Page MenuHomePhabricator

fundraising dev/database access request for Mariana Suijkerbuijk
Closed, ResolvedPublic

Description

Hi guys,
Sending a request here to get access. Got my Yubikey and working on getting a Yubikey public ID now.
Thanks
Mariana

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 11 2019, 4:57 PM
DStrine moved this task from Triage to FR-Ops on the Fundraising-Backlog board.

Hi Mariana,

You can get the public id in one of two ways:

  1. Visit https://directory.corp.wikimedia.org/yubikey.php logging in with your 'OIT' ldap credentials like you would for email, and clicking on the yubikey in the text box. It will then trim the code for you and provide the public side.
  2. In a text editor, just repeatedly press the button on the yubikey. You will notice there are 12 characters at the beginning of the output that don't change. That is the public side of the key that you can then send on to us.

Once we have this information we can update the config.

Dallas

Hi Dallas,

Here's the Yubikey id.

Your Yubikey Public ID is: cccccclbdvli

Thanks,
Mariana

Dwisehaupt moved this task from Triage to In Progress on the fundraising-tech-ops board.

I have added the public key to the repo and pushed it out to the associated servers

[frack::puppet::private] c874c8b Adding yubikey public side for msuijkerbuijk

Thanks! Does this mean I can now access the fr server?

This is one step for access. I know that Jeff was checking on some other portions. I'll check with him and find out what (if anything) still remains before I can say for certain.

Jgreen added a subscriber: Jgreen.Sep 13 2019, 6:39 PM

Caitlin Cogdill sent an access authorization request to Lisa Gruwell earlier this week, we're waiting to hear back on that.

Jgreen renamed this task from Access request - account Yubikey servers to fundraising dev/database access request for Mariana Suijkerbuijk.Sep 13 2019, 6:40 PM

Caitlin Cogdill sent an access authorization request to Lisa Gruwell earlier this week, we're waiting to hear back on that.

  • Forwarded message ---------

From: Lisa Gruwell <lgruwell@wikimedia.org>
Date: Fri, Sep 20, 2019 at 6:21 PM
Subject: Re: URGENT: Approval needed: Mariana fundraising server access
To: Patricia Pena <ppena@wikimedia.org>
Cc: Leticia Navarro <lnavarro@wikimedia.org>, Mariana Suijkerbuijk <msuijkerbuijk@wikimedia.org>, Caitlin Cogdill
<ccogdill@wikimedia.org>

Approved :)

Added user accounts for Mariana. I need to get clarification as to what level DB access is requested.

[frack::puppet] 9ee84d9d Adding user account for msuijkerbuijk

Hello @MSuijkerbuijk_WMF the next step we have is for you to get ssh access. To do so, I am going to need you to generate an ssh keypair and have you provide the public portion of that key.

Instructions for generating the ssh keypair are here: https://collab.wikimedia.org/wiki/Fundraising_ssh_access

When you have generated the keypair, please post the contents of the public side of the key (ie: fr_id_rsa.pub) in this ticket.

Thanks,

Dallas

Hi Dallas,

I've followed the steps now. Terminal says:

Your identification has been saved in /Users/marianasuijkerbuijk/.ssh/id_rsa.
Your public key has been saved in /Users/marianasuijkerbuijk/.ssh/id_rsa.pub.

Is that what you need?

Thanks,
Mariana

Hello Mariana,

Thanks for generating the keypair. What I need pasted into the ticket is the contents of the file: /Users/marianasuijkerbuijk/.ssh/id_rsa.pub
Once you paste that in I'll get moving on pushing out the config.

Thanks.

Dallas

Copying below, thanks!

Your public key has been saved in /Users/marianasuijkerbuijk/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:IGQY9VX7XDiBd+aYOMhivRwgTTxJaZ/w986TKXSHBZ4 msuijkerbuijk@wikimedia.org
The key's randomart image is:
+---[RSA 4096]----+

.++=oo.....
.o..X. ..ooo
.ooO o.+oO.
.o.O +oEoo
. oS+ ooo
o . + .
. + +
. *
. .

