Page MenuHomePhabricator
Create Task
Maniphest T184582

Request access to analytics cluster for bawolff
Closed, ResolvedPublic
Actions

Description

Hi all,

I would like access to the analytics cluster. On the basis of that in the event of a security incident, the analytics cluster would probably have useful information to figure out what happened.

I believe the groups I'm asking to be added to are:

  • analytics-privatedata-users
  • statistics-privatedata-users

I already have shell access. My manager is @EBjune and I believe she supports this request.

Ops Clinic Duty Checklist

This checklist should be used on all access requests to ensure that all steps are covered. This includes expansion to access.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document. (@Bawolff signed on Jul 3 2016, 17:42)
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet. All staff have an NDA.)
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform. USER ALREADY HAS SHELL ACCOUNT
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.) USER ALREADY HAS SHELL ACCOUNT
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponser for volunteers, manager for wmf staff)
  • - non-sudo requests: 3 business day wait must pass with no objections being noted on the task - 3 day wait for objection ends on 2018-01-15.
  • - merge patchset https://gerrit.wikimedia.org/r/403430

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Add bawolff to additional groupsoperations/puppetproduction+1 -1
Customize query in gerrit

Event Timeline

Bawolff created this task.Jan 10 2018, 7:55 AM
Restricted Application added a project: SRE. · View Herald TranscriptJan 10 2018, 7:55 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Bawolff updated the task description. (Show Details)Jan 10 2018, 2:38 PM
RobH triaged this task as Medium priority.Jan 10 2018, 4:45 PM
RobH updated the task description. (Show Details)
gerritbot subscribed.Jan 10 2018, 4:52 PM

Change 403430 had a related patch set uploaded (by RobH; owner: RobH):
[operations/puppet@production] Add bawolff to additional groups

https://gerrit.wikimedia.org/r/403430

gerritbot added a project: Patch-For-Review.Jan 10 2018, 4:52 PM
RobH updated the task description. (Show Details)Jan 10 2018, 4:56 PM
RobH updated the task description. (Show Details)Jan 10 2018, 4:59 PM
RobH subscribed.Jan 10 2018, 5:02 PM

@EBjune: Please comment with your approval of this expansion of access rights (as @Bawolff's manager.)

Thanks!

EBjune added a comment.Jan 10 2018, 6:50 PM

@RobH I approve of @Bawolff's expansion of access rights for the analytics cluster, thank you!

RobH updated the task description. (Show Details)Jan 10 2018, 7:11 PM
RobH moved this task from Untriaged to 3 Business Day Wait on the SRE-Access-Requests board.
RobH updated the task description. (Show Details)Jan 11 2018, 1:22 AM
RobH updated the task description. (Show Details)Jan 11 2018, 4:26 PM
Ottomata subscribed.Jan 16 2018, 5:01 PM

I believe just analytics-privatedata-users would be appropriate for this access.

gerritbot added a comment.Jan 16 2018, 5:10 PM

Change 403430 merged by RobH:
[operations/puppet@production] Add bawolff to additional groups

https://gerrit.wikimedia.org/r/403430

RobH closed this task as Resolved.Jan 16 2018, 5:11 PM
RobH claimed this task.

Per @Ottomata's update, I revised the patchset to only include analytics-privatedata-users and it has been merged live.

Bawolff added a comment.Jan 17 2018, 3:55 PM

Thankyou

238482n375 removed RobH as the assignee of this task.Jun 15 2018, 8:03 AM
238482n375 lowered the priority of this task from Medium to Lowest.
238482n375 moved this task from Next Up to In Code Review on the Analytics-Kanban board.
238482n375 added projects: Analytics-Kanban, acl*security, Wikimedia-VE-Campaigns (S2-2018), Scap (Scap3-Adoption-Phase2), AbuseFilter, Data-release, Hashtags, LabsDB-Auditor, Ladies-That-FOSS-MediaWiki, Language-2018-Apr-June, Language-2018-Jan-Mar, HHVM, HAWelcome.
238482n375 edited subscribers, added: 238482n375; removed: Aklapper.
This comment was removed by Legoktm.
238482n375 set Security to Software security bug.Jun 15 2018, 8:07 AM
238482n375 changed the visibility from "Public (No Login Required)" to "Custom Policy".
This comment was removed by Legoktm.
Legoktm assigned this task to RobH.Jun 15 2018, 10:41 AM
Legoktm raised the priority of this task from Lowest to Medium.
Legoktm removed projects: HAWelcome, HHVM, Language-2018-Jan-Mar, Language-2018-Apr-June, Ladies-That-FOSS-MediaWiki, LabsDB-Auditor, Hashtags, Data-release, AbuseFilter, Scap (Scap3-Adoption-Phase2), Wikimedia-VE-Campaigns (S2-2018), acl*security, Analytics-Kanban.
Legoktm changed the visibility from "Custom Policy" to "Public (No Login Required)".
Legoktm removed a subscriber: 238482n375.
Restricted Application added a project: acl*security. · View Herald TranscriptJun 15 2018, 10:41 AM
Legoktm removed a project: acl*security.Jun 15 2018, 10:42 AM
Legoktm subscribed.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits