Page MenuHomePhabricator
Create Task
Maniphest T258119

Requesting access to deployment for jlinehan
Closed, ResolvedPublicRequest
Actions

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Wikitech username: jlinehan
  • Preferred shell username: jdl
  • Email address: jlinehan@wikimedia.org
  • Ssh public key (must be dedicated key for wmf production): ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZcJ3VhuvTvkRNYmNB6RW4GInY8RQOdjjXSEz9UDS27
  • Requested group membership: deployment
  • Reason for access: need to be able to deploy
  • Name of approving party (hiring manager for WMF staff): @dcipoletti
  • Requestor -- Please Acknowledge that you have read and signed the L3 Wikimedia Server Access Responsibilities document: yes
  • Requestor -- Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponser for volunteers, manager for wmf staff)
  • - non-sudo requests: 3 business day wait must pass with no objections being noted on the task not required for staff
  • - Patchset for access request

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

SubjectRepoBranchLines +/-
admin: add jdl to deploymentoperations/puppetproduction+2 -1
Customize query in gerrit

Related Objects

Event Timeline

jlinehan created this task.Jul 15 2020, 10:54 PM
Restricted Application added a project: SRE. · View Herald TranscriptJul 15 2020, 10:54 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
jlinehan added a comment.EditedJul 15 2020, 10:59 PM

This was completed back in October 2018 when I was hired (T207951) but the recent audit (T237696) seems to have removed me from the deployment group, due to not having deployed in the last 2 years (technically true, but I had only been with the foundation for ~1.3 years at the time of that task's completion).

Also, it would have been great if there had been an e-mail or something to notify me of the access change, since it looks like the audit list was of a reasonable size and this should have been possible. It looks like there was an attempt to subscribe people to the task in order to notify them, but I was not subscribed for some reason, perhaps due to my shell username not matching my Phabricator username.

Also the phab template for these requests has a typo in the checklist:

  • access request (or expansion) has sign off of WMF sponsor/manager (sponser for volunteers, manager for wmf staff)

Sponser should be sponsor.

Thanks!

Dzahn mentioned this in T237696: Wikimedia deployers audit.Jul 15 2020, 11:05 PM
Dzahn added a subscriber: sbassett.
dcipoletti added a comment.Jul 15 2020, 11:07 PM

As Jason's manager, I approve

CDanis claimed this task.Jul 16 2020, 12:38 PM
CDanis triaged this task as Medium priority.
CDanis updated the task description. (Show Details)Jul 16 2020, 6:15 PM
gerritbot added a comment.Jul 16 2020, 6:15 PM

Change 613217 had a related patch set uploaded (by CDanis; owner: CDanis):
[operations/puppet@production] add jdl to deployment

https://gerrit.wikimedia.org/r/613217

gerritbot added a project: Patch-For-Review.Jul 16 2020, 6:15 PM
gerritbot added a comment.Jul 16 2020, 6:18 PM

Change 613217 merged by CDanis:
[operations/puppet@production] admin: add jdl to deployment

https://gerrit.wikimedia.org/r/613217

CDanis closed this task as Resolved.Jul 16 2020, 6:18 PM

Done; should be live across the fleet within 30 minutes.

Maintenance_bot removed a project: Patch-For-Review.Jul 16 2020, 7:10 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL