Page MenuHomePhabricator
Create Task
Maniphest T263692

Requesting access to analytics-privatedata-users for Djellel Difallah
Closed, ResolvedPublicRequest
Actions

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Wikitech username: dedcode
  • Preferred shell username: dedcode
    • NOTE: Djellel's old home directories on stat100X were under this username as well; if possible, please do not delete the information in there as he will be picking up from where he left off
  • Email address: difallah@gmail.com
  • Ssh public key (must be dedicated key for wmf production): ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDKOQuvYUM24VSu66EabGuHYGvFp6w7uT6w1Ffq4rzlgn/SJLU8Js/++AumTzOCqv5ClWxkJvHwbewckDF8tnAokwRGesfJiAmD5DClsU7T49dRhVyU8X+15mwdGjRBMFxtShnOvkjR0m5ezQCGTnvfyRl6GlgncP1BotVW9y99phsaIb18jyc+9c2yGsUO6BZQULwsJP4lS7hMNtBkx6Wil+iw2fK2dviOxB5XgVc8XleWMqEy6MMJkrgAg3YtKX/QdPP9v7cWr6AI56uCrOSnObjOYly5IyB8lqty2CZnS3B5QK4W3paa/T3Yndy06gLQp1n2gz9vosTBKvfEm6LdAwLBYGF+Izj8ppx0xfmuqPY9xsIdM/s+WSvVcIZZ2Cr1yAZH6RIJvTSQ9QOEylIT6gUF4k/qd3q0upkgDn80roIzCyFgUkZoAgaHRUgcG3aa3jsiJBdf8hL+Z9b2PvvGU/XQoEC+MSIhpEx3klLhZgqRB/NTAK0Wf7100szc6AIjBE3mpnYtxNMjz7uJjtfXMcPYl2WEMJvb60ziMk7DlWhR+TWl3sGxpi1QOlQlJrFUNpwxt9fjf9OAZIX8J8OvoF1OnZTlkPnGPq5MF2EmA1noNBAXgfQfr76nrwV+7uS4wP2TK5tI8R8pdcAu0Zj5nWWJbUznngV6PyXlZK7mbQ== difallah@gmail.com
  • Requested group membership: analytics-privatedata-users
  • Reason for access: formal collaboration with the Research team; specifically sockpuppet detection and link recommendation pipelines to be efficient depend on the cluster for compute and Hive tables for the underlying data -- e.g., wmf.mediawiki_history.
  • Name of approving party (hiring manager for WMF staff): @leila
  • Requestor -- Please Acknowledge that you have read and signed the L3 Wikimedia Server Access Responsibilities document:
  • Requestor -- Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponser for volunteers, manager for wmf staff)
  • - non-sudo requests: 3 business day wait must pass with no objections being noted on the task
  • - Patchset for access request
  • - update ldap group membership from cn=wmf to cn=nda

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

SubjectRepoBranchLines +/-
admin: update dedcode account attributes and set expiryoperations/puppetproduction+4 -2
Customize query in gerrit

Related Objects

Event Timeline

Isaac created this task.Sep 23 2020, 8:43 PM
Restricted Application added a project: SRE. · View Herald TranscriptSep 23 2020, 8:43 PM
Restricted Application added subscribers: Sadads, Aklapper. · View Herald Transcript
Isaac added a comment.Sep 23 2020, 8:44 PM

@leila if you could give approval, that'd be appreciated
@DED if you could confirm you've signed the L3 agreement in the task description and make sure all the information is correct, that'd be appreciated

leila added a comment.Sep 23 2020, 8:47 PM

Approved on my end. (team manager)

DED added a comment.Sep 23 2020, 9:00 PM

Since I am using the same phab username (with updated email and MediaWiki linked accounts), my signature is still valid:

You signed this document on Oct 2 2019, 8:18 PM.

Please let me know if I should sign it again, and how.

ArielGlenn updated the task description. (Show Details)Sep 28 2020, 8:40 AM
ArielGlenn updated the task description. (Show Details)
ArielGlenn updated the task description. (Show Details)Sep 28 2020, 8:46 AM
ArielGlenn added subscribers: Nuria, ArielGlenn.Sep 28 2020, 8:50 AM

@DED Please have a look at https://wikitech.wikimedia.org/wiki/Analytics/Data_access#User_responsibilities if you have not already.

Adding @Nuria to get sign-off from analytics as well.

ArielGlenn triaged this task as Medium priority.Sep 28 2020, 8:53 AM
Isaac added a comment.Sep 30 2020, 2:42 PM

Thanks @ArielGlenn !

@Nuria -- anything additional you need from us?

herron moved this task from Untriaged to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.Sep 30 2020, 5:31 PM
Nuria added a comment.Sep 30 2020, 6:36 PM

@Isaac When does this collaboration expire?

Isaac added a comment.Sep 30 2020, 6:52 PM

When does this collaboration expire?

@Nuria We have agreed to a six-month MOU/NDA with the opportunity to renew, so 10 March 2021 is the current expiration date but given the longer-term nature of the projects in question (link recommendation and sockpuppet detection), I would expect that we will renew at that date for at least another six months.

Nuria added a comment.Sep 30 2020, 6:54 PM

Ok, let's approve access until 10 March 2021 and when collaboration is extended access can be so. Approved on my end.

gerritbot added a comment.Oct 1 2020, 2:27 PM

Change 631455 had a related patch set uploaded (by Herron; owner: Herron):
[operations/puppet@production] admin: update dedcode account attributes and set expiry

https://gerrit.wikimedia.org/r/631455

gerritbot added a project: Patch-For-Review.Oct 1 2020, 2:27 PM
herron subscribed.Oct 1 2020, 2:30 PM

Since this is somewhat of an atypical access request (in that the account and group membership are pre-existing, but attributes are changing) please have a close look at https://gerrit.wikimedia.org/r/631455 to ensure it matches the expected outcome. Thanks in advance!

herron updated the task description. (Show Details)Oct 1 2020, 2:55 PM
gerritbot added a comment.Oct 1 2020, 5:58 PM

Change 631455 merged by Herron:
[operations/puppet@production] admin: update dedcode account attributes and set expiry

https://gerrit.wikimedia.org/r/631455

herron updated the task description. (Show Details)Oct 1 2020, 6:01 PM
herron closed this task as Resolved.Oct 1 2020, 6:05 PM
herron claimed this task.

The requested access has been enabled and will become active within the next 30 minutes. I'll transition this task to resolved now, but please don't hesitate to re-open if any follow-up is needed. Thanks!

Maintenance_bot removed a project: Patch-For-Review.Oct 1 2020, 6:10 PM
Isaac added a comment.Oct 1 2020, 6:15 PM

@herron sorry was a bit late but the patch looks good to me. thanks!

MoritzMuehlenhoff mentioned this in T264392: Update public key for production shell for dedcode.Oct 2 2020, 8:01 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL