Page MenuHomePhabricator

Request for access to analytics-privatedata-users for cparle
Closed, ResolvedPublic

Description

Hi

I need access to analytics-privatedata-users in order to query data in SWAP

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Wikitech username: Cparle
  • Preferred shell username: cparle
  • Email address: cparle@wikimedia.org
  • Ssh public key (must be dedicated key for wmf production): ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDTroA/q8voMNw9A4skHh1DQLIP2Hb3L4bb9dwinwFER cormacparle@Cormacs-MacBook-Pro.local
  • Requested group membership: analytics-privatedata-users
  • Reason for access: need query search usage via jupyter in order to make decisions about how to approach mediasearch
  • Name of approving party (hiring manager for WMF staff): @MarkTraceur
  • I have read and signed L3
  • see approval in comment below

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponser for volunteers, manager for wmf staff)
  • - non-sudo requests: 3 business day wait must pass with no objections being noted on the task
  • - Patchset for access request

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Related Objects

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

Hi @Cparle, per the description of SRE-Access-Requests, you need to add the following information to the task:

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Wikitech username:
  • Preferred shell username:
  • Email address:
  • Ssh public key (must be dedicated key for wmf production):
  • Requested group membership:
  • Reason for access:
  • Name of approving party (hiring manager for WMF staff):
  • Requestor -- Please Acknowledge that you have read and signed the L3 Wikimedia Server Access Responsibilities document:
  • Requestor -- Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponser for volunteers, manager for wmf staff)
  • - non-sudo requests: 3 business day wait must pass with no objections being noted on the task
  • - Patchset for access request

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

cc @Nuria for approval/signoff (or other folks in Analytics can sign off too? not sure)

fgiunchedi triaged this task as Medium priority.Aug 17 2020, 8:29 AM
Wikitech username: Cparle
Preferred shell username: cparle
Email address: cparle@wikimedia.org
Ssh public key (must be dedicated key for wmf production): ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDTroA/q8voMNw9A4skHh1DQLIP2Hb3L4bb9dwinwFER cormacparle@Cormacs-MacBook-Pro.local
Requested group membership: analytics-privatedata-users
Reason for access: I need access to analytics-privatedata-users in order to query data with jupyter in order to make decisions about how to approach mediasearch
Name of approving party (hiring manager for WMF staff): @MarkTraceur

I have read and signed L3

@Cparle: so we can better direct this request, what information are you looking for when it comes to mediasearch?

Well, @EBernhardson wrote this for me https://people.wikimedia.org/~ebernhardson/commonswiki_queries_across_wikis_20200801_20200807.html and I want to be able to write that kind of thing myself - to be able to dig into how the commonswiki indices are being searched, and from where, and how much, to inform whether/how we might try and implement new ways of searching for images from other wikis

@MarkTraceur is on vacation this week, so maybe @dr0ptp4kt could sign this off for me instead?

I see, approved on my end. Please make sure to read https://wikitech.wikimedia.org/wiki/Analytics/Data_Access_Guidelines

the main takes are that data cannot leave our boxes and that you cannot make data public that is not to date w/o a privacy review .

Please also add a kerberos identity!

jijiki added a subscriber: jijiki.

@Cparle I understand you have written the requested information already, I would appreciate it if you'd do it once more on the task description, so to keep things as tidy as possible. Thank you and sorry for the inconvenience.

fgiunchedi renamed this task from Request for access to analytics-privatedata-users to Request for access to analytics-privatedata-users for cparle.Aug 31 2020, 12:58 PM

Change 623400 had a related patch set uploaded (by Effie Mouzeli; owner: Effie Mouzeli):
[operations/puppet@production] admin: add cparle to analytics-privatedata-users

https://gerrit.wikimedia.org/r/623400

Change 623400 abandoned by Effie Mouzeli:
[operations/puppet@production] admin: add cparle to analytics-privatedata-users

Reason:
wrong parent

https://gerrit.wikimedia.org/r/623400

Change 623407 had a related patch set uploaded (by Effie Mouzeli; owner: Effie Mouzeli):
[operations/puppet@production] admin: add cparle to analytics-privatedata-users

https://gerrit.wikimedia.org/r/623407

Change 623407 merged by Effie Mouzeli:
[operations/puppet@production] admin: add cparle to analytics-privatedata-users

https://gerrit.wikimedia.org/r/623407

jijiki claimed this task.

@Cparle done :)

@jijiki I think it's missing the "krb: present" in admin.yaml and other steps needed for T260450#6415718.

yeah I missed the update from the other task

Change 623429 had a related patch set uploaded (by Effie Mouzeli; owner: Effie Mouzeli):
[operations/puppet@production] admin: add krb:present to cparle

https://gerrit.wikimedia.org/r/623429

Change 623429 merged by Effie Mouzeli:
[operations/puppet@production] admin: add krb:present to cparle

https://gerrit.wikimedia.org/r/623429

@Cparle I suggest to read https://wikitech.wikimedia.org/wiki/Analytics/Systems/Kerberos/UserGuide for Kerberos, especially https://wikitech.wikimedia.org/wiki/Analytics/Systems/Kerberos/UserGuide#Authenticate_via_Kerberos. You should have received an email with a temporary password, that the command kinit will ask the first time that runs on a stat100x host to change the password to something that you'll only know.

Please follow up with Analytics for any issue :)