Page MenuHomePhabricator

Requesting access to deployment for andrew-wmde
Closed, ResolvedPublicRequest

Description

Username: andrew-wmde
Full name: Andrew Kostka
Email address: andrew.kostka@wikimedia.de
Public key: P9126
Supervisor at WMDE: @Tobi_WMDE_SW

I'm a developer at Wikimedia Deutschland primarily focusing on projects relating to the German-Community-Wishlist. It would be amazing if I could help out during the EU-SWAT windows and have the ability to handle deployments relating to our projects.

Ops Clinic Duty Checklist for Access Requests

Most requirements are outlined on https://wikitech.wikimedia.org/wiki/Requesting_shell_access

This checklist should be used on all access requests to ensure that all steps are covered. This includes expansion to access. Please do not check off items on the list below unless you are in Ops and have confirmed the step.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform.
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponser for volunteers, manager for wmf staff)
  • - sudo requests: all sudo requests require explicit approval during the weekly operations team meeting. No sudo requests will be approved outside of those meetings without the direct override of the Director of Operations. (Rules say nowadays only changes to existing sudoer rules or new groups need this, as opposed to adding members to existing groups).
  • - Patchset for access request

Event Timeline

Restricted Application added a project: Operations. · View Herald TranscriptSep 18 2019, 10:25 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
herron triaged this task as Normal priority.Sep 18 2019, 7:07 PM
herron updated the task description. (Show Details)Sep 19 2019, 4:37 PM

@greg could you please review/approve this request for deployment permissions?

@Andrew-WMDE could you please coordinate obtaining a comment of approval here from your supervisor?

Thanks in advance!

@Andrew-WMDE could you please coordinate obtaining a comment of approval here from your supervisor?

@herron @greg
As @Andrew-WMDE's responsible Engineering Manager at Wikimedia Deutschland, I'm approving this request.

Dzahn added a subscriber: Dzahn.Wed, Sep 25, 5:18 PM

@Andrew-WMDE We will need an SSH key from you and then make the needed change in the operations/puppet repo in modules/admin/data/data.yaml.

Could you please make a new key you don't already use and paste the public part here on the ticket... or alternatively and optionally, if as a deployer you are familiar with Gerrit.. upload a change to the file above directly.

Thanks

@Dzahn Sure, the SSH public key is this one P9126 (created exclusively for production):

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+POWSebb+Fiyxuw2qqMhMHt7DW5i6ZJ7h4H0pea+HRWf9BmuxfrIPESqgZ1j3hYyxP+mqB3zE/4lQky2ZMYoB04ullkww7t3Y46hIuJqVcjFzAWoOkZTvON3Zmtu3xAf8p9zxgT2NXWMLYFErcwgBE6JjO16KMqWASrLU8op+gyavh+DofZE+WhxMM5jnHy+Ofa28pFzC41eguovCgGnSyp2rTbAS0WhbsRukcMbsf3LNRVQKf7ZXJXNAAUZtpJnM1wgdTXZezlMoPmRTIjbp5YmQNOXgepBC5VoGzDEctiju/N+BIwFs9Z/pJkqfxyc2KvUcd6J44odHol8NvhABQt6dRMRfCHaTY2WHmkEfIDjXudaJO11jl5zP0nixYeiIO4FNEIYF2Y/tFGB5WTfsE4lB/6nkKVGB/7bCtfA404qkci6Zye8v7rk+hm/SWlZW724PwNQzBaqqnuz+xzf8U65vqsURcP4V3kupW4OZpOWkNALlaM6wbq50kAhQSLJ6Ed2RwTckoCD5u2xgQXwehQS81oIY17lXV0OcJvXR8L8lm+82o3PxJouPo6byczvqd5RUFbysjku7u2u0gbRI47jYEuH/gARBUAG3zNZ+EWIMXe4+gLrQzu6d9doIiW3w6GbfR62VqfqQf2H4sh6zR2IOrPfV8EpnIwnnKLjKmw==

Change 539997 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] admins: create deployment shell user for Andrew Kostka

https://gerrit.wikimedia.org/r/539997

Dzahn added a comment.Tue, Oct 1, 1:17 AM

@Andrew-WMDE Alright, thanks. I made a code change at https://gerrit.wikimedia.org/r/c/operations/puppet/+/539997 and added reviewers.

greg added a comment.Tue, Oct 1, 4:42 PM

@greg could you please review/approve this request for deployment permissions?

Sorry for the delay (my phabricator notification count is literally ∞). Approved. Please reach out to fellow WMDE deployers for a training or if not possible, RelEng team members.

Change 539997 merged by Dzahn:
[operations/puppet@production] admins: create deployment shell user for Andrew Kostka

https://gerrit.wikimedia.org/r/539997

thanks Greg for approval and Moritz for code review.

merged and deployed

13:07 < mutante> !log Welcome new deployer Andrew Kostka (WMDE) (T233202)

@Andrew-WMDE You should be able to ssh to deploy1001 (https://wikitech.wikimedia.org/wiki/Deploy1001) now.

You can contact @Lucas_Werkmeister_WMDE for some training.

Please reach out to fellow WMDE deployers for a training or if not possible, RelEng team members.

I’d be happy to help out :) do you have any planned/upcoming deployments to train on? (I can’t think of any from my end.)

Dzahn updated the task description. (Show Details)Tue, Oct 1, 5:14 PM

@Lucas_Werkmeister_WMDE Maybe shoulder surfing during your next SWAT? I see you are on a couple on the calendar.

Dzahn closed this task as Resolved.Tue, Oct 1, 5:16 PM
Dzahn claimed this task.

Please reach out to fellow WMDE deployers for a training or if not possible, RelEng team members.

I’d be happy to help out :) do you have any planned/upcoming deployments to train on? (I can’t think of any from my end.)

AFAIK @Andrew-WMDE has planned some shoulder-surfing with @awight already but there can never be enough masters to learn from. :)