Page MenuHomePhabricator

Requesting access to production shell for Denny Vrandecic
Closed, ResolvedPublic

Description

Username: DVrandecic
Full name: Denny Vrandečić
Add to groups: analytics-privatedata-users

  • Wikitech username: dvrandecic
  • Preferred shell username: dvrandecic
  • Email address: dvrandecic@wikimedia.org
  • Ssh public key (must be dedicated key for wmf production): ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCiiWPaPdEGsyjzpM2nzJjH7Mu9vMCqdhKFcdpbHu/UeiXKhAwUdy6prPkLlSwO69KKr2DUGAwgPforDxSEJ9UdaWlXmmDkxNlYo9htryusAMwRJKPXB7VaRWogek/eIvBzI1H2KNTD1Zc0PEVcD+b0wdwlaJWpWo/X5vPVQl5utbmW7EOjqwl79kqv43O4dcH2RsT9+jjRdDMNRV9EfL2mLZ2ZvypqHafxLNUukZMCGaTD7ToFgvjpwcXtshOJVE438uvk74nVmgDlEgvLyHRE5rwcO/uJMR7mFDikVxo1j9zmg3So9ug5iqYzgzBhKOhIcFWxmmP199FiE2WVdMoBMMLIaeOoLZ4HXarwSATQGEuhNu2lt2uO/0ZBJa44yE14T6Wwdw/or/ux4TA3vrnK95SEuwSYiHnWyzzQAnUJpST6fR3RMDysRxIYIGQLdDlyi9Z9qs7k/vxwZ0wFPnvoI5eXDaAcxEO7Ncm9tMG2GmGL9utRuL4qSuUWzbfVW28= dvrandecic@wikimedia.org
  • Requested group membership: analytics-privatedata-users
  • Reason for access: Denny is a full time WMF employee that should have access to data infrastructure, he already has access to turnilo/superset
  • Name of approving party (hiring manager, for WMF staff): Tnegrin (Toby Negrin)
    • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
    • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
    • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform).
    • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
    • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for WMF staff)
    • - Patchset for access request

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFri, Jul 31, 8:10 PM
Nuria updated the task description. (Show Details)
Nuria updated the task description. (Show Details)
Nuria updated the task description. (Show Details)Fri, Jul 31, 9:39 PM

FYi that @DVrandecic 's manager needs to approve this request , is this @dr0ptp4kt ?

@Tnegrin would you please approve?

herron updated the task description. (Show Details)Mon, Aug 3, 5:01 PM
herron added a subscriber: herron.

@Nuria could you please review and give a thumbs up/down on the request for analytics-privatedata-users membership?

@DVrandecic could you please review and sign the L3 document?

Once those two are complete we'll be ready to move on with the patchset. Thanks in advance!

Nuria added a comment.Mon, Aug 3, 10:40 PM

@herron: approved on my end.

@DVrandecic please be so kind to read the quite important data access guidelines (to summarize: data cannot leave WMF premises) https://wikitech.wikimedia.org/wiki/Analytics/Data_Access_Guidelines

Change 618243 had a related patch set uploaded (by Alexandros Kosiaris; owner: Alexandros Kosiaris):
[operations/puppet@production] admin: Add dvrandecic to analytics-privatedata-users

https://gerrit.wikimedia.org/r/618243

akosiaris updated the task description. (Show Details)Tue, Aug 4, 9:17 AM
akosiaris added a subscriber: akosiaris.

@DVrandecic The patchset is ready to be merged, but we can't proceed without your signature on the L3 document. Could you please review and sign it? Thanks in advance!

akosiaris triaged this task as Medium priority.Thu, Aug 6, 11:11 AM
Nuria added a comment.Fri, Aug 7, 4:52 PM

I think L3 doc is signed now so we can proceeed?

mforns edited projects, added Analytics-Radar; removed Analytics.Mon, Aug 10, 3:32 PM

@akosiaris is on vacations, I'll handle this ASAP

Change 618243 merged by Vgutierrez:
[operations/puppet@production] admin: Add dvrandecic to analytics-privatedata-users

https://gerrit.wikimedia.org/r/618243

Nuria added a comment.Mon, Aug 10, 4:36 PM

@DVrandecic will also need a kerberos password

Change 619325 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] admin: Set krb flag for dvrandecic

https://gerrit.wikimedia.org/r/619325

Change 619325 merged by Vgutierrez:
[operations/puppet@production] admin: Set krb flag for dvrandecic

https://gerrit.wikimedia.org/r/619325

Vgutierrez closed this task as Resolved.Mon, Aug 10, 4:55 PM

@DVrandecic will also need a kerberos password

vgutierrez@krb1001:~$ sudo -i manage_principals.py create dvrandecic --email_address=dvrandecic@wikimedia.org
Principal successfully created. Make sure to update data.yaml in Puppet.
Successfully sent email to dvrandecic@wikimedia.org

done. https://gerrit.wikimedia.org/r/c/operations/puppet/+/618243 has been merged as well.