Page MenuHomePhabricator
Create Task
Maniphest T220084

analytics-wmde group addition for Lucas Werkmeister
Closed, ResolvedPublicRequest
Actions

Description

Username: lucaswerkmeister-wmde
Full name: Lucas Werkmeister
Public key: P6884 (originally generated for T190415, also used for T208518)
Reason: With @Addshore on vacation, it would be useful to have one more person at WMDE who can test and deploy changes to the analytics wmde scripts, for example for tasks like T216835/T218901/T218903.

I’m not sure what group I need to work with the analytics wmde scripts – analytics-wmde sounds like the obvious candidate, but as far as I can tell all the current WMDE employees with some analytics access have either both analytics-wmde and analytics-privatedata-users, or only analytics-privatedata-users, so perhaps analytics-wmde alone doesn’t make sense for some reason?

SRE Clinic Duty Checklist for Access Requests

Most requirements are outlined on https://wikitech.wikimedia.org/wiki/Requesting_shell_access

This checklist should be used on all access requests to ensure that all steps are covered. This includes expansion to access. Please do not check off items on the list below unless you are in Ops and have confirmed the step.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform. - existing shell user
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.) - existing shell user
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - 3 business day wait must pass with no objections being noted on the task
  • - group additions are approved by the manager/team that handles that service group. - currently suggested analytics-wmde group

Details

SubjectRepoBranchLines +/-
admin: add lucaswerkmeister to analytics-wmde-usersoperations/puppetproduction+1 -1
Customize query in gerrit

Related Objects

Event Timeline

Lucas_Werkmeister_WMDE created this task.Apr 4 2019, 10:40 AM
Restricted Application added a project: SRE. · View Herald TranscriptApr 4 2019, 10:40 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
RazShuty added a comment.EditedApr 4 2019, 10:43 AM

As the Engineering Manager of @Lucas_Werkmeister_WMDE I totally approve this request on my side and think it's super important for us as a team to not lose that while @Addshore is away.

Addshore added a comment.Apr 4 2019, 10:45 AM

I believe analytics-wmde is enough (as it gives you sudo on the analytics wmde users, but should be double checked if one can actually SSH into the machines with this.

Addshore awarded a token.Apr 4 2019, 10:45 AM
RobH renamed this task from Requesting access to analytics machines for Lucas Werkmeister to analytics-wmde group addition for Lucas Werkmeister.Apr 4 2019, 3:49 PM
RobH triaged this task as Medium priority.
RobH updated the task description. (Show Details)
RobH added subscribers: Nuria, RobH.

The new policies for shell access have all group additions approved by their service owners. It is my understanding that @Nuria will be approving for any analytics group additions, so turfing this to them for review.

Please comment/approve/deny and if you'd like me to prepare the patchset (I'm on clinic duty) just assign back to me. Thanks!

PS: Please note the user is already a shell user, so adding them to the single group is pretty simple.

RobH assigned this task to Nuria.Apr 4 2019, 3:51 PM
RobH moved this task from Untriaged to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.
RazShuty added a comment.Apr 12 2019, 3:44 PM

@Nuria can you please take action? this would help a lot.

Nuria added a comment.Apr 12 2019, 3:58 PM

@RazShuty has user signed NDA?

RazShuty added a comment.Apr 12 2019, 4:01 PM

@Nuria :

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform. - existing shell user
Nuria added a comment.Apr 12 2019, 4:56 PM

approved on my end

Dzahn reassigned this task from Nuria to colewhite.Apr 18 2019, 9:51 PM
Dzahn subscribed.

ready to go, handing over to Cole as the weekly clinic-duty person. just needs the existing user to be added to the existing group, has approval

gerritbot added a comment.Apr 18 2019, 10:33 PM

Change 504998 had a related patch set uploaded (by Cwhite; owner: Cwhite):
[operations/puppet@production] admin: add lucaswerkmeister to analytics-wmde-users

https://gerrit.wikimedia.org/r/504998

gerritbot added a project: Patch-For-Review.Apr 18 2019, 10:34 PM
gerritbot added a comment.Apr 18 2019, 10:38 PM

Change 504998 merged by Cwhite:
[operations/puppet@production] admin: add lucaswerkmeister to analytics-wmde-users

https://gerrit.wikimedia.org/r/504998

colewhite updated the task description. (Show Details)Apr 18 2019, 10:40 PM

The group membership change has been deployed.

Please feel free to reopen if you encounter any related issue.

colewhite closed this task as Resolved.Apr 18 2019, 10:41 PM
Lucas_Werkmeister_WMDE added a comment.Apr 23 2019, 10:39 AM

Seems to work so far, thank you :)

Lucas_Werkmeister_WMDE mentioned this in T289499: Requesting access to analytics/wmde/scripts production branch for Lucas Werkmeister (WMDE).Aug 23 2021, 2:51 PM
Maintenance_bot removed a project: Patch-For-Review.Aug 23 2021, 3:11 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL