Page MenuHomePhabricator
Create Task
Maniphest T291508

Requesting access to analytics-privatedata-access for NRodriguez
Closed, ResolvedPublicRequest
Actions

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Wikitech username: Natalia Rodriguez
  • Email address: nrodriguez@wikimedia.org
  • SSH public key (must be a separate key from Wikimedia cloud SSH access): ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDehX55erRQ47CLU3dsUTzHKf/Sfq20IXIl9eCxEqrt9wr8/urrwA6vKTIjS4s5prOOAJUEUauY5Ls6d3EjTvQ3cf/ojBjXzgH1PEjk+gZmlKbj05AiiFiMM2uwWVEkVjMzBhsLhH5BSVO1a1ZJj3jyPhid74qdW4Ikd4Jynb+R/nTYhdT7zXkzmJNeXUzYeDA0cvsdg/3k1SrR4oLrtR69n4R6JAKHdkjiOBSv5VdLKYcRs7R7uxgx7kmn9x05FFieDNCco4uD1vX6maT1QjRH0uT/u3vAHCJhq7K6HjTOgbkhZsAJH1jn7o4x+zI2WeiwEwkwUaV7hyDAY0vUSiP9JuWvcxoA+0SK2JQ13Xmb0u7iG2u8pNNAjetgM2ivdvWSW8Uxb8WQrXv8OyHSufZHYr2zUGUwp7LLw/JRa90RJ/imAx8By/yb33bpmrgG0wmCAFrdh5MzxAPofvjBw6xTdiZB9KPNWJmu9oY8nMAg88SBJN+u1E/S41E8GnGo47rNvuNrLk3JkwY4/ebuXADYN7PV+07jdPxb0tR3zv3adqaw5ranJWYlA0hqUm5Ev7D6iHsZPMxluRTaflcofTCIQTr/BcaDMz2XJ9GLK7sWNRYcNlLsdTPyhKSVIj78eKH352/JU3lGKr3AaO5TKj/YnplvqAx3DshEv6RXRE6vFw== natalia@wmf2868
  • Requested group membership: analytics-privatedata-access
  • Reason for access: wanting to view behaviors of editors on desktop operating systems for the community tech wish on real-time preview of wikitext
  • Name of approving party (manager for WMF/WMDE staff): Danny Horn
  • Ensure you have signed the L3 Wikimedia Server Access Responsibilities document:
  • Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
  • - User has provided the following: wikitech username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
admin: Shell account and analytics-privatedata-users for natalia-rodriguezoperations/puppetproduction+10 -5
Customize query in gerrit

Event Timeline

NRodriguez created this task.Sep 21 2021, 5:33 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 21 2021, 5:33 PM
NRodriguez renamed this task from Requesting access to RESOURCE for USER[S] to Requesting access to RESOURCE for NRodriguez .Sep 21 2021, 5:33 PM
NRodriguez renamed this task from Requesting access to RESOURCE for NRodriguez to Requesting access to analytics-privatedata-access for NRodriguez .
Maintenance_bot added a project: SRE.Sep 21 2021, 5:45 PM
RhinosF1 subscribed.Sep 21 2021, 6:08 PM
Marostegui triaged this task as Medium priority.EditedSep 22 2021, 5:16 AM
Marostegui subscribed.

L3 signed: Aug 16 2021, 23:11

Marostegui updated the task description. (Show Details)Sep 22 2021, 5:17 AM
Marostegui updated the task description. (Show Details)
Marostegui added subscribers: DannyH, Ottomata.Sep 22 2021, 5:20 AM

This needs approval from @Ottomata and @DannyH

Marostegui added a comment.Sep 22 2021, 5:21 AM

I assume this also needs analytics-privatedata-access group with no SSH and no kerberos.

Marostegui updated the task description. (Show Details)Sep 22 2021, 5:22 AM
Marostegui moved this task from Untriaged to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.
Marostegui added a comment.Sep 22 2021, 8:45 AM

natalia-rodriguez is on the wmf ldap group.

Ottomata added a comment.Sep 22 2021, 1:11 PM

Approved.

I assume this also needs analytics-privatedata-access group with no SSH and no kerberos.

Given the reason for access, I this will need SSH and Kerberos. SSH-less access is really only good for viewing existing Superset (and Turnilo) dashboards.

Marostegui added a comment.Sep 22 2021, 1:24 PM

Thanks @Ottomata!
@NRodriguez you'd need then, to provide your ssh public key on the task. Please read: https://wikitech.wikimedia.org/wiki/SRE/Production_access#Generating_your_SSH_key

Marostegui updated the task description. (Show Details)Sep 22 2021, 1:27 PM
Joe subscribed.Sep 27 2021, 7:35 AM
Joe moved this task from Manager/NDA Approval/Confirmation to Awaiting User Input on the SRE-Access-Requests board.Sep 30 2021, 4:53 AM
CDanis subscribed.Oct 12 2021, 8:18 PM

Hi Natalia, just a friendly reminder that this ticket is still awaiting an SSH public key from you.

Please see https://wikitech.wikimedia.org/wiki/SRE/Production_access#Generating_your_SSH_key and feel free to reach out if you need help!

Dzahn changed the task status from Open to Stalled.Oct 18 2021, 6:21 PM
Dzahn assigned this task to NRodriguez.Oct 18 2021, 6:24 PM
Dzahn subscribed.

Hi Natalia, I'm assigning this back to you because we need a key from you to move forward on this and a different person handles access request tickets each week.

The previous comment still stands, feel free to reach out if you need help from us with that! Or paste a key here and feel free to assign it back to me. Cheers, Daniel

ssingh subscribed.Oct 25 2021, 10:02 PM
NRodriguez added a comment.Nov 3 2021, 7:47 PM

Apologies for the delay! And thanks so much for moving quickly on this.
Here is my key, generated with the second command as a .pub file

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDehX55erRQ47CLU3dsUTzHKf/Sfq20IXIl9eCxEqrt9wr8/urrwA6vKTIjS4s5prOOAJUEUauY5Ls6d3EjTvQ3cf/ojBjXzgH1PEjk+gZmlKbj05AiiFiMM2uwWVEkVjMzBhsLhH5BSVO1a1ZJj3jyPhid74qdW4Ikd4Jynb+R/nTYhdT7zXkzmJNeXUzYeDA0cvsdg/3k1SrR4oLrtR69n4R6JAKHdkjiOBSv5VdLKYcRs7R7uxgx7kmn9x05FFieDNCco4uD1vX6maT1QjRH0uT/u3vAHCJhq7K6HjTOgbkhZsAJH1jn7o4x+zI2WeiwEwkwUaV7hyDAY0vUSiP9JuWvcxoA+0SK2JQ13Xmb0u7iG2u8pNNAjetgM2ivdvWSW8Uxb8WQrXv8OyHSufZHYr2zUGUwp7LLw/JRa90RJ/imAx8By/yb33bpmrgG0wmCAFrdh5MzxAPofvjBw6xTdiZB9KPNWJmu9oY8nMAg88SBJN+u1E/S41E8GnGo47rNvuNrLk3JkwY4/ebuXADYN7PV+07jdPxb0tR3zv3adqaw5ranJWYlA0hqUm5Ev7D6iHsZPMxluRTaflcofTCIQTr/BcaDMz2XJ9GLK7sWNRYcNlLsdTPyhKSVIj78eKH352/JU3lGKr3AaO5TKj/YnplvqAx3DshEv6RXRE6vFw== natalia@wmf2868

NRodriguez removed NRodriguez as the assignee of this task.Nov 3 2021, 7:48 PM
NRodriguez assigned this task to Dzahn.
Dzahn changed the task status from Stalled to Open.Nov 3 2021, 7:58 PM
RLazarus claimed this task.Nov 3 2021, 9:03 PM
RLazarus subscribed.

@NRodriguez Thanks! The only thing left is manager signoff, then I can go ahead and make the change.

@DannyH Can you please comment here giving your approval?

RLazarus updated the task description. (Show Details)Nov 3 2021, 9:03 PM
DannyH added a comment.Nov 4 2021, 6:00 PM

I approve; thank you.

RLazarus changed the task status from Open to In Progress.Nov 4 2021, 7:14 PM
RLazarus updated the task description. (Show Details)
gerritbot added a comment.Nov 4 2021, 7:15 PM

Change 736868 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/puppet@production] admin: Shell account and analytics-privatedata-users for natalia-rodriguez

https://gerrit.wikimedia.org/r/736868

gerritbot added a project: Patch-For-Review.Nov 4 2021, 7:15 PM
gerritbot added a comment.Nov 4 2021, 7:22 PM

Change 736868 merged by RLazarus:

[operations/puppet@production] admin: Shell account and analytics-privatedata-users for natalia-rodriguez

https://gerrit.wikimedia.org/r/736868

RLazarus closed this task as Resolved.Nov 4 2021, 7:28 PM

Shell account created with the above change. Kerberos principal created:

rzl@krb1001:~$ sudo manage_principals.py get natalia-rodriguez
get_principal: Principal does not exist while retrieving "natalia-rodriguez@WIKIMEDIA".
rzl@krb1001:~$ sudo manage_principals.py create natalia-rodriguez --email_address=nrodriguez@wikimedia.org
Principal successfully created. Make sure to update data.yaml in Puppet.
Successfully sent email to nrodriguez@wikimedia.org

You should be all set! Please allow 30 minutes for the change to roll out across the fleet, but after that, if you have any trouble using your new access, drop a note here or open a new task, and we'll get you sorted out.

And if you haven't already, please take a moment to review the Analytics data access user responsibilities.

Maintenance_bot removed a project: Patch-For-Review.Nov 4 2021, 8:10 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits