Page MenuHomePhabricator

Access to analytics-privatedata-users for Research volunteer Swagoel
Closed, ResolvedPublic


Swati Goel @Swagoel

Access Group

Swati, please:
[1] Sign up for a wikitech account at per . Let us know the username.
[2] Read this
[3] And then sign this:
[4] Generate a dedicated SSH key pair (Note to all: this should be a dedicated key generated for this specific access. Please do not share it between this and your other personal/academic projects.) - how to here:
[5] Post the link to your key in this task and also specify your preferred login name.

Many thanks!

SRE Checklist

This checklist should be used on all access requests to ensure that all steps are covered. This includes expansion to access. Please do not check off items on the list below unless you are in Ops and have confirmed the step.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform.
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - non-sudo requests: 3 business day wait must pass with no objections being noted on the task. (though Production_access#Filing_the_request claims this applies only to non-staff)
  • - sudo requests: All sudo requests must be approved by the user manager. If the sudo permissions also give access to restricted data then the data owner must also approve the request
  • - Patchset for access request
  • - add to 'nda' group with modify-ldap-group on mwmaint1002

Related Objects

Event Timeline

RobH updated the task description. (Show Details)
RobH added a subscriber: RobH.

I've updated the task description with the checklist for whoever is on SRE clinic duty to process this once the info is added. (My SRE clinic duty ends this Friday.)

I've assigned this to @Swagoel, but once you update it, you can either assign back to me (if done before 2020-11-06) or to whoever is next on:

RobH triaged this task as Medium priority.Nov 5 2020, 9:37 PM
RobH moved this task from Untriaged to Awaiting User Input on the SRE-Access-Requests board.

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOe8yGmiYe4TX6NLuqjO16X6vXJZnyoh6pdFS//eywhI
reason: to access the Hive data and be able to run large, efficient queries
wikitech username + email = swagoel +
preferred shell username = swagoel

RobH removed a subscriber: RobH.

My clinic duty finished last week, so this shouldn't be assigned to me. Reassigning to the current SRE clinic duty person according to

herron added a subscriber: jijiki.
herron added subscribers: Nuria, herron.

Looping in @Nuria for review and approval of analytics-privatedata-users access

(@herron I am the new approver since Nuria doesn't work at WMF anymore.)


Hi @KFrancis could you please verify that @Swagoel has a valid NDA on file? Thanks in advance!

@herron confirming @Swagoel has a valid NDA on file. Thanks!

Change 641471 had a related patch set uploaded (by Herron; owner: Herron):
[operations/puppet@production] admin: create swagoel account, add to analytics_privatedata_users

Change 641471 merged by Herron:
[operations/puppet@production] admin: create swagoel account, add to analytics_privatedata_users

herron claimed this task.

Hi @Swagoel, the requested access has been granted and will be fully active within 30 minutes. I'll transition this to closed now, but please reopen if any follow-up is needed. Thanks!

@herron, apologies, just saw this now. Thank you so much! I will work on onboarding @Swagoel in the coming days.

re-opening this for a quick request.
@herron could you add @Swagoel to the LDAP-group so that she can access the SWAP notebooks as well?

Many thanks!

Dzahn added a subscriber: Dzahn.

I'll take care of this. We have a rotating system for handling access requests each week.

@Miriam Please try again now. I just added @Swagoel to the "nda" LDAP group (based on T267314#6625628).

@Swagoel could you try to connect to the notebooks now as I showed you earlier, and let us know if it works?

assigning to Swagoel for now to confirm whether it works or fails. We will follow-up about the kerberos part if needed.

Thank you! Everything works now. I'm resolving the task.

Change 646652 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] admin: enable kerberos for swagoel

Change 646652 merged by Ssingh:
[operations/puppet@production] admin: enable kerberos for swagoel