Page MenuHomePhabricator
Create Task
Maniphest T197857

Add @pmiazga @Niedzielski and @phuedx to the deploy-service group
Closed, ResolvedPublic
Actions

Description

@pmiazga, @Niedzielski and @phuedx will be the owners of the Proton PDF render. As such, they need to be in the deploy-service group. Note this constitutes a sudo request, since Scap ran by users in this group can start/stop services.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Add niedzielski, pmiazga and phuedx to deploy-serviceoperations/puppetproduction+2 -1
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedovasilevaT181079 [GOAL] Provide an expanded reading experience by improving the ways that users can download articles of interest for later consumption
 ResolvedNoneT181084 [EPIC] Deploy the mediawiki-services-chromium-render service (Proton)
 ResolvedBawolffT177765 Security review of mediawiki-services-chromium-render
 ResolvedphuedxT178071 [EPIC] Complete the First Deployment tutorial/checklist for the trial render service
 Resolved mobrovacT178168 Scap3ize the deploy repository
 Resolved mobrovacT178172 Create Puppet role and profile
 ResolvedphuedxT181118 [EPIC] Build a Chromium-based PDF renderer service
 ResolvedJdrewniakT179552 Set up Jenkins for chromium-render repository
 ResolvedphuedxT180601 Add logging to the mediawiki-services-chromium-render service
 ResolvedphuedxT180626 [Spike 8hr] How should we limit resources used by chromium render service?
 ResolvedphuedxT178278 Performance test the service
 ResolvedphuedxT178501 Limit resources used by Chromium in order to make the chromium-render service ready for production
 DeclinedNoneT178186 Update Node.js version/dependencies in package.json
 Resolved bmansurovT176627 Trial replacing Electron with headless Chromium in the render service
 Resolved mobrovacT180800 Update to service-template-node v0.5.3
 ResolvedovasilevaT180604 Chromium render keeps tasks in the queue even browser connection is lost
 InvalidNoneT183161 Performance test books on chromium rendering service
 ResolvedJdlrobsonT184609 [4hrs] Document the service
 ResolvedphuedxT189307 Instrument the Proton service to match mediawiki-services-electron-render
 ResolvedphuedxT181097 Update puppeteer regularly
 Resolved holger.knustT210651 Switch all PDF render traffic to new Proton service
 ResolvedTgrT213362 Limit what URLs Proton can access
 ResolvedjijikiT226675 Undeploy electron service from WMF production
 ResolvedMSantosT226677 Expand RESTBase public PDF rendering API to support additional options supported by Proton
 Resolved mobrovacT197862 Increase the CPU count for proton[12]00[12]
 ResolvedovasilevaT210793 Verify that PDFs generated by Proton service are correct
 ResolvedphuedxT210652 Handoff Proton service to Reading Infrastructure
 DeclinedpmiazgaT211375 Rename chromium-render gerrit project to Proton
 ResolvedDzahnT211382 Requesting access to Proton for pmiazga, bearND, Mholloway, MSantos, Tgr
 ResolvedpmiazgaT213363 Fix or clarify Proton Puppeteer sandboxing and SSL settings
 Duplicate holger.knustT215557 Remove electron pdf endpoint backend in RESTBase
 ResolvedMSantosT213366 [2 hrs] Decide on handling system updates for Proton
 ResolvedTgrT217724 Investigate 2019-03-01 Proton incident
 ResolvedJohanT220648 Communications plan for Electron -> Proton switchover
 OpenNoneT158181 Aim for workflow equivalence for MediaWiki on desktop and mobile web
 ResolvedovasilevaT163472 [EPIC] Provide a way to download articles in PDF on the mobile website
 InvalidNoneT181513 Prepare for deploy of chromium rendering service and usage on mobile (traffic)
 Resolved mobrovacT186748 [EPIC] New service request: chromium-render/deploy
 ResolvedfaidonT197857 Add @pmiazga @Niedzielski and @phuedx to the deploy-service group

Event Timeline

mobrovac created this task.Jun 21 2018, 11:46 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 21 2018, 11:46 AM
mobrovac added a parent task: T186748: [EPIC] New service request: chromium-render/deploy.Jun 21 2018, 11:46 AM

@pmiazga, @Niedzielski and @phuedx, in order for this access to be granted, it needs to be approved by your respective managers. Please subscribe them and let them review the request.

gerritbot subscribed.Jun 21 2018, 11:51 AM

Change 441379 had a related patch set uploaded (by Mobrovac; owner: Mobrovac):
[operations/puppet@production] Add niedzielski, pmiazga and phuedx to deploy-service

https://gerrit.wikimedia.org/r/441379

gerritbot added a project: Patch-For-Review.Jun 21 2018, 11:51 AM
Niedzielski added a comment.Jun 21 2018, 12:04 PM

@mobrovac, @phuedx is my manager so good to go Thank you!

mobrovac added a comment.Jun 21 2018, 12:05 PM
In T197857#4305042, @Niedzielski wrote:

@mobrovac, @phuedx is my manager so good to go Thank you!

Euh, no, it's not, he needs to approve this request for you.

phuedx added a subscriber: dr0ptp4kt.EditedJun 21 2018, 12:11 PM

I approve this request for @Niedzielski and @pmiazga (I'm the Engineering Manager for Readers Web). @dr0ptp4kt will have to approve this request for me.

dr0ptp4kt added a comment.Jun 21 2018, 2:02 PM

Approved.

pmiazga added a comment.Jun 21 2018, 3:46 PM

@phuedx thanks for your approval.

RobH subscribed.Jun 21 2018, 6:37 PM

Just reviewing this as clinic duty this week, and this seems to be a deploy service, but doesn't list sudo rights in data.yaml. Does this include sudo rights deeper within the puppet code for this group, or does this group not act as any user other than the user's own?

RobH moved this task from Untriaged to In Discussion on the SRE-Access-Requests board.Jun 21 2018, 6:37 PM
Krenair subscribed.Jun 21 2018, 7:10 PM

I think that group is just trusted by keyholder or something?

RobH moved this task from In Discussion to Group Manager Approval Pending on the SRE-Access-Requests board.Jun 21 2018, 7:15 PM
mobrovac added a comment.Jun 21 2018, 9:52 PM

The users in the deploy-service group can sudo service (start|stop|restart) * on the target nodes, so it essentially is a sudo request.

RobH added a comment.Jun 21 2018, 10:47 PM

Thanks for feedback, duly noted and set in the proper column for SRE meeting review approval.

RobH triaged this task as Medium priority.Jun 22 2018, 3:44 PM
gerritbot added a comment.Jun 25 2018, 11:00 AM

Change 441379 merged by Alexandros Kosiaris:
[operations/puppet@production] Add niedzielski, pmiazga and phuedx to deploy-service

https://gerrit.wikimedia.org/r/441379

RobH added subscribers: mark, faidon.Jun 25 2018, 4:16 PM
In T197857#4311094, @gerritbot wrote:

Change 441379 merged by Alexandros Kosiaris:
[operations/puppet@production] Add niedzielski, pmiazga and phuedx to deploy-service

https://gerrit.wikimedia.org/r/441379

Was this reviewed/approved by either @mark or @faidon out of band of this task? (Just checking, since this normally is a sudo group requiring meeting or director approval.)

RobH added a comment.EditedJun 26 2018, 5:04 PM

I've emailed both @faidon and @mark for how to handle this, since it was merged without the meeting approval (at least as far as I can see.) This may have been discussed at the SRE offsite last week, which I did not attend, and it may have been approved there.

So with either @mark or @faidon's approval, we can leave this patchset merged/live and resolve this task.

faidon closed this task as Resolved.Jun 27 2018, 3:58 PM
faidon claimed this task.

Sure, that's fine :)

Vvjjkkii renamed this task from Add @pmiazga @Niedzielski and @phuedx to the deploy-service group to ajaaaaaaaa.Jul 1 2018, 1:02 AM
Vvjjkkii reopened this task as Open.
Vvjjkkii removed faidon as the assignee of this task.
Vvjjkkii raised the priority of this task from Medium to High.
Vvjjkkii added projects: CheckUser, Connected-Open-Heritage-Batch-uploads (RAÄ-KMB_1_2017-02), Tamil-Sites, Gamepress, Hashtags, Jade, KartoEditor, Language-2018-Apr-June, New-Editor-Experiences, Mail, TCB-Team (now WMDE-TechWish).
Vvjjkkii updated the task description. (Show Details)
Vvjjkkii removed subscribers: gerritbot, Aklapper.
mobrovac renamed this task from ajaaaaaaaa to Add @pmiazga @Niedzielski and @phuedx to the deploy-service group.Jul 1 2018, 10:46 AM
mobrovac closed this task as Resolved.
mobrovac claimed this task.
mobrovac lowered the priority of this task from High to Medium.
mobrovac removed projects: TCB-Team (now WMDE-TechWish), Mail, New-Editor-Experiences, Language-2018-Apr-June, KartoEditor, Jade, Hashtags, Gamepress, Tamil-Sites, Connected-Open-Heritage-Batch-uploads (RAÄ-KMB_1_2017-02), CheckUser, Patch-For-Review.
mobrovac updated the task description. (Show Details)
CommunityTechBot reassigned this task from mobrovac to faidon.Jul 5 2018, 7:04 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits