Page MenuHomePhabricator

Access to analytics-privatedata-users for Research contractor AikoChou
Closed, ResolvedPublic

Description

Who
Ai-Jou Chou @AikoChou

Access Group
analytics-privatedata-users
LDAP-group

Aiko, please:
[1] Sign up for a wikitech account at https://www.mediawiki.org/wiki/Developer_access per https://wikitech.wikimedia.org/wiki/Production_shell_access. Let us know the username.
[2] Read this https://wikitech.wikimedia.org/wiki/Requesting_shell_access
[3] And then sign this: https://phabricator.wikimedia.org/L3
[4] Generate a dedicated SSH key pair (Note to all: this should be a dedicated key generated for this specific access. Please do not share it between this and your other personal/academic projects.) - how to here: https://wikitech.wikimedia.org/wiki/Production_shell_access#Generating_your_SSH_key
[5] Post the link to your key in this task and also specify your preferred login name.

Many thanks!

Event Timeline

Hi @Miriam is Aiko going to get a -ctr@wikimedia email address from ITS? For contractors we require an expiry_date and expiry_contact (assuming you). Could you provide one? Of course access would be extended if the contract is extended. Thanks!

Hi @Dzahn! Aiko is not getting a wikimedia email address, unless needed. She will be working with us until June 30th, so if possible, she should have access until then. And yes, please put me as contact. Many thanks for working on this!

@Miriam Alright, just wanted to say we often see contractors with a special address with the -ctr@ suffix. But as far as I can tell it's not a requirement as long as we have an official @wikimedia.org account as the expiry contact.

CDanis added subscribers: Ottomata, CDanis.

Waiting on @AikoChou to complete prerequisites and also for @Ottomata to approve from Analytics.

Approved from Analytics.

Not sure what the requirement for 'manager approval' is for contractors, but perhaps in this case we should get @leila's (Miriam's manager's) approval?

makes sense to me.

Approved. And thank you!

Hi @CDanis,
My wikitech username: AikoChou
Preferred shell username: aikochou
SSh public key: https://phabricator.wikimedia.org/P14137
I have read and signed the L3 Wikimedia Server Access Responsibilities document.
Thanks! :)

Thank you!

Verified NDA signed in our tracking spreadsheet.

@AikoChou Please also make sure you have read https://wikitech.wikimedia.org/wiki/Analytics/Data_access#User_responsibilities

I'm in the process of granting shell access, but, @Miriam and @AikoChou -- please advise me about two things:

  • Do you also require access to Turnilo and Superset? If so, I can add you to the nda group, which grants that.
  • Are you going to be using your analytics-privatedata-users access to run queries against Hadoop/Hive? If so, I'll need to create a Kerberos account for you.

(Off topic for this ticket, but @Miriam & @leila -- we should probably update your onboarding template to include those answers?)

Change 661970 had a related patch set uploaded (by CDanis; owner: CDanis):
[operations/puppet@production] Shell account & Analytics access for aikochou

https://gerrit.wikimedia.org/r/661970

Checked in with Miriam on IRC and Turnilo/Superset access isn't needed, but Kerberos is. Doing that now.

Change 661970 merged by CDanis:
[operations/puppet@production] Shell account & Analytics access for aikochou

https://gerrit.wikimedia.org/r/661970

@AikoChou should have shell access within half an hour.

Also is an email waiting for them about setting their Kerberos password for data access.

Please reopen this ticket if anything else is needed!

Hi @CDanis,

Could you double check that I have LDAP access? because I'm not able to access the notebooks.

I'm able to access the servers (Hadoop client hosts) now, but not able to login the notebooks (Jupyterhub). It shows 'Invalid username or password'.

Thanks!

@CDanis nda LDAP is also needed for Jupyter access. Pretty much all users should get LDAP access if they are getting any access at all.

@CDanis nda LDAP is also needed for Jupyter access. Pretty much all users should get LDAP access if they are getting any access at all.

We either need to make this clearer in the clinic duty documentation, or in the onboarding template used here, or both :)

Anyway, NDA access granted: https://ldap.toolforge.org/user/AikoChou

Yeha it is not clear. I just updated https://wikitech.wikimedia.org/wiki/Analytics/Data_access with recommendations to also ask for that.