Page MenuHomePhabricator

Requesting access to analytics for ItamarWMDE
Closed, ResolvedPublicRequest

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Wikitech username: Itamar Givon
  • Preferred shell username: itamar
  • Email address: itamar.givon@wikimedia.de
  • Ssh public key (must be dedicated key for wmf production): ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+qAVkcIT2B/CjXPVPgbf8Z9MEZFG/+awJOSJd0GkTC itgi@C285
  • Requested group membership: analytics-wmde-users, analytics-privatedata-users
  • Reason for access: Research for wikidata reference suggestor, primarily using the Wikidata JSON dumps that are loaded into hadoop
  • Name of approving party (hiring manager for WMF staff): @Nuria (WMF side), @WMDE-leszek (WMDE side)
  • Requestor -- Please Acknowledge that you have read and signed the L3 Wikimedia Server Access Responsibilities document: I have
  • Requestor -- Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponser for volunteers, manager for wmf staff)
  • - non-sudo requests: 3 business day wait must pass with no objections being noted on the task
  • - Patchset for access request
  • - Kerberos account setup

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

Related Gerrit Patches:
operations/puppet : productionadmin: add kerberos flag for user itamar
operations/puppet : productionadmin: grant user itamar analytics access
operations/puppet : productionadmin: convert user itamar from ldap to shell

Event Timeline

Restricted Application added a project: Operations. · View Herald TranscriptWed, Mar 25, 2:53 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Volans triaged this task as Medium priority.Wed, Mar 25, 3:46 PM
Volans updated the task description. (Show Details)
Volans updated the task description. (Show Details)Wed, Mar 25, 3:51 PM
Volans added subscribers: KFrancis, Volans.

Looping @KFrancis to verify that we have a valid NDA on file. I can see the line in the related spreadsheet but there are no dates, so asking for confirmation.

@ItamarWMDE could you update the task description for the Name of approving party entry adding also your WMDE manager?

ItamarWMDE updated the task description. (Show Details)Wed, Mar 25, 3:53 PM

@Volans Done. Thank you for the quick processing.

WMDE-leszek updated the task description. (Show Details)Wed, Mar 25, 4:13 PM
WMDE-leszek updated the task description. (Show Details)
WMDE-leszek added a subscriber: darthmon_wmde.
Nuria added a comment.Wed, Mar 25, 8:24 PM

@ItamarWMDE hello, can you explain what is the work you need data access for?

KFrancis claimed this task.Thu, Mar 26, 1:00 AM

Looping @KFrancis to verify that we have a valid NDA on file. I can see the line in the related spreadsheet but there are no dates, so asking for confirmation.
@ItamarWMDE could you update the task description for the Name of approving party entry adding also your WMDE manager?

@Volans - I'm confirming we have a valid NDA on file for Itamar Givon. Thanks!

Addshore updated the task description. (Show Details)
Volans reassigned this task from KFrancis to Nuria.Thu, Mar 26, 10:04 AM
Volans updated the task description. (Show Details)

@Nuria task description was updated with more details on the reason for access. Over to you for approval.

I approve this request from WMDE side.

Hello @Nuria, thank you for your review and cosideration. As @Addshore added in the description of the ticket, I need access to wikidata json dumps in hadoop to make various queries regarding statements, references and items with external ids.

Nuria added a comment.Thu, Mar 26, 6:19 PM

Approved on my end , please read the data access guidelines: https://wikitech.wikimedia.org/wiki/Analytics/Data_Access_Guidelines

Volans claimed this task.Thu, Mar 26, 6:37 PM
Volans updated the task description. (Show Details)

If no objections will be raised by Monday afternoon EU time the related patch could be sent and merged.

jcrespo updated the task description. (Show Details)

Change 584894 had a related patch set uploaded (by Volans; owner: Volans):
[operations/puppet@production] admin: convert user itamar from ldap to shell

https://gerrit.wikimedia.org/r/584894

Change 584895 had a related patch set uploaded (by Volans; owner: Volans):
[operations/puppet@production] admin: grant user itamar analytics access

https://gerrit.wikimedia.org/r/584895

SSH key confirmed with Itamar on a side channel. This can proceed for me.

Change 584894 merged by Jcrespo:
[operations/puppet@production] admin: convert user itamar from ldap to shell

https://gerrit.wikimedia.org/r/584894

Change 584895 merged by Jcrespo:
[operations/puppet@production] admin: grant user itamar analytics access

https://gerrit.wikimedia.org/r/584895

jcrespo updated the task description. (Show Details)Wed, Apr 1, 9:20 AM
jcrespo added a subscriber: jcrespo.

@ItamarWMDE, after a few minutes passes (~30) you should be able to log in following https://wikitech.wikimedia.org/wiki/Production_access#Setting_up_your_access

Please let us know if you are successful, and we can close this ticket as resolved.

@Addshore please report here any per-service access provided, too.

Thanks all!

The next step for data access will be https://wikitech.wikimedia.org/wiki/Analytics/Systems/Kerberos setup

Ping Analytics (I'll also ping in IRC)

Addshore removed Volans as the assignee of this task.Wed, Apr 1, 9:27 AM
Addshore updated the task description. (Show Details)

Change 585201 had a related patch set uploaded (by Elukey; owner: Elukey):
[operations/puppet@production] admin: add kerberos flag for user itamar

https://gerrit.wikimedia.org/r/585201

elukey added a subscriber: elukey.Wed, Apr 1, 11:42 AM
elukey@krb1001:~$ sudo manage_principals.py create itamar --email_address=itamar.givon@wikimedia.de
Principal successfully created. Make sure to update data.yaml in Puppet.
Successfully sent email to itamar.givon@wikimedia.de

Please check your inbox!

Change 585201 merged by Elukey:
[operations/puppet@production] admin: add kerberos flag for user itamar

https://gerrit.wikimedia.org/r/585201

elukey closed this task as Resolved.Wed, Apr 1, 11:45 AM
elukey updated the task description. (Show Details)

@jcrespo I confirm that I was able to log in. Thank you.

@elukey Thanks for the prompt response!

@elukey Should this also provide me with access to hue.wikimedia.org?

elukey added a comment.Wed, Apr 1, 1:40 PM

@elukey Should this also provide me with access to hue.wikimedia.org?

Needs another access, just added you!

@elukey Thank you, am able to access hue now :)