Release Engineering has routinely needed root access on contint1001 during Pacific hours when @hashar is unavailable, and this need has only grown recently with continuing pipeline work.
I, @dduvall, nominate that @thcipriani be granted root on contint1001 as he is obscenely security minded and has the most careful and dutiful "enter" finger I have ever encountered. Thank you for your consideration.
Ops Clinic Duty Checklist for Access Requests
Most requirements are outlined on https://wikitech.wikimedia.org/wiki/Requesting_shell_access
This checklist should be used on all access requests to ensure that all steps are covered. This includes expansion to access. Please do not check off items on the list below unless you are in Ops and have confirmed the step.
- - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document. - signed Feb 12 2015, 22:44
- - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
- - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform. - existing account, don't need this a second time.
- - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.) - paranoid check of the cloud key and production show they are indeed different
- - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
- - sudo requests: all sudo requests require explicit approval during the weekly operations team meeting. No sudo requests will be approved outside of those meetings without the direct override of the Director of Operations.
- - Patchset for access request