Page MenuHomePhabricator

Access to analytics-privatedata-users for Research volunteer Swagoel
Closed, ResolvedPublic

Description

Who
Swati Goel @Swagoel

Access Group
analytics-privatedata-users

Swati, please:
[1] Sign up for a wikitech account at https://www.mediawiki.org/wiki/Developer_access per https://wikitech.wikimedia.org/wiki/Production_shell_access . Let us know the username.
[2] Read this https://wikitech.wikimedia.org/wiki/Requesting_shell_access
[3] And then sign this: https://phabricator.wikimedia.org/L3
[4] Generate a dedicated SSH key pair (Note to all: this should be a dedicated key generated for this specific access. Please do not share it between this and your other personal/academic projects.) - how to here: https://wikitech.wikimedia.org/wiki/Production_shell_access#Generating_your_SSH_key
[5] Post the link to your key in this task and also specify your preferred login name.

Many thanks!

SRE Checklist

This checklist should be used on all access requests to ensure that all steps are covered. This includes expansion to access. Please do not check off items on the list below unless you are in Ops and have confirmed the step.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform.
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - non-sudo requests: 3 business day wait must pass with no objections being noted on the task. (though Production_access#Filing_the_request claims this applies only to non-staff)
  • - sudo requests: All sudo requests must be approved by the user manager. If the sudo permissions also give access to restricted data then the data owner must also approve the request
  • - Patchset for access request
  • - add to 'nda' group with modify-ldap-group on mwmaint1002

Related Objects

Event Timeline

Miriam created this task.Nov 5 2020, 12:17 PM
RobH assigned this task to Swagoel.Nov 5 2020, 9:24 PM
RobH updated the task description. (Show Details)
RobH added a subscriber: RobH.

I've updated the task description with the checklist for whoever is on SRE clinic duty to process this once the info is added. (My SRE clinic duty ends this Friday.)

I've assigned this to @Swagoel, but once you update it, you can either assign back to me (if done before 2020-11-06) or to whoever is next on: https://wikitech.wikimedia.org/wiki/SRE_Clinic_Duty#Schedule

RobH triaged this task as Medium priority.Nov 5 2020, 9:37 PM
RobH moved this task from Untriaged to Awaiting User Input on the SRE-Access-Requests board.
Swagoel added a comment.EditedNov 10 2020, 8:44 PM

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOe8yGmiYe4TX6NLuqjO16X6vXJZnyoh6pdFS//eywhI swati@Swatis-Air.volcano.net
reason: to access the Hive data and be able to run large, efficient queries
wikitech username + email = swagoel + ms.swati.goel@gmail.com
preferred shell username = swagoel

Swagoel reassigned this task from Swagoel to RobH.Nov 10 2020, 10:04 PM
RobH reassigned this task from RobH to jijiki.Nov 10 2020, 10:05 PM
RobH removed a subscriber: RobH.

My clinic duty finished last week, so this shouldn't be assigned to me. Reassigning to the current SRE clinic duty person according to https://wikitech.wikimedia.org/wiki/SRE_Clinic_Duty#Schedule

herron removed jijiki as the assignee of this task.Nov 16 2020, 4:59 PM
herron added a subscriber: jijiki.
herron updated the task description. (Show Details)Nov 16 2020, 5:15 PM
herron added subscribers: Nuria, herron.

Looping in @Nuria for review and approval of analytics-privatedata-users access

(@herron I am the new approver since Nuria doesn't work at WMF anymore.)

Approved!

herron updated the task description. (Show Details)Nov 16 2020, 7:16 PM

Hi @KFrancis could you please verify that @Swagoel has a valid NDA on file? Thanks in advance!

@herron confirming @Swagoel has a valid NDA on file. Thanks!

Change 641471 had a related patch set uploaded (by Herron; owner: Herron):
[operations/puppet@production] admin: create swagoel account, add to analytics_privatedata_users

https://gerrit.wikimedia.org/r/641471

herron updated the task description. (Show Details)Nov 17 2020, 6:03 PM

Change 641471 merged by Herron:
[operations/puppet@production] admin: create swagoel account, add to analytics_privatedata_users

https://gerrit.wikimedia.org/r/641471

herron closed this task as Resolved.Nov 18 2020, 3:04 PM
herron claimed this task.

Hi @Swagoel, the requested access has been granted and will be fully active within 30 minutes. I'll transition this to closed now, but please reopen if any follow-up is needed. Thanks!

@herron, apologies, just saw this now. Thank you so much! I will work on onboarding @Swagoel in the coming days.

Miriam reopened this task as Open.Nov 25 2020, 6:30 PM

re-opening this for a quick request.
@herron could you add @Swagoel to the LDAP-group so that she can access the SWAP notebooks as well?

Many thanks!

Dzahn claimed this task.Nov 25 2020, 6:37 PM
Dzahn added a subscriber: Dzahn.

I'll take care of this. We have a rotating system for handling access requests each week.

Mentioned in SAL (#wikimedia-operations) [2020-11-25T18:38:44Z] <mutante> LDAP adding swagoel to NDA T267314#6625628

Dzahn added a comment.Nov 25 2020, 6:40 PM

@Miriam Please try again now. I just added @Swagoel to the "nda" LDAP group (based on T267314#6625628).

Dzahn updated the task description. (Show Details)Nov 25 2020, 6:41 PM

@Swagoel could you try to connect to the notebooks now as I showed you earlier, and let us know if it works?

Dzahn reassigned this task from Dzahn to Swagoel.Nov 25 2020, 9:38 PM

assigning to Swagoel for now to confirm whether it works or fails. We will follow-up about the kerberos part if needed.

Thank you! Everything works now. I'm resolving the task.

Swagoel closed this task as Resolved.Dec 3 2020, 6:07 PM

Change 646652 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] admin: enable kerberos for swagoel

https://gerrit.wikimedia.org/r/646652

Change 646652 merged by Ssingh:
[operations/puppet@production] admin: enable kerberos for swagoel

https://gerrit.wikimedia.org/r/646652