Page MenuHomePhabricator

Request access to analytics cluster for bawolff
Closed, ResolvedPublic

Description

Hi all,

I would like access to the analytics cluster. On the basis of that in the event of a security incident, the analytics cluster would probably have useful information to figure out what happened.

I believe the groups I'm asking to be added to are:

  • analytics-privatedata-users
  • statistics-privatedata-users

I already have shell access. My manager is @EBjune and I believe she supports this request.

Ops Clinic Duty Checklist

This checklist should be used on all access requests to ensure that all steps are covered. This includes expansion to access.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document. (@Bawolff signed on Jul 3 2016, 17:42)
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet. All staff have an NDA.)
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform. USER ALREADY HAS SHELL ACCOUNT
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.) USER ALREADY HAS SHELL ACCOUNT
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponser for volunteers, manager for wmf staff)
  • - non-sudo requests: 3 business day wait must pass with no objections being noted on the task - 3 day wait for objection ends on 2018-01-15.
  • - merge patchset https://gerrit.wikimedia.org/r/403430

Event Timeline

Bawolff created this task.Jan 10 2018, 7:55 AM
Restricted Application added a project: Operations. · View Herald TranscriptJan 10 2018, 7:55 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Bawolff updated the task description. (Show Details)Jan 10 2018, 2:38 PM
RobH triaged this task as Medium priority.Jan 10 2018, 4:45 PM
RobH updated the task description. (Show Details)

Change 403430 had a related patch set uploaded (by RobH; owner: RobH):
[operations/puppet@production] Add bawolff to additional groups

https://gerrit.wikimedia.org/r/403430

RobH updated the task description. (Show Details)Jan 10 2018, 4:56 PM
RobH updated the task description. (Show Details)Jan 10 2018, 4:59 PM
RobH added a subscriber: RobH.Jan 10 2018, 5:02 PM

@EBjune: Please comment with your approval of this expansion of access rights (as @Bawolff's manager.)

Thanks!

@RobH I approve of @Bawolff's expansion of access rights for the analytics cluster, thank you!

RobH updated the task description. (Show Details)Jan 10 2018, 7:11 PM
RobH moved this task from Untriaged to 3 Business Day Wait on the SRE-Access-Requests board.
RobH updated the task description. (Show Details)Jan 11 2018, 1:22 AM
RobH updated the task description. (Show Details)Jan 11 2018, 4:26 PM

I believe just analytics-privatedata-users would be appropriate for this access.

Change 403430 merged by RobH:
[operations/puppet@production] Add bawolff to additional groups

https://gerrit.wikimedia.org/r/403430

RobH closed this task as Resolved.Jan 16 2018, 5:11 PM
RobH claimed this task.

Per @Ottomata's update, I revised the patchset to only include analytics-privatedata-users and it has been merged live.

238482n375 set Security to Software security bug.Jun 15 2018, 8:07 AM
238482n375 changed the visibility from "Public (No Login Required)" to "Custom Policy".
This comment was removed by Legoktm.
Legoktm assigned this task to RobH.Jun 15 2018, 10:41 AM
Legoktm raised the priority of this task from Lowest to Medium.
Legoktm changed the visibility from "Custom Policy" to "Public (No Login Required)".
Legoktm removed a subscriber: 238482n375.
Restricted Application added a project: acl*security. · View Herald TranscriptJun 15 2018, 10:41 AM
Legoktm added a subscriber: Legoktm.