Create new group for root access to snapshot, dumpsdata and labstore1006,7 with holger in it
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	ArielGlenn
	Mar 17 2021, 5:48 AM

Description

@holger.knust will be dumps co-maintainer with me, and as such, he should be able to do all tasks that don't require SRE-level access (i.e. access to cumin etc). This includes rebooting hosts to pick up security fixes, disabling/enabling/running puppet, rsyncing manually fixed datasets, disabling and re-enabling cron jobs, checking logs, installing updated packages, and so on.

A new group should be created for this level of access to the specific hosts.

This will need discussion at the SRE meeting.

Tagging @WDoranWMF for manager approval. Tagging @Bstorm for visibility because the two labstore boxes are WMCS.

Details

	Subject	Repo	Branch	Lines +/-
	add dumps-roots to the dumpsdata roles so people in that group get access	operations/puppet	production	+8 -0
	Create group for root access to snapshot, dumpsdata and labstore1006,7 hosts	operations/puppet	production	+13 -0

Customize query in gerrit

Related Objects

Mentioned In: T277635: Get Holger access to all repos, hosts, services needed as a dumps co-maintainer

Event Timeline

ArielGlenn created this task.Mar 17 2021, 5:48 AM

Change 672879 had a related patch set uploaded (by ArielGlenn; owner: ArielGlenn):
[operations/puppet@production] Create group for root access to snapshot, dumpsdata and labstore1006,7 hosts

https://gerrit.wikimedia.org/r/672879

gerritbot added a project: Patch-For-Review.Mar 17 2021, 5:59 AM

ArielGlenn updated the task description. (Show Details)Mar 17 2021, 6:06 AM

ArielGlenn edited subscribers, added: • holger.knust; removed: Holger.

Maintenance_bot added a project: SRE.Mar 17 2021, 6:45 AM

ArielGlenn mentioned this in T277635: Get Holger access to all repos, hosts, services needed as a dumps co-maintainer.Mar 17 2021, 7:44 AM

Volans triaged this task as Medium priority.Mar 17 2021, 11:28 AM

Volans moved this task from Untriaged to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.

@ArielGlenn This is actually a two-fold requests. This one is for the new group creation requires discussion in the next SRE meeting (I've just added it).
We need also a group approver that will be marked in data.yaml with the approval key. Who would that person be in this case?

When the group will be there then we'll need a separate request for the addition of Holger in it with approval by their manager and the group approver as any other access request.

Volans moved this task from Manager/NDA Approval/Confirmation to SRE Meeting Review on the SRE-Access-Requests board.Mar 17 2021, 11:38 AM

Volans moved this task from SRE Meeting Review to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.

In T277629#6921052, @Volans wrote:

@ArielGlenn This is actually a two-fold requests. This one is for the new group creation requires discussion in the next SRE meeting (I've just added it).
We need also a group approver that will be marked in data.yaml with the approval key. Who would that person be in this case?

When the group will be there then we'll need a separate request for the addition of Holger in it with approval by their manager and the group approver as any other access request.

I always forget about the approval line. It's been added in the latest version of the patch, same as the other snapshot-related access groups.

Hi as @holger.knust manager, I approve the request

Volans moved this task from Manager/NDA Approval/Confirmation to SRE Meeting Review on the SRE-Access-Requests board.Mar 17 2021, 3:51 PM

This was approved in yesterday's SRE meeting, though I guess someone on that team probably ought to say so instead of me :-)

ArielGlenn moved this task from Backlog to Active on the Dumps-Generation board.Mar 23 2021, 6:42 AM

Change 672879 merged by ArielGlenn:
[operations/puppet@production] Create group for root access to snapshot, dumpsdata and labstore1006,7 hosts

https://gerrit.wikimedia.org/r/672879

Taking John Bond's +1 on the patchset as "someone on that team saying so", and duly noting the approval from the appropriate manager, I have merged this. Once I have confirmed that Holger has the desired access, I'll close the task.

Maintenance_bot removed a project: Patch-For-Review.Mar 26 2021, 7:10 AM

• ema moved this task from SRE Meeting Review to Awaiting User Input on the SRE-Access-Requests board.Apr 6 2021, 12:33 PM

Any news on access check for @holger.knust ?

In T277629#6985797, @Dzahn wrote:

Any news on access check for @holger.knust ?

It might be some days before we're able to check, the task can just idle here until I update it. Sorry for the clutter :-)

ArielGlenn moved this task from Active to Blocked/Stalled/Waiting for event on the Dumps-Generation board.Apr 14 2021, 5:59 AM

Any news on this?

In T277629#7024732, @akosiaris wrote:

Any news on this?

I apologize but it's still not possible to check. I have not forgotten about it though. I will update the task once there is more information.

Dzahn changed the task status from Open to Stalled.May 3 2021, 7:02 PM

jbond subscribed.Jun 21 2021, 2:49 PM

Hey @ArielGlenn, Since this has been idling in the access request queue for some time I'm going to untag SRE-Access-Requests for the time being. If any follow up is needed please do re-tag. Thanks!

Hey this is now verified and we're closing. Thanks for your patience, everybody!

Change 705006 had a related patch set uploaded (by ArielGlenn; author: ArielGlenn):

[operations/puppet@production] add dumps-roots to the dumpsdata roles so people in that group get access

https://gerrit.wikimedia.org/r/705006

gerritbot added a project: Patch-For-Review.Jul 16 2021, 5:49 PM

Change 705006 merged by ArielGlenn: