Page MenuHomePhabricator
Create Task
Maniphest T291126

Grant Access to LDAP-wmf for erayfield
Closed, ResolvedPublic
Actions

Description

  • The username of your existing account on wikitech.wikimedia.org:

ERayfield (WMF)

  • Do you currently have shell access (Yes/No)?

no, developer access needed manager is Maggie Epps

  • Purpose (Specify which service you need to get access to, e.g. Icinga, Grafana, Superset etc):

Gerrit Phabricator IRC --- if using GIT will need access to that, but not sure if it needs ldap or not

  • The specific LDAP group that you want to be added to (optional):

LDAP-wmf

IF I MISSED SOMETHING
contact email erayfield@wikimedai.org
For contractors only:

  • Contract end date:
  • Contract contact person:

Details

SubjectRepoBranchLines +/-
admin: add erayfield to ldap usersoperations/puppetproduction+4 -0
Customize query in gerrit

Event Timeline

ERayfield created this task.Sep 15 2021, 7:19 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 15 2021, 7:19 PM
Maintenance_bot added a project: SRE.Sep 15 2021, 7:45 PM
Aklapper closed this task as Invalid.Sep 16 2021, 8:36 AM
Aklapper added a subscriber: mepps.

Hi and welcome @ERayfield! None of Gerrit, Phabricator or IRC usage in itself require being a member of an LDAP group. Thus I'm closing this ticket. If there are more specific or different purposes, then please correct the task description by clicking Edit Task, plus set the status of this Phab task back to "Open". Thanks a lot!

ERayfield reopened this task as In Progress.Sep 16 2021, 12:17 PM

Thank you for the kind welcome. My manager, Maggie Epps, has it on my list of onboarding items to do. Since my knowledge of the system are limited at this time, I am not sure what needs to be used with LDAP. Here are the instructions:
Week One

  • Create Phabricator account ✅
  • Create a Wikitech LDAP account
  • Create Gerrit account using LDAP
  • Request access to the LDAP-wmf group through Phabricator

Perhaps you could point me in the direction that I need to go to get this resolved?

I have changed status to 'In Progress' while I await your assistance - and thanks
Ellen Rayfield

cmooney subscribed.Sep 16 2021, 12:35 PM

Hi @ERayfield,

Welcome to the foundation! I am relatively new myself, and first time taking care of these tasks, but I believe the process is best documented here:

https://wikitech.wikimedia.org/wiki/SRE/Production_access#Access_Request_Process

So in terms of next steps I believe you need to:

  1. Create a Wikitech (Developer/LDAP) account if you have not already: https://wikitech.wikimedia.org/w/index.php?title=Special:CreateAccount&returnto=Main+Page
  2. Reply back to this message confirming the username you used, and I can add this newly-created LDAP account to the 'wmf' group.

The Wikitech/LDAP account should allow you to use Gerrit, but you will additionally need to generate an SSH keypair and add your public key to Gerrit via the web interface:

https://www.mediawiki.org/wiki/Gerrit/Tutorial#Set_Up_SSH_Keys_in_Gerrit

I believe that should cover off all those bullet points for your on-boarding. Let me know if you have any questions!

Aklapper changed the task status from In Progress to Open.Sep 16 2021, 1:11 PM

Thanks for the clarification!

Request access to the LDAP-wmf group through Phabricator

Hmm, this makes me wonder if the "Purpose" field in the SRE task template should be rephrased, and/or the underlying reason why this item is in onboarding docs...

Urbanecm subscribed.Sep 16 2021, 1:22 PM

ERayfield appears to be a new software engineer, so they likely need the WMF group to be able to +2 in mediawiki/* repositories.

Marostegui moved this task from Backlog to Awaiting User Input on the LDAP-Access-Requests board.Sep 22 2021, 10:42 AM
Joe subscribed.Sep 27 2021, 7:36 AM
Joe triaged this task as Medium priority.Sep 27 2021, 9:07 AM
mepps added a comment.Sep 27 2021, 8:32 PM

Yes, thank you @Urbanecm. I wanted @ERayfield to have access to the services documented in this doc. I'll update my onboarding docs in the future for clarity.

Joe added a comment.Sep 28 2021, 6:10 AM

Thank you @mepps for your approval.

@ERayfield can you please confirm your wikitech username and the email you used to register it? I can't seem to find any account with mail=erayfield@wikimedia.org or cn=ERayfield \(WMF\) on ldap.

Please note that the wikitech account is not the same as the general wikis account you use on e.g. wikipedia, and needs to be created separately. Also note, in case you need to create it: you don't need the (WMF) addendum to your wikitech account name - for instance my account there is just "Giuseppe Lavagetto".

ERayfield added a comment.EditedSep 29 2021, 5:45 PM

wikitech.wikimedia.org - EllenR
wikimedia developer accountUsername: ERayfield (WMF)
gerrit.wikimedia.org username erayfield
Email Address Identity
erayfield@wikimedia.org gerrit:ellenr

Thats all I've got

gerritbot added a comment.Sep 30 2021, 6:20 AM

Change 724867 had a related patch set uploaded (by Giuseppe Lavagetto; author: Giuseppe Lavagetto):

[operations/puppet@production] admin: add erayfield to ldap users

https://gerrit.wikimedia.org/r/724867

gerritbot added a project: Patch-For-Review.Sep 30 2021, 6:21 AM
gerritbot added a comment.Sep 30 2021, 6:23 AM

Change 724867 merged by Giuseppe Lavagetto:

[operations/puppet@production] admin: add erayfield to ldap users

https://gerrit.wikimedia.org/r/724867

Joe closed this task as Resolved.Sep 30 2021, 6:26 AM
Joe claimed this task.

Ok I see the source of confusion - we call the "wikimedia developer account" the account on wikitech, usually. I know all these conventions are quite confusing :) Anyways, it's all done now, you should be able to access all resources restricted to wmf or nda users - like logstash.

Resolving the task, but please let me know if something isn't working.

Maintenance_bot removed a project: Patch-For-Review.Sep 30 2021, 7:10 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL