- Create shell user (can connect to bastions)
- server root shell (membership in ops group)
- Phabricator User + 2FA
- Phabricator permissions to see NDA and Ops restricted tickets, and added to trusted users for antivandal exempt: https://phabricator.wikimedia.org/project/profile/29/ https://phabricator.wikimedia.org/project/profile/61/ https://phabricator.wikimedia.org/project/profile/974/
- Add to private IRC channels https://office.wikimedia.org/wiki/IRC#Channel_operators_commands
- Add to ops mailing lists (ops and ops-private minimum requirements)
- Add to Exim mail aliases (root via private.git:modules/privateexim/files/wikimedia.org)
- Icinga user and permissions (icinga commands, paging/notifications)
- Phone/pager setup (i.e. VictorOps, see https://office.wikimedia.org/wiki/Technology/Onboarding/Checklists/Template#Site_Reliability_Engineering)
- Add to wmf and ops LDAP groups (for web services)
- Access to Office Wiki (OIT grants that)
- Gerrit login and +2 on operations/puppet (this is automatic from being added to LDAP groups above)
- Access to pwstore
- Access to Google group for maint-announce mails (directly added user via "web only participation" option from https://groups.google.com/a/wikimedia.org/forum/#!managemembers/ops-maintenance/add though anyone in wikimedia org should be able to join)
- Add to "Ops vendor maintenance" Calendar
Description
Details
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | RLazarus | T249352 Onboarding Wolfgang Kandek | |||
Resolved | bd808 | T256429 let Wolfgang Kandek read security tickets |
Event Timeline
Welcome Wolfgang! We've already been chatting about some of this stuff, but this Phab task will track progress as we get it taken care of.
Change 588474 had a related patch set uploaded (by Wolfgang Kandek; owner: Wolfgang Kandek):
[operations/puppet@production] admin: add Wolfgang Kandek to ldap_only_users
Change 588474 merged by RLazarus:
[operations/puppet@production] admin: add Wolfgang Kandek to ldap_only_users
gpg --fingerprint 9B51CE0772203719B26C8ED3EEABB9556398421F pub rsa4096 2020-04-23 [SC] 9B51 CE07 7220 3719 B26C 8ED3 EEAB B955 6398 421F uid [ultimate] Wolfgang Kandek <wkandek@wikimedia.org> sub rsa4096 2020-04-23 [E] sub rsa4096 2020-04-23 [A]
RSA Key from yubikey:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZ4qNjoBpqHTj25VV1MgfQiNqv5jupK1FtJ6M84dLxHQZgaoSvoDsoBJrfgVxZXC46b8S31rv46VkG6WPTfN4Y+h8w39RlK3ekUl+UjUdC9h45e0q1jlbufW97ISa3n8iCaY87bs8GKx5MiGjGtLpmEz3evKLkqhXTvRhe9vU/XMVLQBVKESSMCfJF5Hiz4W6bndF3tFiFJZzF/VzMW9J8Wlfd6lfsYxXhBC4KNy/vivCCajPXJwUtlcvTEFMbbZHMf+m37hzzG8E+HNScRTO5jsqiHw4Ga+v+Roos/rh43wUmv/yE+rcwISPS6ghePy59hUbirjuCkysan5tOdcjb1NTu6aUekQYEO+mkitRFCZVb7aJctlrLoC/F2zaK+MjvmHuV1M/NSrYfk9fir0fX+XErgjsF73mr7H0cHDh9FiMfMGqmSdQdthqR0V7aFfZ/46Gt4lLlegYQFQYdF8H5ZptvQgIh1otBmH9omOFTWKqzrOQfAua569ZjXA/+aBWqbKxS1kThp6LGlZkNR7rCdjbRZ08AXF54iLU2XpLjBZRWm6Y4RroG1tgc7x2pAU/8p61Ll2eLO9aZEMeWGFYDS70wSkmy8DZi8UAS0d4pdIy6GVqMbcIJC/AkfVsk+JBDhcMp2kWGkKIAL0p5IO6Gc/WjioRChfBX06yTkhHWnw== cardno:000611108181
Change 592753 had a related patch set uploaded (by RLazarus; owner: RLazarus):
[operations/puppet@production] admin: Upgrade wkandek from ldap_only_users to root shell
Change 592753 merged by RLazarus:
[operations/puppet@production] admin: Upgrade wkandek from ldap_only_users to root shell
Change 592769 had a related patch set uploaded (by RLazarus; owner: RLazarus):
[operations/puppet@production] icinga: Privileged access for wkandek
Change 592769 merged by RLazarus:
[operations/puppet@production] icinga: Privileged access for wkandek