Page MenuHomePhabricator

Onboard Michael DiPietro to Wikimedia Foundation as SRE in Cloud Services
Closed, ResolvedPublic

Description

- unsigned mdipietro.key sha256sum 2507f3d44416c7b6d5372a24155a37d755c9d0dcb520d345c8d6aa063048b700

Running Doc: https://www.mediawiki.org/wiki/Wikimedia_Cloud_Services_team/Onboarding_Michael

  • Backchannel
    • Add to WMCS Telegram group
    • Add to Technical Engagement Telegram group
  • Technical Engagement team shares
  • Calendar invites
    • Add to WMCS weekly meeting (@nskaggs)
    • Add to WMCS backlog grooming meeting (@nskaggs)
    • Add to Developer Advocacy weekly meeting (@nskaggs)
    • Add to SRE weekly meeting (@nskaggs)
  • Gerrit trusted groups
    • Add to toollabs-trusted group for operations/docker-images/toollabs-images
  • Cloud VPS
    • Make projectadmin in "admin" project
    • Make projectadmin in "tools" project
    • Make projectadmin in "toolsbeta" project
    • Make projectadmin in "paws" project
  • Toolforge
    • Request access to Toolforge project https://toolsadmin.wikimedia.org/tools/membership/apply
    • Make projectadmin for Tools project
    • sudo for Toolforge
    • Add as maintainer of "admin" Toolforge tool (tools.admin LDAP group)
    • Add as maintainer of "admin" Toolsbeta tool (toolsbeta.admin LDAP group)
    • Add as maintainer of "admin" PAWS "tool" (paws.admin LDAP group)

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

Mentioned in SAL (#wikimedia-cloud) [2021-07-28T21:29:06Z] <majavah> add mdipietro as maintainer T287287

Mentioned in SAL (#wikimedia-cloud) [2021-07-28T21:33:22Z] <majavah> add mdipietro as projectadmin and to sudo policy T287287

rook updated the task description. (Show Details)

Mentioned in SAL (#wikimedia-cloud) [2021-07-29T14:08:06Z] <majavah> add mdipietro as projectadmin T287287

Mentioned in SAL (#wikimedia-cloud) [2021-07-29T14:09:01Z] <majavah> add mdipietro as projectadmin T287287

rook updated the task description. (Show Details)

Change 709091 had a related patch set uploaded (by Michael DiPietro; author: Michael DiPietro):

[operations/puppet@production] add mdipietro newhire to icinga contact groups

https://gerrit.wikimedia.org/r/709091

Change 709091 merged by Michael DiPietro:

[operations/puppet@production] add mdipietro newhire to icinga contact groups

https://gerrit.wikimedia.org/r/709091

Thanks for adding the signed keys, I could import and see the new signatures. I pushed it to the repo.

Just one issue left is the key is shown as "invalid" when I try to re-encrypt the files because it seems to have expired a few days ago, on July 30th.

"pub   rsa4096 2021-07-30 [SC]"
rook triaged this task as Low priority.Aug 10 2021, 4:22 PM

Change 711192 had a related patch set uploaded (by Michael DiPietro; author: Michael DiPietro):

[labs/private@master] add newhire mdipietro key

https://gerrit.wikimedia.org/r/711192

Change 711192 merged by Andrew Bogott:

[labs/private@master] add newhire mdipietro key

https://gerrit.wikimedia.org/r/711192

@mdipietro You should now be able to decrypt files in pwstore (the ones owned by the ops group). sorry for the delay due to technical issues with pwstore and invalid keys. There were multiple unrelated issues, some keys were expired and another was that your new key was added in ASCII-armored format instead of binary where pwstore just says it is "invalid" without giving details why. John found this by looking directly at .keyring. After he fixed that I fixed your group membership (ops instead of netops) and finally re-encrypted all the ops-owned files including your key. You can now try something like "pwstore ed management" to confirm you can decrypt files.