Requesting access to gitlab1001 / gitlab1002 for Sergey Trofimovsky from Speed & Function
Closed, ResolvedPublicRequest
Actions

Assigned To

Authored By

	thcipriani
	Feb 25 2021, 12:26 AM

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

Wikitech username: "Sergey Trofimovsky"
Preferred shell username: strofimovsky01
Email address: sergey.trofimovsky@speedandfunction.com
Ssh public key (must be dedicated key for wmf production): ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5YOTFRFIXsSXERnbkkt2NUV+WgZhl7Ep7NWn4dpYsB troff@quiet.paranoia.ru
Requested group membership: gitlab-root
Reason for access: Speed & Function contract work for GitLab initialization project
Name of approving party (hiring manager for WMF staff): @thcipriani, @wkandek
Requestor -- Please Acknowledge that you have read and signed the L3 Wikimedia Server Access Responsibilities document:
Requestor -- Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

- User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
- User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
- User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
- User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.)
- access request (or expansion) has sign off of WMF sponsor/manager (sponser for volunteers, manager for wmf staff)
- Patchset for access request

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

	Subject	Repo	Branch	Lines +/-
	admin: add strofimovsky01 shll account and to gitlab-roots	operations/puppet	production	+9 -1

Customize query in gerrit

Related Objects
Search...

Status	Subtype	Assigned	Task
Resolved		Dzahn	T274458 Remove Speed & Function blockers for GitLab work
Resolved		Dzahn	T274460 Shell access for VMs for Speed & Function contractors
Resolved	Request	JMeybohm	T275722 Requesting access to gitlab1001 / gitlab1002 for Sergey Trofimovsky from Speed & Function

Event Timeline

thcipriani created this task.Feb 25 2021, 12:26 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 25 2021, 12:26 AM

thcipriani added a parent task: T274460: Shell access for VMs for Speed & Function contractors.Feb 25 2021, 12:26 AM

Maintenance_bot added a project: SRE.Feb 25 2021, 12:45 AM

RhinosF1 subscribed.Feb 25 2021, 7:27 AM

can we add Strofimovsky to the ticket so they can confirm they have signed the L3 also:

Email address: sergey.trofimovsky@speedandfunction.com

The email address registered in LDAP does not match this address

@wkandek or @thcipriani can you approve the access
@KFrancis are you able to confirm NDA status

thanks

jbond updated the task description. (Show Details)Feb 25 2021, 1:00 PM

In T275722#6860775, @jbond wrote:

@wkandek or @thcipriani can you approve the access

Approve. Thanks!

@jbond Hello, would you please confirm if Sergey Trofimovsky us an employee or contractor for Speed & Function? Would you please also let me know what access to gitlab1001 / gitlab1002 would be for?

@KFrancis they are not staff AFAIK the are contractors for Speed & Function. At a high level gitlab1001 / gitlab1002 are servers which will be used to build a PoC to replace the https://gerrit.wikimedia.org/. The NDA requirement is because theses servers will be on the production network and the contractors may need access to some of data sources that includes some PPI data.

@wkandek or @thcipriani should be able to provide more clarification

thanks

JMeybohm moved this task from Untriaged to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.Mar 1 2021, 11:34 AM

This is the confirmation that the L3 document is signed. You signed this document on Fri, Feb 26, 7:18 PM.

greg mentioned this in T275677: Requesting access to gitlab1001 / gitlab1002 for Oly Kalinichenko from Speed & Function.Mar 1 2021, 6:17 PM

@jbond Hello, I am confirming Sergey Trofimovsky is covered under Speed & Functions existing agreement. Please proceed with the access.

@Sergey.Trofimovsky.SF please see the comment below

Email address: sergey.trofimovsky@speedandfunction.com

The email address registered in LDAP does not match this address

Please either update the email address you have registered in wiki tech or confirm the email address you used to register

jbond updated the task description. (Show Details)Mar 2 2021, 12:42 PM

@jbond It's an outcome of me trying to separate personal and S&F accounts here, sorry about that. I updated the ticket with the correct _shell username_ (strofimovsky01), hope this helps.

Sergey.Trofimovsky.SF updated the task description. (Show Details)Mar 2 2021, 11:40 PM

jbond updated the task description. (Show Details)Mar 3 2021, 10:42 AM

In T275722#6877063, @Sergey.Trofimovsky.SF wrote:

@jbond It's an outcome of me trying to separate personal and S&F accounts here, sorry about that. I updated the ticket with the correct _shell username_ (strofimovsky01), hope this helps.

@sergeychernyshev thanks for the updated i see this account now, however you have unfortunately registered the same ssh key you present here in wikitech. The ssh key in wikitech is used in the Wikimedia cloud environment and production requires that you use a separate key. can you please generate and send a new ssh key for production access, sorry for the confusion.

@jbond sorry, can't do - wrong Sergey ;)

You probably meant @Sergey.Trofimovsky.SF

In T275722#6878623, @sergeychernyshev wrote:

@jbond sorry, can't do - wrong Sergey ;)

You probably meant @Sergey.Trofimovsky.SF

Ahh indeed thanks :)

Sergeys everywhere!

@jbond No problem, here's the new key:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP9JEWVUhWekpKtJWQuA3ccAtFxcIK8DYH0MoW/o4UNH

I also updated it in wikitech.

In T275722#6880487, @Sergey.Trofimovsky.SF wrote:
Sergeys everywhere!

@jbond No problem, here's the new key:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP9JEWVUhWekpKtJWQuA3ccAtFxcIK8DYH0MoW/o4UNH
I also updated it in wikitech.

The one you give on this task CAN NOT match what it is used on wikitech. They are separate systems.

In T275722#6880487, @Sergey.Trofimovsky.SF wrote:
Sergeys everywhere!

@jbond No problem, here's the new key:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP9JEWVUhWekpKtJWQuA3ccAtFxcIK8DYH0MoW/o4UNH
I also updated it in wikitech.

As mentioned by @RhinosF1 the keys in productions and cloud need to be different. if you keep this one in wikitech and thus used for the cloud environment i will use the original key (below to be explicit) for productions

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5YOTFRFIXsSXERnbkkt2NUV+WgZhl7Ep7NWn4dpYsB troff@quiet.paranoia.ru

Thanks, let's keep it this way!

Change 668186 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] admin: add strofimovsky01 shll account and to gitlab-roots

https://gerrit.wikimedia.org/r/668186

gerritbot added a project: Patch-For-Review.Mar 3 2021, 8:12 PM

jbond updated the task description. (Show Details)Mar 3 2021, 8:12 PM

Change 668186 merged by Jbond:
[operations/puppet@production] admin: add strofimovsky01 shll account and to gitlab-roots

https://gerrit.wikimedia.org/r/668186

Maintenance_bot removed a project: Patch-For-Review.Mar 4 2021, 10:10 AM

JMeybohm closed this task as Resolved.Mar 4 2021, 10:17 AM

JMeybohm claimed this task.