Page MenuHomePhabricator

Fundraising access request for for Noah Israel
Closed, ResolvedPublic

Description

This is a new access request for Noah Israel. They require the following access: (mark each box with an x)

  • civicrm web access
    • standard access
    • donor services access
  • ssh access - if specific hosts: list here
  • mysql - if specific hosts or databases: list here
  • superset
  • other: please explain

Prerequisites

Before we can take any action to add a user, we need to verify that they are authorized to have such access. This requires confirmation from their manager and approval from the C level that access is approved.

[x] user_verification
Requires: user request
[x] access_rights: letter to C level (currently Lisa) verifying grant of access
[x] account name/contact info: verify on https://collab.wikimedia.org/wiki/Fundraising#Contact_List

Accounts and Services

[x] user account
Requires: user_verification
[x] Add the user to the users.yaml and group_members.yaml files as appropriate.
[x] Push out puppet changes.
[x] client_ssl_cert
Requires: user_verification
[x] cert_setup: generate cert on frpm1001 using ssl_user_admin
[x] account_setup: sms the user the password for the key
[x] follow_on: assist with certificate installation
[x] yubikey
Requires: useraccount and OIT request to send out yubikey to user
[x] physical: Make a request to OIT to have a key sent to the user
[x] account_setup: Get public side and add to puppet-private/manifests/passwords/yubico.pp
[x] follow_on: Make sure user can use yubikey for ssh access
[x] ssh
Requires: useraccount and yubikey
[x] key_setup: Send template/docs for generating keypair and ~/.ssh/config file
[x] account_setup: Get public side and add to puppet-private/secrets/ssh/default/$username
[x] follow_on: Verify user can ssh using correct creds and passphrases when needed.
[x] mysql
Requires: useraccount, yubikey, ssh
[x] account_setup
    [x] Create user block in ~/puppet-private/secrets/mysql_grants/fundraising_qa
    [x] Ensure user is in correct blocks for select rights on dbs.
        - Generally use another user in same group as a guide
    [x] Run the grant script to get the grants.
    [x] Copy/paste to execute the grants on appropriate dbs.
    [x] Create the user a ~/.my.cnf file with the original password from account creation.
[x] follow_on: Verify user can ssh to the required host and log in to mysql.
[x] civicrm
Requires: client_ssl_cert
[x] account_setup: Create user account. This will notify the user via email to update their password.
[x] follow_on: Verify user can log in to https://civicrm.wikimedia.org
[x] superset
Requires: client_ssl_cert
[x] account_setup: Create user account. Notify the user of their account name and password.
[x] follow_on: Verify user can log in to https://analytics.frdev.wikimedia.org

Event Timeline

Dwisehaupt renamed this task from Access to CIVI and Terminal for Noah Israel to Fundraising access request for for Noah Israel.Oct 5 2020, 4:28 PM
Dwisehaupt updated the task description. (Show Details)
Dwisehaupt added a subscriber: Dwisehaupt.

Approval.

---------- Forwarded message ---------
From: Lisa Gruwell
Date: Sun, Oct 4, 2020 at 6:10 PM
Subject: Re: [Please approve] CIVI and Terminal access to new hire Noah Israel
To: Patricia Pena
Cc: fr-tech, Samuel Patton, Jeff Green

Yes, I approve. 

On Fri, Oct 2, 2020 at 1:52 PM Patricia Pena wrote:
      Hi Lisa,
Noah (starting next week, Oct 8th) needs access to CIVI and the Terminal. Could you please
approve?
Thanks, 
Pats

Can we also get superset access? Thanks :)

  • SSL client certificate created and sent via email. Password sent via SMS
  • User account created and pushed out via puppet
  • mysql user accounts created, grants run, and testing with .my.cnf completed successfully on frdev1001
  • civicrm account created and welcome email sent
  • superset account created with temp password
Dwisehaupt claimed this task.
Dwisehaupt triaged this task as Medium priority.
Dwisehaupt updated the task description. (Show Details)
Dwisehaupt moved this task from In Progress to Done on the fundraising-tech-ops board.

Had a couple of mispastes with the ssh pub key but we got there in the end. Noah is set up and verified that he has access through ssh and can execute mysql commands