Page MenuHomePhabricator

Requesting access to mwmaint1002.eqiad.wmnet for holger
Closed, ResolvedPublicRequest

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Wikitech username: Holger Knust
  • Preferred shell username: holger
  • Email address: hknust@wikimedia.org
  • Ssh public key (must be dedicated key for wmf production): ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWLd4PthDND+UrmG07f8HIYz2L6G6/PsFra/xGzHT9d hknust@wikimedia.org
  • Requested group membership: deployment
  • Reason for access: To run maintenance scripts
  • Name of approving party (hiring manager for WMF staff): Will Doran
  • Requestor -- Please Acknowledge that you have read and signed the L3 Wikimedia Server Access Responsibilities document: Yes
  • Requestor -- Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponser for volunteers, manager for wmf staff)
  • - non-sudo requests: 3 business day wait must pass with no objections being noted on the task
  • - Patchset for access request

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

This request needs explicit approval of @WDoranWMF here.

Either @thcipriani or SRE team would be the right people to own mwmaint servers, requesting his ok. Do you know if the requested access "deployment" is required to run maintenance scripts, or does "restricted" suffice for that?

Either @thcipriani or SRE team would be the right people to own mwmaint servers, requesting his ok. Do you know if the requested access "deployment" is required to run maintenance scripts, or does "restricted" suffice for that?

Approved.

For maintenance scripts "restricted" should suffice. If there is a need to pull code onto the maintenance server or rebuild l10n (or sync something as part of SWAT) then "deployment" is what's needed.

@holger.knust based on your written needs "To run maintenance scripts" and title "Requesting access to mwmaint1002", plus @thcipriani comment, I would suggest restricted as the group.

Change 584932 had a related patch set uploaded (by Jcrespo; owner: Jcrespo):
[operations/puppet@production] admin: Add holger to restricted group to run maintenance scripts

https://gerrit.wikimedia.org/r/584932

Change 584932 merged by Jcrespo:
[operations/puppet@production] admin: Add holger to restricted group to run maintenance scripts

https://gerrit.wikimedia.org/r/584932

@holger.knust your access has been deployed, in a few minutes it will take effect on the desired hosts (mwmaint1002, ...).

Please test access to resolve this ticket.

Note that your requested access was different from the one applied, based on your needs and manager advice- note this is not final and done, if for any reason other privileges are needed, this can be reviewed.