Page MenuHomePhabricator
Create Task
Maniphest T278390

Toolforge root for Majavah
Closed, ResolvedPublic
Actions

Assigned To
Andrew
Authored By
taavi
Mar 24 2021, 9:49 PM
Tags
Referenced Files
None
Subscribers
aborrero
Aklapper
bd808
Bstorm
DannyS712
dcaro
Dzahn
View All 11 Subscribers
Tokens
"Party Time" token, awarded by nskaggs."Like" token, awarded by Legoktm."Like" token, awarded by Krenair."Love" token, awarded by bd808.

Description

I'd like to help with maintaining Toolforge and for that am requesting Toolforge root access. In addition of occasional user support which needs access to some parts of the infrastructure, I'm interested in maintaining and upgrading the infrastructure, such as tasks similar to T267082.

Related Objects

Event Timeline

taavi created this task.Mar 24 2021, 9:49 PM
Restricted Application edited projects, added cloud-services-team (Kanban); removed cloud-services-team. · View Herald TranscriptMar 24 2021, 9:49 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
bd808 moved this task from Inbox to Needs discussion on the cloud-services-team (Kanban) board.Mar 24 2021, 9:55 PM
DannyS712 subscribed.Mar 25 2021, 3:17 AM
Andrew claimed this task.Mar 31 2021, 3:32 PM
aborrero subscribed.Mar 31 2021, 3:32 PM

+1

dcaro subscribed.Mar 31 2021, 3:34 PM

+1

bd808 awarded a token.Mar 31 2021, 4:20 PM
Krenair awarded a token.Apr 6 2021, 11:15 PM
Bstorm moved this task from Needs discussion to Doing on the cloud-services-team (Kanban) board.Apr 7 2021, 3:27 PM
Andrew added a comment.Apr 23 2021, 5:48 PM

@nskaggs, any update on the legal/NDA situation here?

nskaggs added a comment.Apr 26 2021, 1:06 PM

This is still under review. Unfortunately I don't have an ETA to share.

Legoktm awarded a token.Apr 26 2021, 3:49 PM
KFrancis subscribed.May 5 2021, 6:50 PM

@nskaggs @Andrew Hello! I am writing to confirm the NDA has been signed! You may proceed with granting access. Thanks for your patience!

nskaggs awarded a token.May 5 2021, 7:14 PM
Andrew added a comment.May 5 2021, 7:20 PM
  • Project administrator: This allows a user to add and delete other users from the Toolforge project.
  • sudo policy "roots": This allows a user to use sudo to become root on Toolforge instances.
  • 'admin' tool maintainer: This allows a user to log into infrastructure instances and perform tasks as the admin tool.
  • Gerrit group "toollabs-trusted": This allows a user to +2 changes in repositories exclusive to Toolforge.
Andrew added a comment.EditedMay 5 2021, 7:24 PM
  • Project administrator: This allows a user to add and delete other users from the Toolforge project.
# openstack role add --project tools --user taavi projectadmin
RhinosF1 subscribed.May 5 2021, 7:25 PM
Stashbot added a comment.May 5 2021, 7:27 PM

Mentioned in SAL (#wikimedia-cloud) [2021-05-05T19:27:03Z] <andrewbogott> adding taavi as a sudo root to project toolforge for T278390

taavi added a comment.May 5 2021, 7:33 PM
Andrew added a comment.May 6 2021, 2:37 AM
In T278390#7063594, @Stashbot wrote:

Mentioned in SAL (#wikimedia-cloud) [2021-05-05T19:27:03Z] <andrewbogott> adding taavi as a sudo root to project toolforge for T278390

  • sudo policy "roots": This allows a user to use sudo to become root on Toolforge instances.
Andrew added a comment.May 6 2021, 2:39 AM
  • 'admin' tool maintainer: This allows a user to log into infrastructure instances and perform tasks as the admin tool.
Andrew added a comment.May 6 2021, 2:48 AM
  • Gerrit group "toollabs-trusted": This allows a user to +2 changes in repositories exclusive to Toolforge.
Stashbot added a comment.May 6 2021, 4:35 AM

Mentioned in SAL (#wikimedia-cloud) [2021-05-06T04:34:58Z] <Majavah> add own root key to project hiera on horizon T278390

Andrew closed this task as Resolved.May 6 2021, 1:56 PM

All done -- thank you for your patience!

taavi mentioned this in T291191: Please subscribe Majavah to ops mailing list.Sep 16 2021, 2:26 PM
taavi mentioned this in T292086: Security Issue Access Request for Majavah.Sep 29 2021, 4:02 PM
Dzahn subscribed.EditedOct 7 2021, 8:17 PM

Confirmed is already in Google doc NDA and MOU: Volunteer accounts with Server and LDAP-level access

edit: wrong ticket, meant T292783 which is kind of a follow-up to this

Dzahn mentioned this in T292783: Grant Access to cn=nda for Majavah.Oct 7 2021, 8:19 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits