@Smalyshev: What exactly do you need to do with your access to terbium? (This will let us know which group to add you do.)
As Alex already commented on, this is likely for 'restricted' or 'deployment', both require ops team meeting approval as they are sudo.
Our ops meeting next week is on Tuesday. Please try to clarify your request before then, or it will have to wait for the ops meeting the following week.
I've assigned this to @Smalyshev pending feedback. Once feedback is provided, please set to unassigned and ops clinic will pick it back up.
Clinic Duty Note: Stas already had cluster access, so this is just a group addition (likely with some sudo rights)
@RobH: for now mainly run scripts, e.g. reindexing Elasticsearch after deploying various changes to mappings/indexing, like these: https://wikitech.wikimedia.org/wiki/Search#In_place_reindex
I don't think I actually need sudo for now, the only thing sudo may be needed is restarts and I'm not going to need that AFAIK.
Not sure which group it is, as long as I can log in to terbium and run the scripts as described above, that'd be enough for my current needs.
As @AlexMonk-WMF points out, you likely need to run your scripts as www-data, not as yourself. Hence being added to 'restricted' group to allow that access/sudo level. You aren't getting sudo as root, merely as www-data to servers that allow 'restricted' user group to access them.
As far as I can tell, 'restricted' would only give you access to the following hosts:
hosts/fluorine.yaml: - restricted
hosts/mw1152.yaml: - restricted
role/common/mediawiki/maintenance.yaml: - restricted
And the last only includes terbium and wasat.
The index update for elastic seems to be something that needs to apply across which servers exactly? Just terbium or one of the hosts listed above, or more than those?
Sounds good. As noted previously, this uses sudo for www-data, so it'll have to be approved in the Operations meeting next week.
The meeting typically takes place on Monday, but is Tuesday next week (due to holiday in USA.)
@Smalyshev Btw, it's not just terbium it's also wasat, the equivalent of terbium in codfw. So if we switch over at some point it will be that to do the same thing. You would get access via the role mediawiki::maintenance though, not by hostname, so your access will always be applied where that role is applied.