Page MenuHomePhabricator
Create Task
Maniphest T288355

Requesting access to releasers-wikibase for @dang
Closed, ResolvedPublicRequest
Actions

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Wikitech username: Dat Nguyen
  • Email address: dat.nguyen@wikimedia.de
  • SSH public key (must be a separate key from Wikimedia cloud SSH access): ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICnlB6UtmPKPJZOXl/2fkAC88ccb9dn15upi0SsifFg5 dang@C353
  • Requested group membership: releasers-wikibase
  • Reason for access: Releasing 1.35.3-wmde.2 security fixes
  • Name of approving party (manager for WMF/WMDE staff): Conny Kawohl
  • Ensure you have signed the L3 Wikimedia Server Access Responsibilities document: I've already signed it on 4th June 2021
  • Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet) - T288355#7286220 comment confirms NDA status
  • - User has provided the following: wikitech username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff) T288355#7290232
  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml T288355#7290232
  • - patchset merged - https://gerrit.wikimedia.org/r/c/operations/puppet/+/713659

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

SubjectRepoBranchLines +/-
new shell user dang plus addition to releasers-wikibaseoperations/puppetproduction+9 -5
Customize query in gerrit

Related Objects

Event Timeline

dang created this task.Aug 6 2021, 2:56 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 6 2021, 2:56 PM
RhinosF1 updated the task description. (Show Details)Aug 6 2021, 2:58 PM
Restricted Application added a subscriber: RhinosF1. · View Herald TranscriptAug 6 2021, 2:58 PM
dang updated the task description. (Show Details)Aug 6 2021, 2:58 PM
RhinosF1 added a comment.Aug 6 2021, 2:58 PM

Please leave the section marked for SRE for them to fill out. You'll need to get your manager to actually comment on task to approve. (If they don't use Phab then the person on duty can co-ordinate with them).

dang updated the task description. (Show Details)Aug 6 2021, 2:59 PM
RhinosF1 renamed this task from Requesting access to RESOURCE for @dang to Requesting access to releasers-wikibase for @dang.Aug 6 2021, 2:59 PM
dang added a subscriber: conny-kawohl_WMDE.Aug 6 2021, 3:40 PM
Maintenance_bot added a project: SRE.Aug 6 2021, 3:45 PM
ema triaged this task as Medium priority.Aug 10 2021, 7:00 AM
ema moved this task from Untriaged to Awaiting User Input on the SRE-Access-Requests board.
Dzahn added subscribers: KFrancis, Dzahn.EditedAug 16 2021, 4:17 PM

@KFrancis Hi, could you contact @dang for the WMDE NDA process? The email address is here in the task above. Thank you

@dang Hi, we are going through the process described at https://wikitech.wikimedia.org/wiki/SRE/SRE_Clinic_Duty#wmde_access you should be contacted about the NDA and meanwhile please find a WMDE manager to approve the request. Thank you

P.S. confirmed L3 is already signed. checked that box, thanks

Dzahn updated the task description. (Show Details)Aug 16 2021, 4:18 PM
KFrancis added a comment.Aug 16 2021, 7:09 PM

@Dzahn Hello! Dat currently has an NDA on file for this access: any data from the WMDE LDAP Group/any data from the NDA LDAP Group. Would this also cover access for the releasers-wikibase?

RobH updated the task description. (Show Details)Aug 16 2021, 7:35 PM
RobH updated the task description. (Show Details)
RobH subscribed.Aug 16 2021, 7:40 PM

I've updated the checklist as T288355#7286220 confirms NDA on file, as well as the checkboxes for wikitech userinfo and ssh key (provided by @dang at time of request filing.)

This currently needs a sign off by an WMDE manager as well as whoever controls access to 'releases-wikibase' 'people who upload wikibase releases'. The admin file lacks info on who would be the owner for this, so I'll ask around IRC to see who would be the approver for additions to this group.

RobH added subscribers: toan, thcipriani.Aug 16 2021, 7:46 PM

Ok, for the history of this group, I think we need the following approvals:

  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)

I think we can get @toan with WMDE to provide this sponsorship as they requested the groups creation via T268818

  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

I suspect this needs to be a WMF employee, and @thcipriani is Manager for Release Engineering group (and this is a releases server).

My mentioning them above has added them as subscribers, so perhaps they can provide some insight!

thcipriani added a comment.Aug 16 2021, 7:56 PM
In T288355#7286300, @RobH wrote:

Ok, for the history of this group, I think we need the following approvals:

  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)

I think we can get @toan with WMDE to provide this sponsorship as they requested the groups creation via T268818

  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

I suspect this needs to be a WMF employee, and @thcipriani is Manager for Release Engineering group (and this is a releases server).

My mentioning them above has added them as subscribers, so perhaps they can provide some insight!

I recall that this group was made to host 3rd party releases of wikibase on https://releases.wikimedia.org. I don't know the needs of the wikibase product, so I'd like for someone on WMDE to approve adding new users to this group—the product owner of wikibase.

RobH added a comment.Aug 16 2021, 7:57 PM

Thank you for the update!

With the above note, and the initial creation of this group having @toan as point of contact at WMDE to admin it, this group just needs his sign off to have @dang added to it!

RobH assigned this task to toan.Aug 16 2021, 7:58 PM
RobH moved this task from Awaiting User Input to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.
toan added a comment.Aug 18 2021, 6:37 AM
In T288355#7286336, @thcipriani wrote:
In T288355#7286300, @RobH wrote:

Ok, for the history of this group, I think we need the following approvals:

  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)

I think we can get @toan with WMDE to provide this sponsorship as they requested the groups creation via T268818

  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

I suspect this needs to be a WMF employee, and @thcipriani is Manager for Release Engineering group (and this is a releases server).

My mentioning them above has added them as subscribers, so perhaps they can provide some insight!

I recall that this group was made to host 3rd party releases of wikibase on https://releases.wikimedia.org. I don't know the needs of the wikibase product, so I'd like for someone on WMDE to approve adding new users to this group—the product owner of wikibase.

Hello, I didn't realize the ball was in my corner on this one. Yes this all looks good to me, @dang requires being added releasers-wikibase in order to finish releasing the 1.35.3 security release (T286640: MILESTONE: Publish a maintenance 1.35.4-wmde.2 release including the latest MediaWiki and other security fixes).

RobH claimed this task.Aug 18 2021, 2:29 PM
RobH updated the task description. (Show Details)
gerritbot added a comment.Aug 18 2021, 5:04 PM

Change 713659 had a related patch set uploaded (by RobH; author: RobH):

[operations/puppet@production] new shell user dang plus addition to releasers-wikibase

https://gerrit.wikimedia.org/r/713659

gerritbot added a project: Patch-For-Review.Aug 18 2021, 5:04 PM

Change 713659 merged by RobH:

[operations/puppet@production] new shell user dang plus addition to releasers-wikibase

https://gerrit.wikimedia.org/r/713659

RobH closed this task as Resolved.Aug 18 2021, 5:06 PM
RobH removed RobH as the assignee of this task.
RobH updated the task description. (Show Details)
RobH removed a project: Patch-For-Review.

@dang,

I've merged https://gerrit.wikimedia.org/r/c/operations/puppet/+/713659 live, and it'll take about 30-60 minutes to propagate to all/any affected servers. If there are any issues with your initial login, feel free to reopen this task.

RobH moved this task from Manager/NDA Approval/Confirmation to Ready To Go on the SRE-Access-Requests board.Aug 18 2021, 5:08 PM
WMDE-leszek mentioned this in T295765: Requesting access to releasers-wikibase for rosalie-WMDE.Nov 16 2021, 1:02 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL