Page MenuHomePhabricator
Create Task
Maniphest T234209

Grant LDAP groups and deployment shell access to Kevin Bazira
Closed, ResolvedPublic
Actions

Description

Username: kevinbazira
Full name: Kevin Bazira
https://wikitech.wikimedia.org/wiki/User:Kevin_Bazira

id_wmf_ed25519.pub103 BDownload

He'll need access to nda, wmf, analytics-privatedata-users, statistics-privatedata-users, wikidev, deployment-prep, deployment, deploy-service, and ores-admin.

Kevin needs this access in order to train and test models on analytics-hosted data (analytics-privatedata-users`, `statistics-privatedata-users), to make deployments of ORES (ores-admin, deployment, deployment-prop, and deploy-service).

SRE Clinic Duty Checklist for Access Requests

Most requirements are outlined on https://wikitech.wikimedia.org/wiki/Requesting_shell_access

This checklist should be used on all access requests to ensure that all steps are covered. This includes expansion to access. Please do not check off items on the list below unless you are in Ops and have confirmed the step.

  • User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
  • User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform.
  • User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.)
  • access request (or expansion) has sign off of WMF sponsor/manager (sponser for volunteers, manager for wmf staff)
  • non-sudo requests: 3 business day wait must pass with no objections being noted on the task
  • Patchset for access request

Details

SubjectRepoBranchLines +/-
admin: add Kevin Bazira to several groupsoperations/puppetproduction+16 -5
Customize query in gerrit

Related Objects
Search...

Event Timeline

Halfak created this task.Sep 30 2019, 12:57 PM
Restricted Application added a project: SRE. · View Herald TranscriptSep 30 2019, 12:57 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Halfak updated the task description. (Show Details)Sep 30 2019, 12:58 PM
Halfak added a parent task: T234222: Onboarding Kevin Bazira -- Accounts and Access.Sep 30 2019, 2:21 PM
Dzahn added a project: SRE-Access-Requests.Oct 1 2019, 5:17 PM
Dzahn subscribed.

adding SRE-Access-Requests because it's more than just LDAP. Involves also shell access.

Dzahn renamed this task from Grant LDAP to Kevinbazira to Grant LDAP groups and deployment shell access to Kevinbazira.Oct 1 2019, 5:19 PM
Dzahn renamed this task from Grant LDAP groups and deployment shell access to Kevinbazira to Grant LDAP groups and deployment shell access to Kevin Bazira.
Dzahn triaged this task as Medium priority.
Ottomata updated the task description. (Show Details)Oct 3 2019, 2:45 PM
Ottomata updated the task description. (Show Details)
Halfak moved this task from Unsorted to Backlog/Lift Wing on the Machine-Learning-Team board.Oct 9 2019, 8:46 PM
herron subscribed.Oct 10 2019, 3:47 PM

@kevinbazira could you please review and sign the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document, add details to the task description outlining high level reasoning for the access, and coordinate a comment of approval from your manager?

After that we'll need to seek additional approvals from department managers for some of the groups, specifically analytics and deployment.

Thanks in advance!

herron updated the task description. (Show Details)Oct 10 2019, 3:48 PM
herron updated the task description. (Show Details)
herron moved this task from Backlog to Awaiting User Input on the LDAP-Access-Requests board.
herron moved this task from Untriaged to Awaiting User Input on the SRE-Access-Requests board.
Halfak updated the task description. (Show Details)Oct 11 2019, 1:09 PM

I've updated the task details with some high-level reasoning for the access. If it's not evident, I approve of this request as Kevin's manager and the lead for ORES/Scoring Platform.

kevinbazira added a comment.Oct 11 2019, 1:16 PM

Thanks @Halfak,

@herron, I've signed the L3 agreement document, and below is my user information:

wikitech username: Kevin Bazira
preferred shell username: kevinbazira
email address: kvnbzr@gmail.com
high level reasoning for the access: please see @Halfak's comment above.

If there is something else missing, please let me know. I'll be happy to provide it.

Thanks!

herron added subscribers: Nuria, greg.Oct 11 2019, 8:32 PM

Great, thank you!

@Nuria could you please review/approve for analytics groups?

@greg could you please review/approve for deploy groups?

herron updated the task description. (Show Details)Oct 11 2019, 8:33 PM
Dzahn moved this task from Awaiting User Input to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.Oct 17 2019, 11:06 PM
Dzahn assigned this task to Nuria.Oct 18 2019, 5:29 PM
greg added a comment.Oct 21 2019, 3:27 PM
In T234209#5567590, @herron wrote:

@greg could you please review/approve for deploy groups?

+1

Nuria added a comment.Oct 21 2019, 3:54 PM

Let's see, is kevinbazira a staff member? if so he only needs access to LDAP 'wmf' group. nda is not needed, wmf is for employees, nda is for collaborators/contractors/other chapters.

In order to access data in hadoop and work on stats machines he would only need access to analytics-privatedata-users.

statistics-privatedata-users is for access to mariaDB mediawiki data. Is that also needed?

Halfak added a comment.Oct 22 2019, 2:40 PM

Yes he is staff. He'll be pulling data from MariaDB for use training ORES models.

Nuria added a comment.Oct 22 2019, 3:21 PM

Ok, approved for wmf, analytics-privatedata-users, statistics-privatedata-users on my end

Dzahn reassigned this task from Nuria to colewhite.Oct 22 2019, 11:35 PM
Dzahn updated the task description. (Show Details)Oct 22 2019, 11:41 PM
Dzahn moved this task from Manager/NDA Approval/Confirmation to Ready To Go on the SRE-Access-Requests board.
gerritbot added a comment.Oct 22 2019, 11:58 PM

Change 545418 had a related patch set uploaded (by Cwhite; owner: Cwhite):
[operations/puppet@production] admin: add Kevin Bazira to several groups

https://gerrit.wikimedia.org/r/545418

gerritbot added a project: Patch-For-Review.Oct 22 2019, 11:58 PM
colewhite added a comment.Oct 23 2019, 7:21 PM

Hi @kevinbazira!

It looks like your email address in wikitech is not updated to your staff address. Would you please correct this then we can proceed?
The place to change it is here: https://wikitech.wikimedia.org/wiki/Special:Preferences

Thanks!

colewhite reassigned this task from colewhite to kevinbazira.Oct 23 2019, 7:21 PM
colewhite subscribed.
kevinbazira added a comment.Oct 24 2019, 7:28 AM

Hi @colewhite!

I have updated my email address in wikitech to my staff address: kbazira@wikimedia.org

Thanks!

Halfak reassigned this task from kevinbazira to colewhite.Oct 25 2019, 1:56 PM

Hi @colewhite, I'm re-assigning to you given that I think we've done all we can from our end.

gerritbot added a comment.Oct 25 2019, 3:51 PM

Change 545418 merged by Cwhite:
[operations/puppet@production] admin: add Kevin Bazira to several groups

https://gerrit.wikimedia.org/r/545418

colewhite updated the task description. (Show Details)Oct 25 2019, 3:52 PM
colewhite added a comment.Oct 25 2019, 3:58 PM

The necessary changes have been deployed. Please let me know if you encounter any related issue.

colewhite closed this task as Resolved.Oct 25 2019, 3:58 PM
Maintenance_bot removed a project: Patch-For-Review.Oct 25 2019, 4:11 PM
Halfak added a comment.Oct 25 2019, 6:50 PM

Thank you!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL