like https://people.wikimedia.org/~jdrewniak/collapsed-links-drawer/index.html
people.wikimedia.org seemed right to me. But please let me know if anything else is more appropriate.

If it's urgent, requesting a shell account that requiring waiting for ops approval seems like the wrong approach to me :)

You can showcase your work anywhere, I guess people use people.wm.o because it's convenient for them. Other people use codepen, jsfiddle, etc. Personally I avoid using people.wm.o for this kind of stuff because it's inside production networks, meaning it is scarier from a security perspective and expects a higher level of security. That's why I recommended using tool labs. It's pretty easy to get started quickly (you just sign up and a human verifies you're not a spambot), create your tool, and then you have webhosting space.

If it's urgent, requesting a shell account that requiring waiting for ops approval seems like the wrong approach to me :)

Actually doesn't take that long. Already being handled. Doesn't have to be in meeting either since it's not sudo.

Dzahn triaged this task as Medium priority.Aug 23 2016, 10:45 PM

@Volker_E, we'll need a public ssh key to do this. Either paste here or submit a puppet patch to puppet/modules/admin/data/data.yaml.

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDKpQEVtQw8XJCKvG7oNL9d+dveFqRpHCzduUvdzi6MK7zgtY9xUKF7ZcQObgP5fCpgLonDUu2b61WRzYgiPoBkhhnTKqRkCx6sT6KfsHaSE2iZefW5N7qEyRqpWCoXfmGnXJdP3r4cCgxBqdAJ/aoFNcvzpLUrcgw7wfI+gJ6VV897fwkH9SEnjVUxn/AZDAxsK6xa2gDmCUjG+Biwl6LsRCXtop87jtJ6SdgKmDkmGNh8t2y6YJxE0vjYuzNH2E2bEaYOgFRS/GULbNh+U+UqrN3sE4RTHUzAOqXh3iYShpNnwgm9nj41j3Q4h1S51muPEywRz60nU16JfaAvvvA3vyrS2L1P3zB7F+MbvhVVhdprmMvQf7hXbqSNhcxBWwvYfGGA67jy6hDL8WCd8+ql5F7tGw66FxStDjs2GYCiLp0zaDeBkl5Fx9GKjTXD8kCtA7Y8JDLuW1L/7ROX58C8tO6SyHjHHQO4hpSUavieUHt+2CFLYWvGtBZFStdL+esQmOC6qjX1KdwSQxlRXN9D436VxGusVdo3gkbaVvPFVx25gefWrKQ0/a17iU3eDL02sVkNa91Xs3AfeNNTqOv111UfoZjsatva7ZhBujeD131Ky7wolm1IVYtwfF4ifEpgLwjHtSzgfmdMLJSv4IweGYebc71JILMOHZCQGJ3/iw== volker.e@wikimedia.org

@Volker_E, do you have a labs account? If so, what is your username there? If not... please create one :) (We generally try to keep uids in sync between labs and prod)

@Andrew i see https://wikitech.wikimedia.org/wiki/User:VolkerE but i also dont find it in LDAP. is it wiki user name vs. shell user name again? i think so

yes, it is. VolkerE is the "sn".

this is how i found now with ldapsearch instead of ldaplist

[terbium:~] $ ldapsearch -x sn=VolkerE | grep uid
dn: uid=volker-e,ou=people,dc=wikimedia,dc=org
uid: volker-e
uidNumber: 12186

so it's underscore vs. dash vs. camel case

[terbium:~] $ ldaplist -l passwd volker-e

Change 307667 had a related patch set uploaded (by Dzahn):
admin: create shell account for Volker E.

https://gerrit.wikimedia.org/r/307667

@Volker_E just one last thing, could you sign L3?

@Volker_E Just waiting on your signature on https://phabricator.wikimedia.org/L3 done via phabricator, just click on the link and there are instructions. Thanks!

Dzahn changed the task status from Open to Stalled.Sep 21 2016, 8:41 PM

I have pinged multiple times but didn't get a response. I suggest we close the ticket at the end end of the week and reopen it when/if actually needed. There is also still the option of using tool labs.

@Dzahn, I've replied to you directly via IRC?! Reason was, I haven't had capacity to care about that until now.
Anyways, I just signed the Acknowledgement. cc: @ArielGlenn

Paladox changed the task status from Stalled to Open.Sep 21 2016, 9:46 PM

Change 307667 merged by Dzahn:
admin: create shell account for Volker E.

https://gerrit.wikimedia.org/r/307667

Hey @Volker_E This is now done :) Your user account has been created on the host called "rutherfordium.eqiad.wmnet". That is where people.wikimedia.org lives.

Here you can find the SSH config you will need to connect to it via the bastion hosts:

https://wikitech.wikimedia.org/wiki/Production_shell_access#Standard_config

You can pick from bast1001, 2001, 3001 or 4001, whatever is closer to you (see the map on that page).

With a config like

Host rutherfordium
User volkere
ProxyCommand ssh -a -W %h:%p bast1001.wikimedia.org

you should be able to just type "ssh rutherfordium" and get there in a single step.

Once there, create a directory called "public_html" and anything you upload into that (using scp/sftp) will show up under https://people.wikimedia.org/~volkere/

Let me know if any questions or issues with that.

[rutherfordium:~] $ id volkere
uid=12186(volkere) gid=500(wikidev) groups=500(wikidev),600(all-users)

(for completeness, yes this ticket also had manager approval from Lindsey Anne via hangout)

I made the public_html directory and put a placeholder there:

https://people.wikimedia.org/~volkere/

user has been renamed to "volker-e" in T157591.

The new URL is now https://people.wikimedia.org/~volker-e/