Page MenuHomePhabricator
Create Task
Maniphest T265071

Renable SSH access for Lex Nasser, analytics intern
Closed, ResolvedPublic
Actions

Description

Our intern Lex is back working for us, so we should re-enable the following:

  • ssh access
  • membership of in either the nda or the wmf LDAP groups
  • kerberos principal

The last credentials were removed in puppet with https://phabricator.wikimedia.org/rOPUPb9514726ed0e6bfcb292bd9ad28e28d49a0d351c

Can we re-enable the old SSH key or should Lex create a new one?

Details

SubjectRepoBranchLines +/-
admin: add user lexnasser back to active stateoperations/puppetproduction+9 -5
Customize query in gerrit

Related Objects

Event Timeline

elukey created this task.Oct 8 2020, 6:31 PM
Restricted Application added a project: SRE. · View Herald TranscriptOct 8 2020, 6:31 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Dzahn added a comment.Oct 8 2020, 7:35 PM

Using the same key should be fine. But we will need a new "expiry_date" please. And should we use expiry_contact: nruiz@ like before?

Nuria added a subscriber: Ottomata.Oct 8 2020, 9:51 PM

Expiry contact will be @Ottomata end data is April 1 2021

gerritbot added a comment.Oct 9 2020, 7:13 AM

Change 633135 had a related patch set uploaded (by Elukey; owner: Elukey):
[operations/puppet@production] admin: add user lexnasser back to active state

https://gerrit.wikimedia.org/r/633135

gerritbot added a project: Patch-For-Review.Oct 9 2020, 7:13 AM
gerritbot added a comment.Oct 9 2020, 7:25 AM

Change 633135 merged by Elukey:
[operations/puppet@production] admin: add user lexnasser back to active state

https://gerrit.wikimedia.org/r/633135

elukey added a comment.Oct 9 2020, 7:32 AM

@lexnasser you should now be able to ssh to the stat100x hosts (notebooks are not there anymore, deprecated, we copied your things on stat1007 IIRC). I have also added you to the nda LDAP group as we did before, so you should be able to access UIs etc..

Last thing is kerberos: can you confirm your email address? lexnasser@icloud.com ? (I'll send the temp password to it)

Maintenance_bot removed a project: Patch-For-Review.Oct 9 2020, 8:10 AM
lexnasser added a comment.Oct 9 2020, 4:10 PM

@elukey

Yep, that's the correct email. I also confirm that I'm now able to access Turnilo and Stat1007. Thanks for your help!

Kormat closed this task as Resolved.Oct 12 2020, 8:09 AM
Kormat claimed this task.

Sounds like this is complete, so resolving.

elukey added a comment.Oct 12 2020, 8:19 AM

Just executed:

elukey@krb1001:~$ sudo manage_principals.py create lexnasser --email_address=lexnasser@icloud.com
Principal successfully created. Make sure to update data.yaml in Puppet.
Successfully sent email to lexnasser@icloud.com

@lexnasser please check you inbox and set you kerberos password, after that you should be set!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL