Page MenuHomePhabricator
Create Task
Maniphest T246019

Requesting access to analytics-privatedata-users for Michael Holloway
Closed, ResolvedPublicRequest
Actions

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Wikitech username: Mholloway
  • Preferred shell username: mholloway-shell
  • Email address: mholloway@wikimedia.org
  • Ssh public key (must be dedicated key for wmf production): ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4utj9osWuPYu5lxsbNoWMaae6K7rtabeoUDRkBw8Rs 2019-03-15-new-ubuntu-prod
  • Requested group membership: analytics-privatedata-users
  • Reason for access: Need access to EventLogging data for infrastructure design and planning
  • Name of approving party (hiring manager for WMF staff): Joaquin Oltra Hernandez
  • Requestor -- Please Acknowledge that you have read and signed the L3 Wikimedia Server Access Responsibilities document: Yes
  • Requestor -- Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponser for volunteers, manager for wmf staff)
  • - non-sudo requests: 3 business day wait must pass with no objections being noted on the task (new docs say this rule does not apply anymore for staff
  • - Patchset for access request

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

SubjectRepoBranchLines +/-
admins: add mholloway to analytics-privatedata-usersoperations/puppetproduction+1 -1
Customize query in gerrit

Related Objects

Event Timeline

Mholloway created this task.Feb 24 2020, 5:23 PM
Restricted Application added a project: SRE. · View Herald TranscriptFeb 24 2020, 5:23 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Mholloway added a comment.Feb 24 2020, 5:25 PM

Side note: Is it possible to update my shell username simply by changing all instances of it in modules/admin/data/data.yaml, or am I effectively stuck with it?

Mholloway added a subscriber: Jhernandez.Feb 24 2020, 5:25 PM

Ping @Jhernandez for manager approval.

Mholloway added a project: Product-Infrastructure-Team-Backlog-Deprecated.Feb 24 2020, 5:26 PM
Mholloway moved this task from Needs triage to Tracking on the Product-Infrastructure-Team-Backlog-Deprecated board.
Jhernandez added a comment.Feb 24 2020, 5:33 PM

Approved from my side

RhinosF1 subscribed.Feb 24 2020, 5:51 PM
Dzahn subscribed.Feb 28 2020, 1:16 AM
In T246019#5912778, @Mholloway wrote:

Side note: Is it possible to update my shell username simply by changing all instances of it in modules/admin/data/data.yaml, or am I effectively stuck with it?

No, that's unfortunately not as simple. It would have to match the information in LDAP which is coming from what was used on Wikitech wiki.

gerritbot added a comment.Feb 28 2020, 1:21 AM

Change 575388 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] admins: add mholloway to analytics-privatedata-users

https://gerrit.wikimedia.org/r/575388

gerritbot added a project: Patch-For-Review.Feb 28 2020, 1:21 AM
Dzahn added a subscriber: Nuria.Feb 28 2020, 1:22 AM

@Mholloway We can ignore the checkboxes about making an SSH key since you already have shell access. Same for signing L3, i confirm you did that back in 2015. And NDA is included in Full Time employee status which i can confirm on the OIT (corp) LDAP servers.

Uploading patch for review and adding @Nuria

Dzahn updated the task description. (Show Details)Feb 28 2020, 1:28 AM
Dzahn moved this task from Untriaged to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.
Nuria added a comment.Mar 3 2020, 12:50 AM

Approved on my end

Dzahn claimed this task.Mar 3 2020, 2:11 PM
gerritbot added a comment.Mar 3 2020, 3:12 PM

Change 575388 merged by Dzahn:
[operations/puppet@production] admins: add mholloway to analytics-privatedata-users

https://gerrit.wikimedia.org/r/575388

Dzahn added a comment.Mar 3 2020, 3:16 PM

@Nuria Thanks! Done.

@Mholloway You have been added to the analytics-privatedata-users group. I ran puppet on stat1005 and saw it add your key. Things should work now as expected (in max 30 minutes if puppet needs to run on other hosts besides stat1005).

Dzahn closed this task as Resolved.Mar 3 2020, 3:16 PM
Maintenance_bot removed a project: Patch-For-Review.Mar 3 2020, 4:10 PM
Mholloway mentioned this in T246834: Requesting Kerberos authentication principal for Michael Holloway.Mar 3 2020, 10:14 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL