Requesting access to production for ejoseph
Closed, ResolvedPublicRequest
Actions

Assigned To

Authored By

	RKemper
	Oct 26 2021, 6:29 PM

Description

Note: This request is now ready to be processed

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

Wikitech username: ejoseph
Email address: ejoseph@wikimedia.org
SSH public key (must be a separate key from Wikimedia cloud SSH access): ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQvFscO99eUfcg51aOxPekk5JW1QIBVMjhNbAEuIlR5 ejoseph@wikimedia.org
Requested group membership: analytics-privatedata-users and cloudelastic-roots
Reason for access: Developer on Search Team. Role occasionally requires access to analytics data
Name of approving party (manager for WMF/WMDE staff): Guillaume Lederrey
Ensure you have signed the L3 Wikimedia Server Access Responsibilities document: Have signed
Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

- User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
- User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
- User has provided the following: wikitech username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
- User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
- access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
- access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

	Subject	Repo	Branch	Lines +/-
	admin: add ejoseph to shell, analytics-privatedata-users, cloudelastic-roots	operations/puppet	production	+11 -2

Customize query in gerrit

Related Objects

Mentioned In: T307074: Requesting access to wmf ldap group for ejoseph

Event Timeline

RKemper created this task.Oct 26 2021, 6:29 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 26 2021, 6:29 PM

RKemper updated the task description. (Show Details)Oct 26 2021, 6:30 PM

ssingh claimed this task.Oct 26 2021, 6:32 PM

I can upload some initial patches for the membership changes in a couple hours

No action required by the SRE on clinic duty yet (until I remove the WIP label)

Gehel subscribed.Oct 26 2021, 6:45 PM

Maintenance_bot added a project: SRE.Oct 26 2021, 6:45 PM

As Emmanuel's manager: approved

We probably want approval from @odimitrijevic for the analytics access

RKemper updated the task description. (Show Details)Oct 27 2021, 6:49 AM

Change 734887 had a related patch set uploaded (by Ryan Kemper; author: Ryan Kemper):

[operations/puppet@production] [WIP] Add ejoseph

https://gerrit.wikimedia.org/r/734887

gerritbot added a project: Patch-For-Review.Oct 27 2021, 7:05 AM

We probably want approval from @odimitrijevic for the analytics access

or @Ottomata

Approved. This will be ssh + kerberos access.

username: ejoseph
email: ejoseph@wikimedia.org
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQvFscO99eUfcg51aOxPekk5JW1QIBVMjhNbAEuIlR5 ejoseph@wikimedia.org

RKemper updated the task description. (Show Details)Oct 27 2021, 4:27 PM

RKemper renamed this task from (WIP) Requesting access to production for ejoseph to Requesting access to production for ejoseph.Oct 27 2021, 4:33 PM

RKemper updated the task description. (Show Details)

ssingh updated the task description. (Show Details)Oct 27 2021, 6:02 PM

Change 734887 merged by Ssingh:

[operations/puppet@production] admin: add ejoseph to shell, analytics-privatedata-users, cloudelastic-roots

https://gerrit.wikimedia.org/r/734887

sukhe@krb1001:~$ sudo manage_principals.py create ejoseph --email_address=ejoseph@wikimedia.org
Principal successfully created. Make sure to update data.yaml in Puppet.
Successfully sent email to ejoseph@wikimedia.org

@EJoseph: you should have access, thank you! Please feel free to reopen in case something is not working.
@RKemper: thanks for creating the patches.

Maintenance_bot removed a project: Patch-For-Review.Oct 27 2021, 7:10 PM

Hi @EJoseph, looks like you re-used the same SSH key between both WMCS and production. Can you please generate a new key solely for production use?

Thanks!

In T294379#7465732, @CDanis wrote:

Hi @EJoseph, looks like you re-used the same SSH key between both WMCS and production. Can you please generate a new key solely for production use?

Thanks!

Hi, I have done that

Thanks

Tested and working ! Let's close.

dcausse mentioned this in T307074: Requesting access to wmf ldap group for ejoseph .Apr 28 2022, 8:50 AM

Requesting access to production for ejosephClosed, ResolvedPublicRequestActions