Page MenuHomePhabricator
Create Task
Maniphest T241096

Requesting access to analytics-privatedata-users and researchers for Aroraakhil
Closed, ResolvedPublic
Actions

Description

  • Wikitech username: Aroraakhil
  • Preferred shell username: aarora
  • Email address: arora.akhilcs@gmail.com
  • Ssh public key (must be dedicated key for wmf production):

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMnomWTASEzJqGKtpCqUA8g+Wcz4RmcpD5qRbuiXurptrXPQaoogl2U/RfnyInPZQAoc4QgM3JGLvjaNfIGIkCNPq8H3oWc4DeUE+OTfbH3/L8UvvB8CQ8KEOC92C9GBCDAfva5hY94CziKeFZvFEFLpxVRLWkdZcXVzQGZmVX09Rf+KANf/9/XH8WtlLvtfT7e0d5f4aTYNJ96VtLih5BneA+CYlRM/xXzDiH5Am31ffPduKAeFfMMdDYRJAVHayVGqAaGHo+T38mHNibtt9hZFVWr/nnbOnNo2EIE1JVtoUHR6p4Jzr+XR/d6rgJWmvn7gfdewzfCMHNSPPSTeiuOPnnvJeF1OeiASu7FeHOndeB3VKQyUGcAr+6luAs4Wg4CoAz+zzEOvUYPoK7DZKuvyUeXoVjBWb1UkW6OizYjqiTxjNM8HPQ6vCtkM0sV3dAPfGJqDCy9rtmgCwfdeKch54Cw4QdKBkoMa/C2ciJFqHemo3YvGrsghRgekfObo5euOUVSf1pVqr2igmNtaSiEMXs0/06fzdn88ojQgBSHW/XSIQ+Yi47ZLIGE5R7Ht+9LH9pIDlujR81bxvrGoLICeZbTg1lZPMhAcFuNa84lpiKKgPxONC7cxqtizclghZW/KtGA2gfszazg1uyGI7xFEhGhfWi3NwQ9zqOxrGg6Q== aarora@tsf-452-wpa-3-166.epfl.ch

Some steps

Details

SubjectRepoBranchLines +/-
Set krb: present for user aaroraoperations/puppetproduction+1 -0
admin: Add production access to Aroraakhil, including private dataoperations/puppetproduction+13 -2
Customize query in gerrit

Event Timeline

leila claimed this task.Dec 19 2019, 12:48 AM
leila created this task.
leila added a subscriber: Ottomata.

@Ottomata we have a new formal collaborator onboard: Akhil Arora. \o/ Akhil needs access to HDFS and stat machines. Can you check the "Access Group" in the task description and update it if I didn't get it right, please?

Aroraakhil subscribed.EditedDec 19 2019, 1:19 AM

@leila , thank you so much for initiating this. The following has been completed:

  1. Have read and signed the server access responsibilities document.
  2. Have signed up for a developer account.

Per the information on this page , do I have to "Create a ticket requesting access"?

leila renamed this task from Access for a formal collaborator to Requesting access to RESOURCE for Aroraakhil.Dec 19 2019, 1:36 AM
leila updated the task description. (Show Details)
leila added a comment.Dec 19 2019, 1:38 AM

@Aroraakhil thanks. I updated the task description for this task to bring it closer to the template you linked to. Let's not open a new task. (We will add SRE-access-requests once all the pieces are prepared for them to take action.) Please click on Edit task on this page and fill out what's missing. :)

Aroraakhil added a comment.Dec 19 2019, 1:40 AM

@leila surely. Thanks once again for your prompt actions!

Aroraakhil updated the task description. (Show Details)Dec 19 2019, 1:40 AM
Aklapper added a project: SRE-Access-Requests.Dec 19 2019, 1:50 AM
Aklapper subscribed.

Assuming this is about SRE-Access-Requests - what's the shell account name?

Restricted Application added a project: SRE. · View Herald TranscriptDec 19 2019, 1:50 AM
leila added a comment.Dec 19 2019, 5:39 AM

@Aklapper is shell account name the same as shell username? If yes, it's in the task description. Also, yeah: this task is for sre-access-requests. I didn't add them earlier as we're still waiting for Aroraakhil to provide the public ssh key and for ottomata to confirm the group.

Peachey88 renamed this task from Requesting access to RESOURCE for Aroraakhil to Requesting access to analytics-privatedata-users for Aroraakhil.Dec 19 2019, 8:43 AM
Aroraakhil updated the task description. (Show Details)Dec 19 2019, 1:58 PM
Aroraakhil added a comment.Dec 19 2019, 2:00 PM

@Aklapper and @leila added the public ssh-key in the task description. Also, the preferred shell-username is: aarora (as stated in the task-description)!

Ottomata renamed this task from Requesting access to analytics-privatedata-users for Aroraakhil to Requesting access to analytics-privatedata-users and researchers for Aroraakhil.Dec 19 2019, 2:22 PM
Ottomata updated the task description. (Show Details)

Added researchers group too just for good measure :)

leila added a comment.Dec 19 2019, 2:58 PM

Excellent. this task is ready on my end to be picked up by SRE-Access-Request. I remove myself as assignee.

leila removed leila as the assignee of this task.Dec 19 2019, 2:58 PM
elukey subscribed.EditedDec 19 2019, 3:09 PM

I added some info to https://wikitech.wikimedia.org/wiki/Analytics/Data_access#Access_Groups to remember about requesting a Kerberos auth principal to have access to Hadoop (being in analytics-privatedata-users is not enough).

jcrespo assigned this task to Nuria.Dec 24 2019, 7:42 AM
jcrespo added subscribers: Nuria, jcrespo.

This needs @Nuria approval (in addition of @leila) as service owner. I haven't checked the other information given, but based on the information described as correct, that should be the only blocker (aside from the 3 business day wait for security review).

@Aroraakhil Please understand that due to holidays, request could delay for longer than usual. Sorry about that.

jcrespo moved this task from Untriaged to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.Dec 24 2019, 7:43 AM
jcrespo moved this task from Backlog to Acknowledged on the SRE board.
jcrespo triaged this task as High priority.Dec 24 2019, 9:35 AM
gerritbot added a comment.Dec 26 2019, 10:06 AM

Change 560604 had a related patch set uploaded (by Jcrespo; owner: Jcrespo):
[operations/puppet@production] admin: Add production access to Aroraakhil, including private data

https://gerrit.wikimedia.org/r/560604

gerritbot added a project: Patch-For-Review.Dec 26 2019, 10:07 AM
jcrespo added a comment.Dec 26 2019, 10:20 AM

@leila researchers typically have time-limited MOUs, is this true in this case? If so, could you share the period of time, so I can add an expiry date for the account?

herron subscribed.Jan 3 2020, 7:42 PM

Hi @Nuria, a friendly ping/bump for approval on this. Happy new year!

Nuria added a comment.Jan 4 2020, 9:29 AM

Approved on my end

leila added a subscriber: MoritzMuehlenhoff.Jan 6 2020, 6:00 PM
In T241096#5763697, @jcrespo wrote:

@leila researchers typically have time-limited MOUs, is this true in this case? If so, could you share the period of time, so I can add an expiry date for the account?

You are correct. The access is associated with a six-month MOU currently set to expire on 2020-06-05. (@MoritzMuehlenhoff FYI given that you have traditionally helped us with expirations/extensions for access.)

Dzahn claimed this task.Jan 6 2020, 8:14 PM

Taking over as the one on rotating clinic duty. Will amend the expiration date to the changeset and follow up on Gerrit.

https://gerrit.wikimedia.org/r/c/operations/puppet/+/560604

gerritbot added a comment.Jan 6 2020, 8:42 PM

Change 560604 merged by Dzahn:
[operations/puppet@production] admin: Add production access to Aroraakhil, including private data

https://gerrit.wikimedia.org/r/560604

Dzahn closed this task as Resolved.Jan 6 2020, 8:52 PM

@Aroraakhil Hi, your shell access has been granted and you should be able to login now (in max. 30 minutes from now since puppet has to run on all servers)

See https://wikitech.wikimedia.org/wiki/Production_access#SSH_configuration for how to setup your SSH client to jump via one of the bastion hosts to other hosts behind it.

I can confirm your user "aarora" exists on bast1002.wikimedia.org now.

I'm sure @leila and the rest of the analytics team can help you with the details from there.

Maintenance_bot removed a project: Patch-For-Review.Jan 6 2020, 9:10 PM
Aroraakhil added a comment.Jan 9 2020, 8:18 AM

Hi @Dzahn,

I am currently traveling and the internet access is not that great. Thus, I will try to log in once I am back in Lausanne. I will comment on this thread, if I face any issues.

Thank you so much for all your help.
Best,
Akhil

Dzahn added a comment.EditedJan 9 2020, 9:31 PM

Hi @Aroraakhil thank you. Yes, there is no rush from our side. You can try anytime. If needed you can click "Add Action" -> Change Status" -> "Open" to reopen the ticket if something doesn't work or just leave comments.

Just letting you know we have a rotating duty to handle access requests so in another week another person might answer. I will also get notified about comments though.

Best,

Daniel

Aroraakhil reopened this task as Open.EditedFeb 18 2020, 10:02 PM

@Dzahn,
I am reopening this request, as I am unable to use "hadoop" on the stat machines.

@leila
As pointed by @elukey in one of the aforementioned comments, it is important to request a Kerberos auth principal to have access to Hadoop (being in analytics-privatedata-users is not enough). I tried 'kinit' after logging into one of the stat machines, which did not succeed. May I kindly request you to help me obtain the required access for "hadoop" as well. Really sorry for reopening this ticket: I couldn't explore much around this thread in January owing to some firefighting for the re-submission of a recently rejected paper from TheWebConf, which was submitted to KDD last week.

Best,
Akhil

Ottomata added a comment.Feb 18 2020, 10:10 PM

Hi @Aroraakhil, I just created your kerberos account principal. You should receive an email with instructions. See also https://wikitech.wikimedia.org/wiki/Analytics/Systems/Kerberos/UserGuide#Authenticate_via_Kerberos. Let us know if it works!

gerritbot added a comment.Feb 18 2020, 10:12 PM

Change 572995 had a related patch set uploaded (by Ottomata; owner: Ottomata):
[operations/puppet@production] Set krb: present for user aarora

https://gerrit.wikimedia.org/r/572995

gerritbot added a project: Patch-For-Review.Feb 18 2020, 10:12 PM
Aroraakhil added a comment.Feb 18 2020, 10:18 PM

Hi @Ottomata,

Thank you so much for your prompt response and help. I am now able to use "hadoop" services seamlessly. We can safely close this task now.

Best,
Akhil

leila closed this task as Resolved.Feb 18 2020, 10:50 PM
gerritbot added a comment.Feb 19 2020, 1:50 PM

Change 572995 merged by Ottomata:
[operations/puppet@production] Set krb: present for user aarora

https://gerrit.wikimedia.org/r/572995

Maintenance_bot removed a project: Patch-For-Review.Feb 19 2020, 2:10 PM
Ottomata added a comment.May 5 2020, 6:16 PM

FYI, I just added aarora to the nda LDAP group. This seemed to have been missed as part of this acccess request.
https://wikitech.wikimedia.org/wiki/Analytics/Data_access#LDAP_access

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits