Maniphest T204790

nathante/groceryheist shell request for researchers, statistics-privatedata-users, analytics-privatedata-users
Closed, ResolvedPublicRequest
Actions

Assigned To

Authored By

	Groceryheist
	Sep 19 2018, 12:36 AM

Description

Username: nathante
Full name: Nathan TeBlunthuis

pubkey:

id_rsa_wmfprod.pub402 BDownload

I need access to the following groups

researchers, 
statistics-privatedata-users
analytics-privatedata-users,

for the purpose of accessing

EventLogging data (on Hadoop and MariaDB),
webrequest and pageview_hourly (on Hadoop),
SWAP.

in order to carry out my work on reader behavior analytics
with Tilman and Olga

SRE Clinic Duty Checklist for Access Requests

Most requirements are outlined on https://wikitech.wikimedia.org/wiki/Requesting_shell_access

This checklist should be used on all access requests to ensure that all steps are covered. This includes expansion to access. Please do not check off items on the list below unless you are in Ops and have confirmed the step.

- User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
- User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
- User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform.
- User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.)
- access request (or expansion) has sign off of WMF sponsor/manager (sponser for volunteers, manager for wmf staff)
- non-sudo requests: 3 business day wait must pass with no objections being noted on the task
- Patchset for access request https://gerrit.wikimedia.org/r/461760 & https://gerrit.wikimedia.org/r/461761

Details

	Subject	Repo	Branch	Lines +/-
	adding nathante to groups	operations/puppet	production	+3 -3
	adding shell user nathante	operations/puppet	production	+11 -0

Customize query in gerrit

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Resolved	Request	Groceryheist	T204790 nathante/groceryheist shell request for researchers, statistics-privatedata-users, analytics-privatedata-users
		Resolved		• MoritzMuehlenhoff	T205454 LDAP Access request for Nathan TeBlunthuis (groceryheist / nathante)

Event Timeline

Groceryheist created this task.Sep 19 2018, 12:36 AM

Restricted Application added a project: SRE. · View Herald TranscriptSep 19 2018, 12:36 AM

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

Seconding this request:
@Groceryheist will be working with @ovasileva and myself on this project under a WMF contract, doing research on understanding reader behavior, focused on ReadingDepth EventLogging data (in combination with data from webrequest and pageview_hourly).
The three access groups listed in the task are what we have determined as necessary for this work (per https://wikitech.wikimedia.org/wiki/Analytics/Data_access#Access_Groups and https://wikitech.wikimedia.org/wiki/SWAP#Access ).

RobH renamed this task from Requesting access to researchers, statistics-privatedata,users, analytics-privatedata-users for groceryheist to nathante shell request for access to researchers, statistics-privatedata,users, analytics-privatedata-users for groceryheist.Sep 19 2018, 7:30 PM

RobH renamed this task from nathante shell request for access to researchers, statistics-privatedata,users, analytics-privatedata-users for groceryheist to nathante/groceryheist shell request for researchers, statistics-privatedata,users, analytics-privatedata-users.

RobH triaged this task as Medium priority.

RobH updated the task description. (Show Details)

RobH renamed this task from nathante/groceryheist shell request for researchers, statistics-privatedata,users, analytics-privatedata-users to nathante/groceryheist shell request for researchers, statistics-privatedata-users, analytics-privatedata-users.Sep 19 2018, 7:34 PM

RobH updated the task description. (Show Details)

Ok, trying to figure out who did what via task history is a bit confusing, so I'll just be posting via comment what I also update via task description:

i cleaned up the task description a bit and added in the checklist
@Groceryheist has provided the shell name, what groups are needed, and a public ssh key, as well as signing the L3

*@Tbayer is the WMF sponsor of this request

Things we still need from folks:

@Tbayer: Can you provide the contract details, specifically an end date? We add contract users with an expiry date and notification of expiry. So I plan to list you as that notification, and need an end date for check in. (Access expiry can be extended.)

@Tbayer or @Groceryheist: We (SRE Clinic Duty) needs to confirm an NDA is on file with WMF Legal. I've checked the WMF legal gsheet for @groceryheists (Nathan TeBlunthuis) but don't see a listing. Perhaps this NDA is covered under some contractor details? Typically we ask @RStallman-legalteam to confirm NDA status.

None of the groups detailed https://wikitech.wikimedia.org/wiki/Analytics/Data_access#Access_Groups seem to require sudo, so this has a 3 business day wait. We'll need to have all of the rest of the requirements met (NDA confirmation, and details for expiry date.)

I'm going to assign this back to @Groceryheist so its clear that this is awaiting the user input above. I could assign to Tilman, but since this is Nathan's access request it makes more sense to assign back to them for followup on the above. Once the above is addressed, simply set this task back to noone assigned to it and it will be picked back up by SRE clinic duty (this week that is me.)

If there are any questions, please don't hesitate to ask either on this task, or via irc (I'm on freenode as robh.)

Here's the contract that I signed and sent to @ovasileva : REMOVED
It includes a "Contractor Confidentiality Agreement. Is this the NDA we are looking for?
Per the contract, the end date is November 16th 2018.

@Groceryheist: That seems to be what is needed, but the main thing I need is confirmation from WMF legal that they have the signed copy on file.

@RStallman-legalteam: Can you provide the confirmation of NDA for Nathan TeBlunthuis? (He has already provided the signed contract in this task, but I know the important part for the SRE team is WMF legal confirmation.)

I forgot to note, thank you for the expiry date info, so the only thing we need is WMF legal confirmation and I'll go ahead and prepare the patchsets.

As long as no objections are noted (and wmf legal confirmation of nda), we can merge your access live on Monday, September 24th, 2018.

RobH reassigned this task from Groceryheist to RStallman-legalteam.Sep 19 2018, 8:00 PM

@RobH: Great. Thanks!

I've emailed @RStallman-legalteam directly requesting nda on file confirmation. (Just echoing here so folks know what is going on.)

Confirming for legal that the contract is enough. No need to sign an additional NDA. I'll add Nathan to the shared spreadsheet and note the contract dates. Thanks!

RobH removed RStallman-legalteam as the assignee of this task.Sep 20 2018, 8:36 PM

RobH moved this task from Manager/NDA Approval/Confirmation to 3 Business Day Wait on the SRE-Access-Requests board.

RobH updated the task description. (Show Details)

Change 461760 had a related patch set uploaded (by RobH; owner: RobH):
[operations/puppet@production] adding shell user nathante

https://gerrit.wikimedia.org/r/461760

gerritbot added a project: Patch-For-Review.Sep 20 2018, 8:41 PM

Change 461761 had a related patch set uploaded (by RobH; owner: RobH):
[operations/puppet@production] adding nathante to groups

https://gerrit.wikimedia.org/r/461761

RobH updated the task description. (Show Details)Sep 20 2018, 8:44 PM

RobH removed a subscriber: RStallman-legalteam.

Change 461760 merged by RobH:
[operations/puppet@production] adding shell user nathante

https://gerrit.wikimedia.org/r/461760

Change 461761 merged by RobH:
[operations/puppet@production] adding nathante to groups

https://gerrit.wikimedia.org/r/461761

No objections noted, this has been merged live. Please note it can take up to 30 minutes for the affected systems to call in for the update.

If there are any issues, feel free to reopen this task.

I still don't have access to SWAP. I understand that I need to be added to the nda LDAP group.

Reedy renamed this task from nathante/groceryheist shell request for researchers, statistics-privatedata-users, analytics-privatedata-users to nathante/groceryheist shell request for researchers, statistics-privatedata-users, analytics-privatedata-users.Sep 25 2018, 4:13 PM