Page MenuHomePhabricator
Create Task
Maniphest T217813

Grant root on MediaWiki maintenance hosts to perf-roots
Closed, ResolvedPublic
Actions

Description

Upon noticing error log spam coming from mwmaint1002 and looking at htop I realized I couldn't run

ls -laR /var/run/screen/

I was a bit surprised that perf-roots has root for appservers/jobrunners but not the maintenance hosts. It seems like that was an oversight.

Requesting: perf-roots be given sudo on mwmaint

Ops Clinic Duty Checklist for Access Requests

Most requirements are outlined on https://wikitech.wikimedia.org/wiki/Requesting_shell_access

This checklist should be used on all access requests to ensure that all steps are covered. This includes expansion to access. Please do not check off items on the list below unless you are in Ops and have confirmed the step.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform.)
  • - User has provided a public SSH key. ThtyMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - non-sudo requests: 3 business day wait must pass with no objections being noted on the task
  • - sudo requests: all sudo requests require explicit approval during the weekly operations team meeting. No sudo requests will be approved outside of those meetings without the direct override of the Director of Operations.
  • - Patchset for access request

Details

SubjectRepoBranchLines +/-
admin: add perf-roots to admin::groups for mwmaint*operations/puppetproduction+1 -0
admins: add perf-roots on mediawiki-maintenance serversoperations/puppetproduction+1 -0
Customize query in gerrit

Event Timeline

aaron created this task.Mar 7 2019, 1:07 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 7 2019, 1:07 AM
jbond updated the task description. (Show Details)Mar 7 2019, 10:52 AM
jbond updated the task description. (Show Details)
jbond updated the task description. (Show Details)Mar 7 2019, 10:54 AM
jbond added subscribers: kchapman, jbond.Mar 7 2019, 11:11 AM

@kchapman can you approve this request

Thanks

jbond triaged this task as Medium priority.Mar 7 2019, 11:12 AM
jbond moved this task from Untriaged to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.
Vgutierrez assigned this task to kchapman.Mar 11 2019, 10:53 AM
Vgutierrez subscribed.Mar 12 2019, 11:38 AM
Dzahn subscribed.Mar 15 2019, 12:24 PM

I agree it's almost like an oversight. perf-roots have root on appservers and mwmaint should count as a special kind of appserver imho. +1

gerritbot subscribed.Mar 15 2019, 12:26 PM

Change 496761 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] admins: add perf-roots on mediawiki-maintenance servers

https://gerrit.wikimedia.org/r/496761

gerritbot added a project: Patch-For-Review.Mar 15 2019, 12:26 PM
kchapman added a comment.Mar 19 2019, 9:40 PM

This is approved. Thanks!

gerritbot added a comment.Mar 20 2019, 6:56 PM

Change 497840 had a related patch set uploaded (by Effie Mouzeli; owner: Effie Mouzeli):
[operations/puppet@production] admin: add perf-roots to admin::groups for mwmaint*

https://gerrit.wikimedia.org/r/497840

gerritbot added a comment.Mar 21 2019, 9:10 AM

Change 496761 abandoned by Dzahn:
admins: add perf-roots on mediawiki-maintenance servers

Reason:
done by Effie in https://gerrit.wikimedia.org/r/c/operations/puppet/ /497840

https://gerrit.wikimedia.org/r/496761

jijiki updated the task description. (Show Details)Mar 21 2019, 11:30 AM
Dzahn claimed this task.Mar 22 2019, 3:36 PM

We will have this in our Monday SRE meeting and it can get merged once approved.

gerritbot added a comment.Mar 25 2019, 5:08 PM

Change 497840 merged by Dzahn:
[operations/puppet@production] admin: add perf-roots to admin::groups for mwmaint*

https://gerrit.wikimedia.org/r/497840

Dzahn closed this task as Resolved.Mar 25 2019, 5:22 PM
Dzahn updated the task description. (Show Details)

This request has been approved in today's SRE meeting and code is now merged.

perf-roots members now have shell access on mwmaint, verified on mwmaint1002.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL