Page MenuHomePhabricator

analytics-wmde group addition for Lucas Werkmeister
Closed, ResolvedPublicRequest

Description

Username: lucaswerkmeister-wmde
Full name: Lucas Werkmeister
Public key: P6884 (originally generated for T190415, also used for T208518)
Reason: With @Addshore on vacation, it would be useful to have one more person at WMDE who can test and deploy changes to the analytics wmde scripts, for example for tasks like T216835/T218901/T218903.

I’m not sure what group I need to work with the analytics wmde scripts – analytics-wmde sounds like the obvious candidate, but as far as I can tell all the current WMDE employees with some analytics access have either both analytics-wmde and analytics-privatedata-users, or only analytics-privatedata-users, so perhaps analytics-wmde alone doesn’t make sense for some reason?

SRE Clinic Duty Checklist for Access Requests

Most requirements are outlined on https://wikitech.wikimedia.org/wiki/Requesting_shell_access

This checklist should be used on all access requests to ensure that all steps are covered. This includes expansion to access. Please do not check off items on the list below unless you are in Ops and have confirmed the step.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform. - existing shell user
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.) - existing shell user
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - 3 business day wait must pass with no objections being noted on the task
  • - group additions are approved by the manager/team that handles that service group. - currently suggested analytics-wmde group

Event Timeline

Restricted Application added a project: Operations. · View Herald TranscriptApr 4 2019, 10:40 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
RazShuty added a comment.EditedApr 4 2019, 10:43 AM

As the Engineering Manager of @Lucas_Werkmeister_WMDE I totally approve this request on my side and think it's super important for us as a team to not lose that while @Addshore is away.

I believe analytics-wmde is enough (as it gives you sudo on the analytics wmde users, but should be double checked if one can actually SSH into the machines with this.

RobH renamed this task from Requesting access to analytics machines for Lucas Werkmeister to analytics-wmde group addition for Lucas Werkmeister.Apr 4 2019, 3:49 PM
RobH triaged this task as Normal priority.
RobH updated the task description. (Show Details)
RobH added subscribers: Nuria, RobH.

The new policies for shell access have all group additions approved by their service owners. It is my understanding that @Nuria will be approving for any analytics group additions, so turfing this to them for review.

Please comment/approve/deny and if you'd like me to prepare the patchset (I'm on clinic duty) just assign back to me. Thanks!

PS: Please note the user is already a shell user, so adding them to the single group is pretty simple.

RobH assigned this task to Nuria.Apr 4 2019, 3:51 PM

@Nuria can you please take action? this would help a lot.

Nuria added a comment.Apr 12 2019, 3:58 PM

@RazShuty has user signed NDA?

@Nuria :

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform. - existing shell user
Nuria added a comment.Apr 12 2019, 4:56 PM

approved on my end

Dzahn reassigned this task from Nuria to colewhite.Apr 18 2019, 9:51 PM
Dzahn added a subscriber: Dzahn.

ready to go, handing over to Cole as the weekly clinic-duty person. just needs the existing user to be added to the existing group, has approval

Change 504998 had a related patch set uploaded (by Cwhite; owner: Cwhite):
[operations/puppet@production] admin: add lucaswerkmeister to analytics-wmde-users

https://gerrit.wikimedia.org/r/504998

Change 504998 merged by Cwhite:
[operations/puppet@production] admin: add lucaswerkmeister to analytics-wmde-users

https://gerrit.wikimedia.org/r/504998

colewhite updated the task description. (Show Details)Apr 18 2019, 10:40 PM

The group membership change has been deployed.

Please feel free to reopen if you encounter any related issue.

colewhite closed this task as Resolved.Apr 18 2019, 10:41 PM

Seems to work so far, thank you :)