Page MenuHomePhabricator
Create Task
Maniphest T184190

Requesting access to Production SSH, statistics-privatedata-users, analytics-privatedata-users, perf-team for imarlier
Closed, ResolvedPublicRequest
Actions

Description

Username: imarlier
Full name: Ian Marlier
Public key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBBqDEqQ//bMfmytP77928v+HLf6+jscYeY8WvPrReLI imarlier@WMF2024.lan

I am requesting production shell access, and access to the groups statistics-privatedata-users analytics-privatedata-users, and perf-team. I'm the manager of the Performance team, and our work very regularly requires us to be able to access servers (in order to observe current conditions on hosts in production while debugging issues that are reported). Additionally, being able to access analytics data is often necessary in order to diagnose reported issues (particularly web request logs).

(At this point I'm not requesting access to perf-roots, but will likely need that at some point in the future.)

@VColeman is my supervisor and can approve. @Nuria probably needs to sign off on the analytics access as well.

operations clinic duty checklist

requirements of this list are on https://wikitech.wikimedia.org/wiki/Requesting_shell_access

(please don't check off items on this list unless you are in ops, thx!)

  • - confirm L3 signature of @Imarlier
  • - confirm NDA (all staff automatically have NDA due to hiring packets, volunteers must have NDA confirmed on file with WMF legal)
  • - get user's manager's approval on task
  • - confirm production ssh key isn't same as labs (via ldap lookup when pulling for uid)
  • - create/review patchset for access (easier to do this in two sets, first to add user, second to add groups) https://gerrit.wikimedia.org/r/#/c/402102/ & https://gerrit.wikimedia.org/r/#/c/402103/
  • - the patchset will include 'perf-team' which is a sudo group. This must be listed for ops meeting approval in the meeting on Monday, 2018-01-08.

Details

SubjectRepoBranchLines +/-
adding imarlier to groupsoperations/puppetproduction+3 -3
adding shell user imarlieroperations/puppetproduction+10 -5
adding imarlier to groupsoperations/puppetproduction+3 -3
Customize query in gerrit

Event Timeline

Imarlier created this task.Jan 4 2018, 3:26 PM
Restricted Application added a project: SRE. · View Herald TranscriptJan 4 2018, 3:26 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Imarlier renamed this task from Requesting access to Production SSH, statistics-privatedata-users, analytics-privatedata-users for imarlier to Requesting access to Production SSH, statistics-privatedata-users, analytics-privatedata-users, perf-team for imarlier.Jan 4 2018, 3:32 PM
Imarlier updated the task description. (Show Details)
Nuria added a comment.Jan 4 2018, 3:49 PM

Approved

Framawiki subscribed.Jan 4 2018, 7:15 PM
RobH triaged this task as Medium priority.Jan 4 2018, 7:31 PM
RobH updated the task description. (Show Details)
RobH updated the task description. (Show Details)
gerritbot subscribed.Jan 4 2018, 7:38 PM

Change 402102 had a related patch set uploaded (by RobH; owner: RobH):
[operations/puppet@production] adding shell user imarlier

https://gerrit.wikimedia.org/r/402102

gerritbot added a project: Patch-For-Review.Jan 4 2018, 7:38 PM
gerritbot added a comment.Jan 4 2018, 7:41 PM

Change 402103 had a related patch set uploaded (by RobH; owner: RobH):
[operations/puppet@production] adding imarlier to groups

https://gerrit.wikimedia.org/r/402103

RobH updated the task description. (Show Details)Jan 4 2018, 7:42 PM
RobH subscribed.Jan 4 2018, 7:46 PM

I've updated the task description with the checklist of required items. We're just pending @VColeman's approval on task for new shell access of her direct report, and the approval of the sudo group when the ops meeting happens next Monday.

I'll be on clinic duty next week, so I'll likely be assisting then to get the above patchsets merged (pending those approvals).

Imarlier added a comment.Jan 4 2018, 7:51 PM

Awesome -- thanks, Rob!

RobH moved this task from Untriaged to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.Jan 4 2018, 9:14 PM
VColeman claimed this task.Jan 6 2018, 12:30 AM

approved

RobH moved this task from Manager/NDA Approval/Confirmation to Group Manager Approval Pending on the SRE-Access-Requests board.Jan 8 2018, 4:10 PM
RobH added a comment.EditedJan 8 2018, 6:00 PM

Please note this was approved in the ops meeting. I'm on ops clinic duty this week, so I'll process this shortly!

gerritbot added a comment.Jan 9 2018, 1:22 AM

Change 402103 merged by RobH:
[operations/puppet@production] adding imarlier to groups

https://gerrit.wikimedia.org/r/402103

RobH closed this task as Resolved.Jan 9 2018, 1:44 AM

This is merged live, and affected servers will call in within 30 minutes or so to receive the updates. Resolving task. If there are any issues, please feel free to reopen.

RobH updated the task description. (Show Details)Jan 9 2018, 1:44 AM
RobH removed a project: Patch-For-Review.
RobH reopened this task as Open.Jan 9 2018, 1:50 AM
In T184190#3885368, @RobH wrote:

This is merged live, and affected servers will call in within 30 minutes or so to receive the updates. Resolving task. If there are any issues, please feel free to reopen.

The change broke things, and I reverted it since its late on a Monday. I'll re-investigate tomorrow and work on getting this access live.

gerritbot added a comment.Jan 9 2018, 4:45 PM

Change 402102 merged by RobH:
[operations/puppet@production] adding shell user imarlier

https://gerrit.wikimedia.org/r/402102

gerritbot added a comment.Jan 9 2018, 4:50 PM

Change 403196 had a related patch set uploaded (by RobH; owner: RobH):
[operations/puppet@production] adding imarlier to groups

https://gerrit.wikimedia.org/r/403196

gerritbot added a project: Patch-For-Review.Jan 9 2018, 4:50 PM

Change 403196 merged by RobH:
[operations/puppet@production] adding imarlier to groups

https://gerrit.wikimedia.org/r/403196

RobH closed this task as Resolved.Jan 9 2018, 4:58 PM

I shouldn't merge changes at the end of my workday. I had 2 patches ready, one to add user, and one to add the user to groups. I merged the latter first, and broke things, and reverted last evening.

Now I just merged in the user and the group addition live. Re-resolving!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits