In a conversation with @Dzahn earlier, I've realized that I don't have access for people.wikimedia.org.
It's solely needed for showcasing certain patched demos of OOUI (statically), not for statistics or deployment.
Description
Details
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
admin: create shell account for Volker E. | operations/puppet | production | +8 -0 |
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | Dzahn | T143465 Access to people.wikimedia.org for Volker_E | |||
Invalid | None | T143579 basion/rutherfordium access for Volker_E |
Event Timeline
This request ist reasonable to me, we talked. Since the latest changes this means it does not need any group membership, no sudo, no nothing. Just create the user as such and he should get bastion and rutherfordium which is people.wm.
@Legoktm I've been reaching out on #wikimedia-operations to understand what's the common/recommended way for my (quite urgent) needs. The idea of people.wikimedia.org comes from showcasing work there like https://people.wikimedia.org/~jdrewniak/collapsed-links-drawer/index.html
people.wikimedia.org seemed right to me. But please let me know if anything else is more appropriate.
If it's urgent, requesting a shell account that requiring waiting for ops approval seems like the wrong approach to me :)
You can showcase your work anywhere, I guess people use people.wm.o because it's convenient for them. Other people use codepen, jsfiddle, etc. Personally I avoid using people.wm.o for this kind of stuff because it's inside production networks, meaning it is scarier from a security perspective and expects a higher level of security. That's why I recommended using tool labs. It's pretty easy to get started quickly (you just sign up and a human verifies you're not a spambot), create your tool, and then you have webhosting space.
Actually doesn't take that long. Already being handled. Doesn't have to be in meeting either since it's not sudo.
@Volker_E, we'll need a public ssh key to do this. Either paste here or submit a puppet patch to puppet/modules/admin/data/data.yaml.
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDKpQEVtQw8XJCKvG7oNL9d+dveFqRpHCzduUvdzi6MK7zgtY9xUKF7ZcQObgP5fCpgLonDUu2b61WRzYgiPoBkhhnTKqRkCx6sT6KfsHaSE2iZefW5N7qEyRqpWCoXfmGnXJdP3r4cCgxBqdAJ/aoFNcvzpLUrcgw7wfI+gJ6VV897fwkH9SEnjVUxn/AZDAxsK6xa2gDmCUjG+Biwl6LsRCXtop87jtJ6SdgKmDkmGNh8t2y6YJxE0vjYuzNH2E2bEaYOgFRS/GULbNh+U+UqrN3sE4RTHUzAOqXh3iYShpNnwgm9nj41j3Q4h1S51muPEywRz60nU16JfaAvvvA3vyrS2L1P3zB7F+MbvhVVhdprmMvQf7hXbqSNhcxBWwvYfGGA67jy6hDL8WCd8+ql5F7tGw66FxStDjs2GYCiLp0zaDeBkl5Fx9GKjTXD8kCtA7Y8JDLuW1L/7ROX58C8tO6SyHjHHQO4hpSUavieUHt+2CFLYWvGtBZFStdL+esQmOC6qjX1KdwSQxlRXN9D436VxGusVdo3gkbaVvPFVx25gefWrKQ0/a17iU3eDL02sVkNa91Xs3AfeNNTqOv111UfoZjsatva7ZhBujeD131Ky7wolm1IVYtwfF4ifEpgLwjHtSzgfmdMLJSv4IweGYebc71JILMOHZCQGJ3/iw== volker.e@wikimedia.org
@Volker_E, do you have a labs account? If so, what is your username there? If not... please create one :) (We generally try to keep uids in sync between labs and prod)
@Andrew i see https://wikitech.wikimedia.org/wiki/User:VolkerE but i also dont find it in LDAP. is it wiki user name vs. shell user name again? i think so
yes, it is. VolkerE is the "sn".
this is how i found now with ldapsearch instead of ldaplist
[terbium:~] $ ldapsearch -x sn=VolkerE | grep uid dn: uid=volker-e,ou=people,dc=wikimedia,dc=org uid: volker-e uidNumber: 12186
Change 307667 had a related patch set uploaded (by Dzahn):
admin: create shell account for Volker E.
@Volker_E Just waiting on your signature on https://phabricator.wikimedia.org/L3 done via phabricator, just click on the link and there are instructions. Thanks!
I have pinged multiple times but didn't get a response. I suggest we close the ticket at the end end of the week and reopen it when/if actually needed. There is also still the option of using tool labs.
@Dzahn, I've replied to you directly via IRC?! Reason was, I haven't had capacity to care about that until now.
Anyways, I just signed the Acknowledgement. cc: @ArielGlenn
Hey @Volker_E This is now done :) Your user account has been created on the host called "rutherfordium.eqiad.wmnet". That is where people.wikimedia.org lives.
Here you can find the SSH config you will need to connect to it via the bastion hosts:
https://wikitech.wikimedia.org/wiki/Production_shell_access#Standard_config
You can pick from bast1001, 2001, 3001 or 4001, whatever is closer to you (see the map on that page).
With a config like
Host rutherfordium User volkere ProxyCommand ssh -a -W %h:%p bast1001.wikimedia.org
you should be able to just type "ssh rutherfordium" and get there in a single step.
Once there, create a directory called "public_html" and anything you upload into that (using scp/sftp) will show up under https://people.wikimedia.org/~volkere/
Let me know if any questions or issues with that.
[rutherfordium:~] $ id volkere
uid=12186(volkere) gid=500(wikidev) groups=500(wikidev),600(all-users)
(for completeness, yes this ticket also had manager approval from Lindsey Anne via hangout)
user has been renamed to "volker-e" in T157591.
The new URL is now https://people.wikimedia.org/~volker-e/