+----[SHA256]-----+

Hello Maria,

I actually need the contents of the file. You can get that using the following command in a Terminal window:

cat /Users/marianasuijkerbuijk/.ssh/id_rsa.pub

Thanks,

Dallas

Hi Dallas,

Let's see if it's right now, see below

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCeXqjNtW71/FoQSyEyqWUsExlvKnhyzNrEcJXzjZpMV27DA3v0smbRnV8NU/AcO0EJzQXuT9rPktlSfyKXCiY0TWih+uMYewY9Tu7k2MG+IDjFkKma4fMEwZlp0GN1o4Ij6rZGd8AnBwBcwipIYaBJX+M3symnc8JMvIcvwPEyCFC2Umc9+2IutO5na8ZeqvaPa1h6QXLnBmjxVt8dbips4vg0TiU7XLKP/0ZluD4n+siARPVq8CE46ZimPAyI7KOdHoyJflG/AEVW7Sx5lOtQSfyqNpNA9IWm3VCS0hdwdv3Ccp0AabiBodKAO5JhZ+DEdBnpDaTfyj7FqALJNZJBjXtrKHGD0jAxokDlVWbF3mB1d5t7Dh0nuSuXyNxXXELoequCzkRAhhFNtM8P67rzxsR/6OKFrpFJpqcbuP85+GA/eYojH9ifqzY927ia8BKMHTE5yoL1PgpnoFHWayrJOcQdeyxYL6KXfJ58UHvFAmWStiV+WqKoh/2vATBPPlu9ChTD8WeZmZAubzMLYApfpMGpFgLzAztu8HTIqZuBdAq9xOEJZjOIeqwuqTEVGlB4+Vw3qgAekjj+zR0rA0nvzZzGVbmQ5vwKebWvNJSvh/e0gEhGxYVQSDBbYp+ls0YS6IezFZEuqz0l+oi1cB7ppYvBZz7byP8xgvJv1RVL8Q== msuijkerbuijk@wikimedia.org

Hello Mariana,

Thanks, that's what I needed. I have updated the repo and pushed the key around.

If you haven't yet, you should create an ssh config file using the instructions on this page: https://collab.wikimedia.org/wiki/Fundraising_ssh_client_config

Once you have that set, you should be able to use the following command: ssh rdev1001
You will be prompted enter the passphrase for your ssh key, and to accept the server identity (which you can answer yes to). When presented with a Password: prompt, you will hit the button on your yubikey to supply the password.

Please let me know if you have issues connecting.

Dallas

[frack::puppet::private] 7517bd9 Adding ssh public key for msuijkerbuijk
[frack::puppet::private] 91ef53f adding msuijkerbuijk to mysql_grants

Hi Dallas,

I'm trying to follow the last instructions you shared. Should it be run on Terminal? It is not working. Any tip?

I was under the impression that I had generated ssh already. See beginning of this thread.

Thanks!
Mariana

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTXJs939Z+mDYe4UWs6n6Y0cmAoM4lRW7VtWpiaxeExUOvPDeBGrq94pAIbSXmZKb4nyP6zArXQBTh3I862kEvvMFCt5Bo8ALvKzeJieXULTsq0/HIRBvFVjA4lIjofp+IAFSZOVH8pn1gpJRsV6P6PNEPIEwV8CXXLbkWSY+GHou8pQ/vBYr9Yo8irK/tB8NH7W+4RvueJiogST5e3r1ybQEVMBtZr+m6wQ+GFqkxw/XQPAxK5ndxC+qODJjnJoCYeJ5pdRqkoBipB1mjWOdosVmbKbYneafjM+rOnVR6HOaVZTjtQFbhCFYGKYzprtD6h2gMqPhFGZ2X0xTAnjlb

Hi Mariana,

In order to correctly connect to our hosts, you need the ssh keypair, the ssh config, which basically tells the ssh program how to connect, and your yubikey as a password. You have generated the ssh keypair and I've got that in place. Additionally you provided the public side of your yubikey and I have that in our config. The last bit is the ssh client config file which you can create using the instructions at: https://collab.wikimedia.org/wiki/Fundraising_ssh_client_config

Once that is in place, you can actually use the ssh command to connect to the host.

I could hop on a hangout with you to walk through the process of connecting. We don't have a lot of overlap in our schedules but I could get up early tomorrow or we could do it early Monday morning PDT.

Dallas

Hi Dallas,

That would be great if we could connect on a call. I've tried to follow
those instructions but when I add that on the terminal it does not work.
I'll send an invite now, for 10.30am PDT on Monday.

Thanks!
Mariana

Worked with @MSuijkerbuijk_WMF to update the user setting in her ssh config file and she was able to connect.

@CCogdill_WMF - Could you advise on what database access she will need? Even if it's just a similar user to model her permissions off of.

It would be great if she has access to all the same databases that I do,
but these are the ones on my mind:

  • frdev1001
  • /srv/br folder
  • mysql civicrm
  • mysql drupal
  • mysql silverpop

I think that should do it!

Le mar. 1 oct. 2019 à 12:32 AM, Dwisehaupt <
no-reply@phabricator.wikimedia.org> a écrit :

Dwisehaupt added a subscriber: CCogdill_WMF.
Dwisehaupt added a comment. View Task
https://phabricator.wikimedia.org/T232633

Worked with @MSuijkerbuijk_WMF
https://phabricator.wikimedia.org/p/MSuijkerbuijk_WMF/ to update the
user setting in her ssh config file and she was able to connect.

@CCogdill_WMF https://phabricator.wikimedia.org/p/CCogdill_WMF/ - Could
you advise on what database access she will need? Even if it's just a
similar user to model her permissions off of.

*TASK DETAIL*
https://phabricator.wikimedia.org/T232633

*EMAIL PREFERENCES*
https://phabricator.wikimedia.org/settings/panel/emailpreferences/

*To: *Dwisehaupt
*Cc: *CCogdill_WMF, Jgreen, Dwisehaupt, Aklapper, MSuijkerbuijk_WMF,
EBjune, DStrine, Jay8g

Dwisehaupt triaged this task as Medium priority.Oct 1 2019, 4:17 PM
Dwisehaupt moved this task from In Progress to Done on the fundraising-tech-ops board.

Ok. The mysql grants have been adjusted and she should be all set.

[frack::puppet::private] 4b9552c Adding msuijkerbuijk to same mysql grants as ccogdill

Hi @Dwisehaupt and @CCogdill_WMF

I just finished a call with Katie and I wonder if I need to request access to CiviCRM too. I don't think I've installed any certificate yet for this. I just see a member certificate on the Keychain.

Let me know if there's any step or guide I need to take for this.
Thanks,
Mariana

Yeah, you'll need a CiviCRM cert to access the dash (
https://dash.frdev.wikimedia.org) at the least. Sorry, I take for granted
that we just set this up for fundraising people :)

I can definitely get an SSL client certificate set up. In order for me to do that we need to have an entry for Mariana on the fundraising contact page: https://collab.wikimedia.org/wiki/Fundraising#Contact_List

Once she has an entry there I will generate the certificate and SMS her the password.

The SSL client certificate has been created and sent via email. The password has been SMS'd to the phone number on record.

Hi Dallas,

I'm having trouble getting to civicrm. The password (Mac) I type in does not work.

It asks me for Login Keychain password, I've tried all the passwords I thought of and also restarted the computer.

Any tip?

Thanks

Hi Mariana,

I'm not 100% sure which civicrm access you are talking about. Perhaps we can schedule some time Monday or Tuesday morning. I'm available starting about 8:30am PDT each day. Feel free to just put something on my calendar and I'll meet with you.

Dallas

Dwisehaupt closed this task as Resolved.Oct 11 2019, 8:25 PM

Verified that this access was for the civicrm application. I have created an account for @MSuijkerbuijk_WMF and she was able to log in. Closing this out.