As the WMCS transition was happening I discussed the access situation for @bd808 with @mark and possible subsequent team members who may not be operations people. The conclusion was that it did not make sense to put @bd808 in any traditional operations group(s) but to create a group for cs-roots instead. We had previously kicked an equivalent idea around with very active/NDA'd/trusted volunteers but it had not actually happened to this point.
Description
Description
Details
Details
Related Objects
Related Objects
Event Timeline
Comment Actions
@MoritzMuehlenhoff (quoting you here just because gerrit sucks for these things)
That's fine. But IMO the access::groups host definitions in Hiera should be part of this patch from the start. Otherwise the scope/impact of that group can't really be assessed.
yeah, totally understandable. I was working on the assumption that the existence of the new group was worth discussing on its own and the implicit applications are essentially "labs*" with the possibility of labsdb* and ldap servers being more debateable. I'll update with the first for the moment.
Comment Actions
Adding the group with initial roles:
https://gerrit.wikimedia.org/r/#/c/346838/
Adding bd808 if that all makes sense:
Comment Actions
So this was reviewed in the operations meeting this week, and this proposal approved in that meeting. (For the creation of the root group for cloud services as well as putting @bd808 in this group.)
There was some debate about the naming of the group, with other suggestions being cloud-root, or wmcs-root (wikimedia cloud services).
Comment Actions
Looks good to me and there were no objections in the ops meeting either.
Bikeshedding a little bit: the "cs-roots" name sounds confusing to me too, but it might be OK if the ex-Labs team standardizes to "CS" across everything and thus "cs-roots" becomes more obvious. So far I think the team had standardized to WMCS, so "wmcs-roots" sounds easy to grasp right now.
Comment Actions
I would vote for cloud-roots. "cloud" seems the most obvious term for the team and of 17 root groups, 16 end in -roots (plural), while just 1 (gerrit) does not.
Comment Actions
I'm open to what seems best :)
wmcs-roots seems most popular, but cloud-roots is really clear. I'm punting to @bd808 to pick a winner :)
Comment Actions
from the "naming is hard" bandwagon: I'd suggest an easily grep-able and unambiguous name like wmcs to be used everywhere
Comment Actions
Good point @fgiunchedi -- in purely searchable terms using cs is probably too diminutive and wmcs will be more searchable and unique across contexts.
Comment Actions
Let's do wmcs-roots. WMCS is our official short form written name for Wikimedia Cloud Services. Cookie licking cloud will make somebody mad at some point down the road.
Comment Actions
Change 346838 merged by Rush:
[operations/puppet@production] admin: add a group for cloud services roots (wmcs-roots)
Comment Actions
Change 347400 merged by Rush:
[operations/puppet@production] admin: add bd808 to wmcs-roots
Comment Actions
Change 423960 had a related patch set uploaded (by BryanDavis; owner: Bryan Davis):
[operations/puppet@production] admin: Allow wmcs-roots access to role::labs::monitoring hosts
Comment Actions
Change 423960 merged by Andrew Bogott:
[operations/puppet@production] admin: Allow wmcs-roots access to role::labs::monitoring hosts