Page MenuHomePhabricator

access request for Jeena Huneidi (deployment, conint-admins, contint-docker)
Closed, ResolvedPublicRequest

Description

Username: jhuneidi
Full name: Jeena Huneidi
LDAP/wikitech account: Jeena Huneidi

ssh key:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICqyqaNOZBSTQyIKQTLWpU4nI75ilgK78R7Rs7z26/SH jhuneidi@Jeenas-MacBook-Pro.local

I need access to the following groups

  • deployment
  • contint-admins
  • contint-docker

I am new to the Release Engineering team and intend to do deploys, CI maintenance, and work on the pipeline project.

SRE Clinic Duty Checklist for Access Requests

Most requirements are outlined on https://wikitech.wikimedia.org/wiki/Requesting_shell_access

This checklist should be used on all access requests to ensure that all steps are covered. This includes expansion to access. Please do not check off items on the list below unless you are in Ops and have confirmed the step.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform.
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponser for volunteers, manager for wmf staff)
  • - sudo requests: all sudo requests require explicit approval during the weekly operations team meeting. No sudo requests will be approved outside of those meetings without the direct override of the Director of Operations.
  • - Patchset for access request

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

I approve Jeena's addition to these groups.

RobH renamed this task from Requesting access to production hosts for Jeena Huneidi to access request for Jeena Huneidi (deployment, conint-admins, contint-docker).Nov 21 2018, 6:01 PM
RobH triaged this task as Medium priority.
RobH updated the task description. (Show Details)
RobH updated the task description. (Show Details)
RobH added a subscriber: RobH.

Please note that this is a sudo level request, and has to be approved during the weekly SRE meetings. Our next meeting is on Monday, 2018-11-26. I'll list this for review at that time.

As long as no objections are noted, it seems all other criteria have been met.

jcrespo added a subscriber: jcrespo.

Assuming this is approved today, I will be deploying the access soon afterwards.

This was approved with no objections, please allow me a few hours before deployment as it is the end of my day- this and T210028 should be done by tomorrow.

Change 475986 had a related patch set uploaded (by Jcrespo; owner: Jcrespo):
[operations/puppet@production] admin: Add access to Jeena Huneidi to the production cluster

https://gerrit.wikimedia.org/r/475986

Change 475986 merged by Jcrespo:
[operations/puppet@production] admin: Add Jeena Huneidi access to the production cluster

https://gerrit.wikimedia.org/r/475986

Notice: /Stage[main]/Admin/Admin::Hashuser[jhuneidi]/Admin::User[jhuneidi]/User[jhuneidi]/ensure: created

Please ping me when available to test connection and privileges.

jcrespo updated the task description. (Show Details)

Access request was tested, it was possible to loging to a bastion host, deployment host and to grafana, so this is done!