Requesting access to deployment for Lucas Werkmeister
Closed, ResolvedPublicRequest

Description

Username: lucaswerkmeister-wmde
Full name: Lucas Werkmeister
Email address: lucas.werkmeister@wikimedia.de or mail@lucaswerkmeister.de (the latter is more likely to reach me off time)
Public key: P6884 (generated for T190415, corresponding private key never left my system as far as I’m aware)

Now that I’m a full-time WMDE employee, I’d like to start helping out with some deployments (e. g. config changes), as well as being able to debug production issues (random example from today: T208488).

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform.
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponser for volunteers, manager for wmf staff)
  • - sudo requests: all sudo requests require explicit approval during the weekly operations team meeting. No sudo requests will be approved outside of those meetings without the direct override of the Director of Operations. - T208518#4723745
  • - Patchset for access request
Restricted Application added a project: Operations. · View Herald TranscriptNov 1 2018, 4:37 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Addshore triaged this task as Normal priority.
ema updated the task description. (Show Details)Nov 2 2018, 2:06 PM
ema updated the task description. (Show Details)Nov 5 2018, 10:57 AM
ema updated the task description. (Show Details)Nov 5 2018, 11:09 AM
ema added a subscriber: ema.Nov 5 2018, 11:11 AM

We need manager approval and SRE meeting review.

Approval from my WMDE manager or a WMF sponsor?

Approval from my WMDE manager or a WMF sponsor?

In the past I believe we have kind of needed both.
I just pinged @WMDE-leszek to come and approve from our side.

As an engineering manager at WMDE, I hereby approve this request.

ema added a comment.Nov 5 2018, 11:37 AM

Approval from my WMDE manager or a WMF sponsor?

In the past I believe we have kind of needed both.

Yes, my understanding is that both are needed.

Let me get this sorted then. Thanks!

Mvolz awarded a token.Nov 5 2018, 7:36 PM

@greg would you weigh in on deployment group permissions?

ema added a subscriber: RobH.Nov 6 2018, 9:47 AM

This request was approved during the SRE meeting that took place yesterday, 2018-11-05. CC: @RobH

greg added a comment.Nov 6 2018, 5:52 PM

I approve this addition. Please do read and ask questions about https://wikitech.wikimedia.org/wiki/How_to_deploy_code. And get @Addshore to walk you through a real life example :)

Addshore updated the task description. (Show Details)Nov 6 2018, 5:58 PM

Change 472016 had a related patch set uploaded (by Addshore; owner: Addshore):
[operations/puppet@production] admin: add shell account for Lucas Werkmeister

https://gerrit.wikimedia.org/r/472016

colewhite claimed this task.Nov 6 2018, 8:32 PM

Change 472016 merged by Cwhite:
[operations/puppet@production] admin: add shell account for Lucas Werkmeister

https://gerrit.wikimedia.org/r/472016

colewhite closed this task as Resolved.Nov 6 2018, 8:36 PM
colewhite updated the task description. (Show Details)

SSH access works, thank you :)

Ah, but I don’t have +2 rights in operations/mediawiki-config yet, so I can’t merge config changes that I would like to deploy (example). Should I request that separately somewhere?

Dzahn reopened this task as Open.Nov 8 2018, 10:38 PM
Dzahn added a subscriber: Dzahn.Nov 8 2018, 10:41 PM

17:37 < mutante> !log gerrit - adding Lucas Werkmeister (WMDE) to 'wmf-deployment' group for +2 on mw-config for T208518 access request

@Lucas_Werkmeister_WMDE ^ I saw you have 2 users on Gerrit, i added the (WMDE) official one.

Yes, that’s the right one, my private Gerrit account (and corresponding Phabricator account, @LucasWerkmeister) is only used occasionally. Thanks!