Page MenuHomePhabricator
Create Task
Maniphest T196566

Requesting deployment access for jforrester
Closed, ResolvedPublic
Actions

Description

Username: jforrester
Full name: James Forrester

As part of my work with RI, I'll be needed to help deploy patches to production, including services. I believe that to do this I would need to be added to the deployers, deploy-service, and mobileapps-admin groups.

SRE Clinic Duty Checklist for Access Requests

Most requirements are outlined on https://wikitech.wikimedia.org/wiki/Requesting_shell_access

This checklist should be used on all access requests to ensure that all steps are covered. This includes expansion to access. Please do not check off items on the list below unless you are in Ops and have confirmed the step.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.) - EXISTING SHELL USER plus staff
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform.
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.) - EXISTING SHELL USER
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - addition to deployers has @greg's approval
  • - non-sudo requests: 3 business day wait must pass with no objections being noted on the task
  • - sudo requests: all sudo requests require explicit approval during the weekly operations team meeting. No sudo requests will be approved outside of those meetings without the direct override of the Director of Operations.
  • - Patchset for access request https://gerrit.wikimedia.org/r/#/c/437819/

Details

SubjectRepoBranchLines +/-
adds jforrester to deployment, deploy-service, & mobileapps-admin groupsoperations/puppetproduction+3 -3
Customize query in gerrit

Event Timeline

Jdforrester-WMF created this task.Jun 6 2018, 4:01 PM
Restricted Application added a project: SRE. · View Herald TranscriptJun 6 2018, 4:01 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
bearND subscribed.Jun 6 2018, 4:02 PM
RobH triaged this task as Medium priority.Jun 6 2018, 5:49 PM
RobH updated the task description. (Show Details)
RobH updated the task description. (Show Details)
RobH moved this task from Untriaged to Group Manager Approval Pending on the SRE-Access-Requests board.Jun 6 2018, 5:53 PM
RobH added subscribers: greg, RobH.

Any additions to deployers requires approval by both @greg (for RI) plus review in the SRE weekly meetings.

The other groups are also sudo groups, so they will also need approval in the SRE weekly meeting (on Monday.)

greg added a comment.Jun 6 2018, 6:04 PM

+1 (yay!)

RobH updated the task description. (Show Details)Jun 6 2018, 6:08 PM
Addshore awarded a token.Jun 6 2018, 7:48 PM
Addshore rescinded a token.
Addshore awarded a token.
RobH added a comment.Jun 6 2018, 8:20 PM

I forgot to note that @Jdforrester-WMF put 'deployers' but I assume he meant 'deployment'

gerritbot subscribed.Jun 6 2018, 8:22 PM

Change 437819 had a related patch set uploaded (by RobH; owner: RobH):
[operations/puppet@production] adds jforrester to deployment, deploy-service, & mobileapps-admin groups

https://gerrit.wikimedia.org/r/437819

gerritbot added a project: Patch-For-Review.Jun 6 2018, 8:22 PM
RobH updated the task description. (Show Details)Jun 6 2018, 8:22 PM
herron subscribed.Jun 11 2018, 5:05 PM

Hi @Jdforrester-WMF this was approved during todays SRE meeting pending manager signoff. Could you please coordinate that? A +1 here would be great, and once that's done we'll move forward with the patch. Thanks!

herron updated the task description. (Show Details)Jun 11 2018, 5:05 PM
Jdforrester-WMF added a comment.Jun 11 2018, 5:50 PM
In T196566#4273029, @herron wrote:

Hi @Jdforrester-WMF this was approved during todays SRE meeting pending manager signoff. Could you please coordinate that? A +1 here would be great, and once that's done we'll move forward with the patch. Thanks!

Oh, right. Will do.

Jdforrester-WMF moved this task from To Do to Blocked on the Product-Infrastructure-Team-Backlog-Deprecated (Kanban) board.Jun 11 2018, 6:41 PM
Tnegrin subscribed.Jun 11 2018, 6:45 PM

approved

Jdforrester-WMF moved this task from Blocked to Doing on the Product-Infrastructure-Team-Backlog-Deprecated (Kanban) board.Jun 11 2018, 7:19 PM
herron added a comment.Jun 12 2018, 8:28 PM

Thanks! Moving forward with the patch now.

herron updated the task description. (Show Details)Jun 12 2018, 8:29 PM
gerritbot added a comment.Jun 12 2018, 8:29 PM

Change 437819 merged by Herron:
[operations/puppet@production] adds jforrester to deployment, deploy-service, & mobileapps-admin groups

https://gerrit.wikimedia.org/r/437819

herron closed this task as Resolved.Jun 12 2018, 8:55 PM
herron claimed this task.

Access has been provisioned @Jdforrester-WMF

deploy1001:~$ id jforrester
uid=2417(jforrester) gid=500(wikidev) groups=500(wikidev),705(deployment),763(deploy-service)

scb2001:~$ id jforrester
uid=2417(jforrester) gid=500(wikidev) groups=500(wikidev),759(mobileapps-admin)

Please note it make take up to 30 minutes for this change to propagate out to all systems.

I'll transition this to resolved now, but please don't hesitate to re-open if any follow-up is needed. Thanks!

herron updated the task description. (Show Details)Jun 12 2018, 8:55 PM
Jdforrester-WMF added a comment.Jun 12 2018, 10:27 PM

Thank you! Confirmed that I can log into deploy1001 in production now.

Vvjjkkii renamed this task from Requesting deployment access for jforrester to 5ibaaaaaaa.Jul 1 2018, 1:05 AM
Vvjjkkii reopened this task as Open.
Vvjjkkii removed herron as the assignee of this task.
Vvjjkkii raised the priority of this task from Medium to High.
Vvjjkkii added projects: CheckUser, Connected-Open-Heritage-Batch-uploads (RAÄ-KMB_1_2017-02), Tamil-Sites, Gamepress, Hashtags, Jade, KartoEditor, Language-2018-Apr-June, New-Editor-Experiences, Mail, TCB-Team (now WMDE-TechWish).
Vvjjkkii updated the task description. (Show Details)
Vvjjkkii removed subscribers: gerritbot, Aklapper.
CommunityTechBot renamed this task from 5ibaaaaaaa to Requesting deployment access for jforrester.Jul 2 2018, 1:36 PM
CommunityTechBot closed this task as Resolved.
CommunityTechBot assigned this task to herron.
CommunityTechBot lowered the priority of this task from High to Medium.
CommunityTechBot updated the task description. (Show Details)
CommunityTechBot removed projects: TCB-Team (now WMDE-TechWish), Mail, New-Editor-Experiences, Language-2018-Apr-June, KartoEditor, Jade, Hashtags, Gamepress, Tamil-Sites, Connected-Open-Heritage-Batch-uploads (RAÄ-KMB_1_2017-02), CheckUser.
CommunityTechBot added subscribers: gerritbot, Aklapper.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL