| • Nuria | |
| Oct 16 2019, 5:49 PM |
| F30828161: Messages Image(4165936584).png | |
| Oct 17 2019, 11:19 PM |
Lex will be working with the analytics team until february 15th in the capacity of intern
Full Name: Lex Nasser
Developer Access Username: lexnasser
Public ED25519 Key: AAAAC3NzaC1lZDI1NTE5AAAAIAgozlHmJxSSkQjDKhjx4ZlMw0hqr+3F+1M2In7CGRCo
Reason: Need access to analytics servers to begin work on the Analytics team.
Approved on my end, i think @lexnasser needs to provide ssh keys and sign NDA per https://wikitech.wikimedia.org/wiki/Production_access
@lexnasser @Nuria Could you please specify which groups are requested from https://wikitech.wikimedia.org/wiki/Analytics/Data_access#Access_Groups
@lexnasser Could you please read and sign L3?
@Nuria Thank you for the groups, will prepare a change and move forward with this asap.
@lexnasser Thank you, yes, i see the signature looks good!
@Nuria Is Lex going to get a @wikimedia.org email address? I was wondering because i need to specify one in the code change and it looks like it doesn't exist under the standard naming scheme.
@lexnasser Pending the question above which email account to use, could you please Create a Wikimedia developer account and let me know the name you used? You will pick 2 separate names, one for the wiki and one for the shell account, in that form.
@RStallman-legalteam it was done through HR, yes, he probably needs to sign an NDA as well?
Ok, probably best for me to just create one since it looks like shell access is needed. @lexnasser could you email your physical (snail mail) address rstallman@wikimedia.org
Thanks!
Thanks @Nuria. Working on the NDA now. Can you confirm the exact access set for the NDA - would listing SSH access be clear enough?
Change 545388 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] admins: add shell account for Lex Nasser
Change 545388 merged by Dzahn:
[operations/puppet@production] admins: add shell account for Lex Nasser
@lexnasser Within max. 30 minutes this should work for you now. Please take a look at https://wikitech.wikimedia.org/wiki/Production_access#Setting_up_your_access how to setup SSH config. You will be jumping via the bastion hosts to other machines behind them. Other analytics team members can help you which hosts exactly to connect to.
+1 , also let's make sure to go over the Data guidelines before working with the data.
Mentioned in SAL (#wikimedia-operations) [2019-10-22T21:45:21Z] <mutante> LDAP - added lexnasser to nda group (T235688)
Done!
@lexnasser You should now also be able to login on https://turnilo.wikimedia.org/ and https://superset.wikimedia.org/
Reopening, currently the same key is used in Cloud VPS and production, which is a security risk.
@lexnasser Please create a new SSH key that is not used in cloud and let us know the public part so we can update the production access.
Here's another public ED25519 key: AAAAC3NzaC1lZDI1NTE5AAAAIOBTDDmL8isvso6xqOJB5qkk3n8xuM0XxFc1Q34ZnZRj
Let me know which service is associated with which key. Thanks!
Change 545630 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] admins: re-enable shell account for lexnasser with new key
Change 545630 merged by Dzahn:
[operations/puppet@production] admins: re-enable shell account for lexnasser with new key
@lexnasser Thanks, your access has been re-enabled with the new key.
The services associated with the new (production) key are: any host name ending in .wmnet or .wikimedia.org.
The services associated with the previous (cloud) key are: any host names ending in .wmflabs.org or cloud instances (virtual machines) you created using https://horizon.wikimedia.org. You probably don't need this.
