Page MenuHomePhabricator

Grant Access to nda for west1
Closed, ResolvedPublic

Description

  • The username of your existing account on wikitech.wikimedia.org: west1
  • Do you currently have shell access (Yes/No)? Yes
  • Purpose (Specify which service you need to get access to, e.g. Icinga, Grafana, Superset etc): Hadoop, Jupyter Hub, Analytics UIs
  • The specific LDAP group that you want to be added to (optional): nda

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Wikitech username: west1
  • Email address:
  • SSH public key (must be a separate key from Wikimedia cloud SSH access):
  • Requested group membership: nda
  • Reason for access:
  • Name of approving party (manager for WMF/WMDE staff):
  • Ensure you have signed the L3 Wikimedia Server Access Responsibilities document:
  • Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
  • - User has provided the following: wikitech username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Event Timeline

@Cervisiarius Are you West1 on Wikitech? If so I would consider linking your Wikitech LDAP account to your Phabicator account via https://phabricator.wikimedia.org/settings/panel/external/ in the "Add external account" section.

Note: apparently puppet has rwest@wikimedia.org as my email address, but I think that one might have expired (I tried emailing it yesterday, as a test, but it bounced). So maybe we should update my contact address to robert.west@epfl.ch.

@Peachey88: thanks, I just linked the accounts!

colewhite triaged this task as Medium priority.

@KFrancis can you confirm an NDA on file for @Cervisiarius? Found it on NDA sheet tab. Thanks @elukey!

@KFrancis can you confirm an NDA on file for @Cervisiarius?

@colewhite in https://wikitech.wikimedia.org/wiki/SRE_Clinic_Duty#Access_requests it is mentioned a spreadsheet to quickly check NDAs (in this case the right one is under the "research collaboators" panel). We should be good (but please double check) - there are some info to fix though:

  • the email address as you mentioned (in the spreadsheet and in puppet)
  • the point of contact in puppet (Aaron is listed but he doesn't work for us anymore, meanwhile the spread sheet mentions @leila) - (Hi Leila! Tagging you to this task to let you know that we are probably going to change the point of contact for rwest from Aaron to you :)

At this point I think we should be good to add the user to nda :) Let me know your thoughts!

Change 698203 had a related patch set uploaded (by Cwhite; author: Cwhite):

[operations/puppet@production] admin: update west1 staff contact and email

https://gerrit.wikimedia.org/r/698203

Change 698203 merged by Cwhite:

[operations/puppet@production] admin: update west1 staff contact and email

https://gerrit.wikimedia.org/r/698203

Change 698205 had a related patch set uploaded (by Cwhite; author: Cwhite):

[operations/puppet@production] admin: amend west1 uid to uidNumber from ldap

https://gerrit.wikimedia.org/r/698205

The west1 added to nda group.

Please feel free to reopen if you encounter any related issue.

Thanks all! I checked, and I can now use Jupyter Hub. I saw that the Kerberos issue is being handled in task https://phabricator.wikimedia.org/T284022, so I'll keep an eye on that one, too.

Change 698205 merged by Ottomata:

[operations/puppet@production] admin: amend west1 uid to uidNumber from ldap

https://gerrit.wikimedia.org/r/698205

@KFrancis can you confirm an NDA on file for @Cervisiarius?

[...]

  • the point of contact in puppet (Aaron is listed but he doesn't work for us anymore, meanwhile the spread sheet mentions @leila) - (Hi Leila! Tagging you to this task to let you know that we are probably going to change the point of contact for rwest from Aaron to you :)

ack