Page MenuHomePhabricator
Create Task
Maniphest T244785

Requesting access to stat1007 for jmorgan
Closed, ResolvedPublicRequest
Actions

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Phabricator username: @Capt_Swing
  • Wikitech username: Jmorgan
  • Preferred shell username: jmorgan
  • Email address: jmorgan@wikimedia.org
  • Ssh public key (must be dedicated key for wmf production): https://office.wikimedia.org/wiki/User:Jmorgan/SSH_public_keys#Production_shell_access
  • Requested group membership: analytics-privatedata-users
  • Reason for access: access to raw webrequests via Hive for research analysis of pageviews from social media sites
  • Name of approving party (hiring manager for WMF staff): Leila Zia
  • Requestor -- Please Acknowledge that you have read and signed the L3 Wikimedia Server Access Responsibilities document: I have signed
  • Requestor -- Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponser for volunteers, manager for wmf staff)
  • - non-sudo requests: 3 business day wait must pass with no objections being noted on the task
  • - Patchset for access request - https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/574240/

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

SubjectRepoBranchLines +/-
Admin: Add jmorgan to analytics-privatedata-usersoperations/puppetproduction+1 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

Capt_Swing created this task.Feb 10 2020, 8:45 PM
Restricted Application added a project: SRE. · View Herald TranscriptFeb 10 2020, 8:45 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
RhinosF1 subscribed.Feb 10 2020, 8:46 PM
leila added a comment.Feb 10 2020, 8:51 PM

Approved. (hiring manager)

jbond updated the task description. (Show Details)Feb 11 2020, 11:13 AM
jbond subscribed.Feb 11 2020, 11:17 AM

Could someone add Jonathan's phab account to this task, i couldn't find an obvious wmf account and i require a ssh key to complete the task, thanks

jbond triaged this task as Medium priority.Feb 11 2020, 11:52 AM
Capt_Swing added a comment.EditedFeb 11 2020, 7:12 PM

@jbond @Capt_Swing is my phab account. It is associated with my Jmorgan (WMF) Wikimedia user account. I'll add this to the task body too. Is that the information you needed?

Capt_Swing updated the task description. (Show Details)Feb 11 2020, 7:12 PM
jbond added a subscriber: Nuria.Feb 12 2020, 10:48 AM

@Capt_Swing Thanks i had also asked for your sshkey but i see you already have a shell account so you are just requesting the additional membership of analytics-privatedata-users

@Nuria can you authorize Jonathan's access to analytics-privatedata-users, thanks

Capt_Swing mentioned this in T241768: Pilot social media traffic reports for English Wikipedia.Feb 16 2020, 11:51 PM
leila added a subscriber: Ottomata.Feb 18 2020, 10:15 PM

@Nuria if you're still around today, can you please review and approve? If not, @Ottomata who can review while Nuria is not around? Thanks!

Ottomata added a comment.Feb 18 2020, 10:17 PM

I know Nuria is going to be off for the next few days. Do I have powers to approve this? If I do, then I approve!

Capt_Swing added a comment.Feb 20 2020, 5:17 PM

@jbond is endorsement from @leila and @Ottomata sufficient here?

jbond added a subscriber: faidon.Feb 21 2020, 10:10 AM
In T244785#5901477, @Capt_Swing wrote:

@jbond is endorsement from @leila and @Ottomata sufficient here?

unfortunately no, as the policy currently stands it has to be Nuria

In T244785#5894950, @Ottomata wrote:

I know Nuria is going to be off for the next few days. Do I have powers to approve this? If I do, then I approve!

This is an evolving process and happy to change but as it currently stands Nuria would need to have informed us, before leaving for vacation, who was able to approve in her absence.

If this can't wait until Nuria's return i could escalate it to my my manager @faidon?

Nuria added a comment.Feb 23 2020, 3:08 PM

Hello, approving on my end. @jbond you need to provide an ssh key, without it (regardless of approvals we cannot give you access)

RhinosF1 added a comment.EditedFeb 23 2020, 4:04 PM
In T244785#5910410, @Nuria wrote:

Hello, approving on my end. @jbond you need to provide an ssh key, without it (regardless of approvals we cannot give you access)

Don’t you mean @Capt_Swing needs to provide an ssh key? Which they seem to have listed as https://office.wikimedia.org/wiki/User:Jmorgan/SSH_public_keys#Production_shell_access

Nuria added a comment.Feb 23 2020, 4:27 PM

Ahem, yes, Indeed! @Capt_Swing , please be so kind to provide ssh key

Nuria added a comment.Feb 23 2020, 4:41 PM

And second mistake, i did not realize that @Capt_Swing is SO ORGANIZED that the link above points to a wiki with ssh key. so ya, ready to go.

elukey subscribed.Feb 23 2020, 4:48 PM

@Capt_Swing is there any reason why you stated stat1007 on the request? I am asking since people tend to cluster on it and it is a little crowded now (resources are often exhausted), so if possible I'd ask you to work on a different stat host (see https://wikitech.wikimedia.org/wiki/Analytics/Systems/Clients for more info). Thanks!

RhinosF1 added a comment.Feb 23 2020, 4:59 PM

If I can read the history right, ssh key should already be in data.yaml so https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/574240/ should work.

RhinosF1 updated the task description. (Show Details)Feb 23 2020, 5:03 PM
RhinosF1 added a project: User-RhinosF1.Feb 23 2020, 5:41 PM
RhinosF1 moved this task from Radar to Deployment on the User-RhinosF1 board.
jbond updated the task description. (Show Details)Feb 24 2020, 12:20 PM
gerritbot added a comment.Feb 24 2020, 12:23 PM

Change 574240 had a related patch set uploaded (by Jbond; owner: RhinosF1):
[operations/puppet@production] Admin: Add jmorgan to analytics-privatedata-users

https://gerrit.wikimedia.org/r/574240

gerritbot added a project: Patch-For-Review.Feb 24 2020, 12:23 PM
gerritbot added a comment.Feb 24 2020, 12:27 PM

Change 574240 merged by Jbond:
[operations/puppet@production] Admin: Add jmorgan to analytics-privatedata-users

https://gerrit.wikimedia.org/r/574240

jbond closed this task as Resolved.Feb 24 2020, 12:30 PM
jbond claimed this task.

@Capt_Swing i have now added you to the analytics-privatedata-users group. please allow up-to 30 minutes for the change to propagate and take not of the comment from elukey

is there any reason why you stated stat1007 on the request? I am asking since people tend to cluster on it and it is a little crowded now (resources are often exhausted), so if possible I'd ask you to work on a different stat host (see https://wikitech.wikimedia.org/wiki/Analytics/Systems/Clients for more info). Thanks!

Maintenance_bot removed a project: Patch-For-Review.Feb 24 2020, 1:10 PM
Capt_Swing added a subscriber: Isaac.Feb 24 2020, 8:41 PM

@jbond @RhinosF1 @leila @Nuria thank you!

@elukey thanks for the heads-up! If I'm reading the docs right I guess I can use stat1004 or 1005 to access webrequests too. Is that correct? I'm going to do some Hive/Hadoop orientation with @Isaac and I'll make sure to ask him about this and other best practices too. Thanks!

Capt_Swing added a parent task: T241768: Pilot social media traffic reports for English Wikipedia.Feb 24 2020, 8:43 PM
RhinosF1 added a comment.Feb 24 2020, 8:51 PM

No problem! Thanks for being part of my first production commit.

Capt_Swing mentioned this in T246118: create kerberos identity for jmorgan.Feb 25 2020, 4:18 PM
RhinosF1 moved this task from Deployment to Done on the User-RhinosF1 board.Mar 3 2020, 10:38 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL