Page MenuHomePhabricator

Requesting shell access and access to groups 'analytics-privatedata-users' and 'researchers' for katielin (katie)
Closed, ResolvedPublicRequest

Description

Hi, I need shell access as well as access to 'analytics-privatedata-users' and 'researchers' to work with fundraising analytics.

Username: katielin (on phabricator, katie on server)
Full name: Katie Lin

Public key:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5FwLyUfc5hYG83CGA7eXsIk1ZfvldzJEoYcxYRLycK1L2AXKxv6Hpk+D5zgVE3nrNSEhMSZBJFtLfBzqHOH96e3EdUQp12CqWnok5Y73piVofjKFm5Qi2HdTdDtnm4IuOOYsFVG82za5oE24lbqMR6qsJrxDpS/B6VbAcPRQ15p90sj/S0h0wWbxCzC6Zrmjdb/V1+VCNAw7Qflxg+GMA5XiCXdScnJIWQEEONJhmCEzhuZmg2cyY19FOJiKoyd2AD7lFRlLH0OQQCzDCMcKtCmz++NCuqd+agD9/ApFp0k8XsMhJvGPYt6x9BM/24JPyVL40TXU4N9X2In4+1iXX katielin@mbp15-2.local

Ops Clinic Duty Checklist for Access Requests

Most requirements are outlined on https://wikitech.wikimedia.org/wiki/Requesting_shell_access

This checklist should be used on all access requests to ensure that all steps are covered. This includes expansion to access. Please do not check off items on the list below unless you are in Ops and have confirmed the step.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform.
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponser for volunteers, manager for wmf staff)
  • - non-sudo requests: 3 business day wait must pass with no objections being noted on the task. Request filed on Saturday, 2016-02-17, and Monday is US holiday, so 3 day wait starts on Tuesday, ending on Thursday, 2018-02-22.
  • - Patchset for access request https://gerrit.wikimedia.org/r/#/c/412745/ & https://gerrit.wikimedia.org/r/#/c/412747/

Event Timeline

katielin created this task.Feb 17 2018, 5:31 PM
Restricted Application added a project: Operations. · View Herald TranscriptFeb 17 2018, 5:31 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
RobH triaged this task as Normal priority.Feb 19 2018, 5:50 PM
RobH updated the task description. (Show Details)
RobH updated the task description. (Show Details)Feb 19 2018, 5:52 PM

@katielin:

In reviewing the checklist, it seems we're going to need a few more items from you. In checking on the WMF legal NDA sheet, it seems they are still pending the acknowledgement of the NDA from you. We cannot actually grant any kind of shell access until after this NDA acknowledgement is on file with WMF legal.

We typically also have a WMF staff sponsor sign off. In reviewing the other shell users in the CPS section of the NDA confirmation sheet, it seems those other users have @MeganHernandez_WMF as their sponsoree, so just pinging her on this task so she can confirm that I should list her on your account as well.

I've checked off that the request is explained, as the access you are requesting seems identical to the other CPS folks working with shell access.

RobH updated the task description. (Show Details)Feb 19 2018, 5:58 PM

Change 412745 had a related patch set uploaded (by RobH; owner: RobH):
[operations/puppet@production] new shell user katie lin

https://gerrit.wikimedia.org/r/412745

Change 412747 had a related patch set uploaded (by RobH; owner: RobH):
[operations/puppet@production] adding shell user katie to groups

https://gerrit.wikimedia.org/r/412747

RobH updated the task description. (Show Details)Feb 19 2018, 6:05 PM
RobH assigned this task to katielin.Feb 20 2018, 12:09 AM

Assigning to @katielin until nda signing is complete. Once done, feel free to reassign to no one, and our ops clinic duty weekly rotation will pick it back up. (I'm on clinic duty this week.)

RobH updated the task description. (Show Details)Feb 20 2018, 12:10 AM
Jgreen added a parent task: Restricted Task.Feb 20 2018, 8:50 PM
RobH changed the task status from Open to Stalled.Feb 22 2018, 4:01 PM

This has now sat without feedback since Monday. Please note the following steps must be met for this to be processed:

  • - NDA with WMF legal must be filed
  • - signoff of WMF sponsor, perhaps @MeganHernandez_WMF
  • - 3 day wait AFTER the above have been done.

I'm setting this to stalled, pending user feedback. If there is no user feedback within a few business days, we're likely going to decline this task. (If it is declined, it can be reopened once feedback has been provided.)

Is the NDA the "Acknowledgement of Confidential Information" document? I was contacted a few weeks ago by Rachel Stallman from the legal team and signed this a few weeks ago. If helpful, the other signature is Jacob Rogers.

@RStallman-legalteam: Can you confirm receipt of the NDA? The google sheet still advises it is pending.

Jgreen added a subscriber: Jgreen.Feb 23 2018, 7:27 PM

I did phone verification for the SSH key Katie provided on this task, with the phone number of record that CPS provided.

Sorry for not updating the spreadsheet sooner! Yes, the Acknowledgement is signed and on file.

So the only thing we lack is a WMF staff person to sponsor the request. It seems the other folks in that team work with Megan, so I'm assigning this task to her for feedback.

RobH changed the task status from Stalled to Open.Feb 23 2018, 8:20 PM
RobH updated the task description. (Show Details)
Dzahn added a subscriber: Dzahn.Mar 5 2018, 11:36 PM

@MeganHernandez_WMF Can you confirm that you "sponsor" Katielin in getting this access?

RobH added a comment.Mar 8 2018, 7:21 PM

So I've emailed @MeganHernandez_WMF on 2018-02-23 & 2018-03-07, but have not gotten any replies.

@katielin: Do you have a WMF staff person you work with closely we can have sponsor you?

katielin added a subscriber: jrobell.

@jrobell - could you sponsor the request? Thank you!

RobH added a comment.Mar 15 2018, 4:38 PM

Sorry for the delay in getting back to this. I got an answer back from @MeganHernandez_WMF on March8th in my inbox. (Unfortunately, since it wasn't via the task, it was neglected until today.)

Since we have that, I'll rebase and merge access live.

Change 412745 merged by RobH:
[operations/puppet@production] new shell user katie lin

https://gerrit.wikimedia.org/r/412745

Change 412747 merged by RobH:
[operations/puppet@production] adding shell user katie to groups

https://gerrit.wikimedia.org/r/412747

RobH closed this task as Resolved.Mar 15 2018, 4:46 PM
RobH removed jrobell as the assignee of this task.
RobH claimed this task.
RobH updated the task description. (Show Details)
RobH removed a project: Patch-For-Review.

@katielin: Your shell access is now live. I'd give it about 30 minutes for all affected hosts to call in for the update. Then you should be able to login normally. if you have any issues or problems with your initial access, please feel free to reopen this task.