Page MenuHomePhabricator
Create Task
Maniphest T270125

Requesting access to deployment group for STran
Closed, ResolvedPublicRequest
Actions

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Wikitech username: STran
  • Preferred shell username: stran
  • Email address: stran@wikimedia.org
  • Ssh public key (must be dedicated key for wmf production): ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC9NUdOb4+i0s1qwJjc02Nl8uPVxA+gH4ddDwQbu335/raSV9scp1bZzqAM/r5w7xiqkrmnfLWzBgiRWzfHPD1hmKFwKW5Mr2xDDym90UN9qhujqdw9VTkq28VDNRNQ8BWurT8Ec30D79L6kiF+RpT9i8LcX91HBpJJ864A4oNyovjgvAQ+Zt5aASlNC2QJAnGIzIeSlWgOL2ds4fMu/k4Vz4fvobY21HZJupNZbpZSCfcF4oinH/gQhLk2M9VY/O5eyqPuJZlvCQ1iaF2rISnszFwxq/vZpCueLZVfXU2/AGxzdGzH5UU7jFBkCbXDgkp/+xAYqn92u8ZxBsiWwQgCPSrlsCC9hbQ1jfW1EBj63u2hXmAyg1v/RJfXU6vtioNdBCKK0hOfOMMQttKc8OetME3YZfCB3CFwaLwozTcl8yk1bg5bHjWfz7l5abGeMM4I9kiQmwrZw3aKa3l/rC5F0Y+Zjgim4HNWMBPBX9lBG1bMN87vcSdp4K/nRQKyBgTbsyxTXo3j4T9KYaWiZ13xWL9k7koQp2SorDk2maGnqw1sXv8D5vE4kacIHdePAAotnwaZqmUMb6QrALqHTHuL4OV1nXSInlyvMrmH6zq4XmvgfWNNrRFdWo74+95a+0nqoU9RMgUHHx4kX6bz02+1yzsYbp1CvJxNPUkzOxBJ1Q== stran@wikimedia.org
  • Requested group membership: deployment
  • Reason for access: As one of two engineers on Anti-Harassment-Team, @STran needs to be able to deploy config changes and backports. They also need shell access for our feature work, e.g. T268294: Ensure the necessary data files are present and accessible on beta for IP Info to function.
  • Name of approving party (hiring manager for WMF staff): @aezell
  • Requestor -- Please Acknowledge that you have read and signed the L3 Wikimedia Server Access Responsibilities document: read and signed
  • Requestor -- Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
  • - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF manager
  • - release engineering approval for access to deployment group
  • - Patchset for access request

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
admin: Promote stran from ldap_only_users to users; add to deploymentoperations/puppetproduction+9 -5
Customize query in gerrit

Related Objects

Event Timeline

Tchanders created this task.Dec 14 2020, 7:57 PM
Restricted Application added a project: SRE. · View Herald TranscriptDec 14 2020, 7:57 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
RLazarus assigned this task to Tchanders.Dec 14 2020, 9:40 PM
RLazarus triaged this task as Medium priority.
RLazarus moved this task from Untriaged to Awaiting User Input on the SRE-Access-Requests board.
RLazarus subscribed.

Hi @STran, welcome!

@Tchanders From the "WIP" in the title, I'm guessing this isn't ready for SRE to work on yet, so I'm assigning it back to you. Feel free to pass it to me when it's ready for action. If you have any questions or you'd like some help getting it filled out, just say the word!

STran renamed this task from [WIP] Requesting access to deployment group for STran to Requesting access to deployment group for STran.Dec 15 2020, 5:34 AM
STran reassigned this task from Tchanders to RLazarus.
STran updated the task description. (Show Details)

@RLazarus I've finished filling it out and believe it's ready. Thank you! 🙇

RLazarus moved this task from Awaiting User Input to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.Dec 15 2020, 3:49 PM
RLazarus added a subscriber: thcipriani.

@STran Thanks!

@aezell Can you please comment here, approving as @STran's manager?

@thcipriani Can you please also comment, approving for the deployment group on behalf of releng?

RLazarus updated the task description. (Show Details)Dec 15 2020, 3:50 PM
RLazarus added a comment.Dec 15 2020, 3:53 PM

(P.S. Today is technology's department-wide Fun Day, so further progress from Tyler and me might not come until tomorrow; sorry for the inconvenience. Give a yell if this is urgent, and we can get it taken care of.)

Tchanders added a comment.Dec 15 2020, 8:30 PM

Thanks @RLazarus! We're not in a particular hurry.

thcipriani added a comment.Dec 16 2020, 3:59 PM
In T270125#6692335, @RLazarus wrote:

@thcipriani Can you please also comment, approving for the deployment group on behalf of releng?

Approved!

RLazarus updated the task description. (Show Details)Dec 16 2020, 6:30 PM
aezell added a comment.Dec 16 2020, 6:57 PM

Approved!

gerritbot added a comment.Dec 16 2020, 11:36 PM

Change 649992 had a related patch set uploaded (by RLazarus; owner: RLazarus):
[operations/puppet@production] admin: Promote stran from ldap_only_users to users; add to deployment

https://gerrit.wikimedia.org/r/649992

gerritbot added a project: Patch-For-Review.Dec 16 2020, 11:36 PM
gerritbot added a comment.Dec 16 2020, 11:43 PM

Change 649992 merged by RLazarus:
[operations/puppet@production] admin: Promote stran from ldap_only_users to users; add to deployment

https://gerrit.wikimedia.org/r/649992

RLazarus closed this task as Resolved.Dec 16 2020, 11:49 PM

@thcipriani @aezell Thanks!

@STran You're all set -- give it up to 30 minutes for the change to be deployed everywhere, and then you should be able to log in with the SSH key you provided. I've also added you to the wmf-deployment group on Gerrit.

Please remember (as you read in L3) that you now have a somewhat scary level of access to Wikimedia systems, as does anyone who compromises your account. Comport yourself with an appropriate level of paranoia, and feel free to reach out if you have any questions about what that means. :)

Resolving this ticket but let me know if you have any trouble!

RLazarus updated the task description. (Show Details)Dec 16 2020, 11:49 PM
Maintenance_bot removed a project: Patch-For-Review.Dec 17 2020, 12:10 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits