Requesting access to deployment for Majavah
Closed, ResolvedPublicRequest
Actions

Assigned To

Authored By

	• taavi
	Nov 30 2021, 8:21 PM

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

Wikitech username: User:Majavah
Email address: hi+wm@taavi.wtf
SSH public key (must be a separate key from Wikimedia cloud SSH access): existing production shell account
Requested group membership: deployment
Reason for access: Ability to help with MediaWiki deployments (I'm regularly helping with the train, and can be around during some backport windows) and deploy services I help maintain (for example, apple-search and WMCS services like Horizon/Striker)
Name of approving party (manager for WMF/WMDE staff): @Legoktm (sponsoring employee), @thcipriani (approver for the deployment group)
Ensure you have signed the L3 Wikimedia Server Access Responsibilities document: yes!
Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

- User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
- User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
- User has provided the following: wikitech username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
- User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
- access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
- access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

	Subject	Repo	Branch	Lines +/-
	admin: add taavi to deployers	operations/puppet	production	+1 -1

Customize query in gerrit

Event Timeline

• taavi created this task.Nov 30 2021, 8:21 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 30 2021, 8:21 PM

Legoktm awarded a token.Nov 30 2021, 8:23 PM

herron moved this task from Untriaged to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.Nov 30 2021, 8:43 PM

Maintenance_bot added a project: SRE.Nov 30 2021, 8:45 PM

herron updated the task description. (Show Details)Nov 30 2021, 8:48 PM

Dzahn awarded a token.Nov 30 2021, 8:50 PM

RhinosF1 awarded a token.Nov 30 2021, 8:53 PM

Restricted Application added a subscriber: RhinosF1. · View Herald TranscriptNov 30 2021, 8:53 PM

Change 742798 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] admin: add taavi to deployers

https://gerrit.wikimedia.org/r/742798

gerritbot added a project: Patch-For-Review.Nov 30 2021, 8:54 PM

Hi @KFrancis looking at the NDA tracking sheet it looks like we have an NDA on file for Taavi on line 42, but may have an outdated or alternate email address on file. Not a blocker AFAICT, but should we add hi+wm@taavi.wtf to the sheet as well?

@thcipriani Thoughts on this request?

In T296777#7538908, @herron wrote:

Hi @KFrancis looking at the NDA tracking sheet it looks like we have an NDA on file for Taavi on line 42, but may have an outdated or alternate email address on file. Not a blocker AFAICT, but should we add hi+wm@taavi.wtf to the sheet as well?

The email Legal has (and I assume is on the sheet as well) is not outdated, it's just an alternative address that I'd rather not public :-)

Zabe subscribed.Nov 30 2021, 9:11 PM

In T296777#7538923, @Dzahn wrote:

@thcipriani Thoughts on this request?

Approved. @Majavah is familiar with scap from working with beta, and is always conscientious.

This has enough approvals already, but I want to explicitly support this anyway. Majavah is really helpful, and deployment access will let them be more helpful. So, +1 here :).

Marostegui awarded a token.Nov 30 2021, 9:59 PM

MarcoAurelio awarded a token.Nov 30 2021, 10:04 PM

Zabe awarded a token.Nov 30 2021, 10:11 PM

Aklapper awarded a token.Nov 30 2021, 10:14 PM

Change 742798 merged by Dzahn:

[operations/puppet@production] admin: add taavi to deployers

https://gerrit.wikimedia.org/r/742798

Admin/Admin::Hashuser[taavi]/Admin::User[taavi]/User[taavi]/ensure: created

[deploy1002:~] $ id taavi
uid=21215(taavi) gid=500(wikidev) groups=500(wikidev),705(deployment)

Maintenance_bot removed a project: Patch-For-Review.Nov 30 2021, 11:10 PM

22:56 < zabe> mutante: I think majavah still needs to be added to the wmf-deployment gerrit group
23:09 < mutante> !log gerrit - added Majavah to wmf-deployment group for T296777

Screenshot at 2021-11-30 15-11-34.png (79×240 px, 2 KB)

@Dzahn @herron We are good on our current NDA on file for Majavah. Please proceed with any needed access. Thanks!

	F34797211: Screenshot at 2021-11-30 15-11-34.png
	Nov 30 2021, 11:11 PM

Requesting access to deployment for MajavahClosed, ResolvedPublicRequestActions