Page MenuHomePhabricator
Create Task
Maniphest T299343

Requesting access to analytics clients for mfossati
Closed, ResolvedPublicRequest
Actions

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Wikitech username: Marco Fossati
  • Developer access username: mfossati
  • Email address: mfossati@wikimedia.org
  • SSH public key (must be a separate key from Wikimedia cloud SSH access): ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5/YSLfsC+/YmMmMx91QzJ/yAsl4e3ubOFnBIqvPY2W galmac-prod
  • Requested group membership: analytics-privatedata-users (with Kerberos)
  • Reason for access: as a member of Structured-Data-Backlog, I'd like to access the Analytics clients JupyterHub to tackle T283869 > T296814 > T286562#7412743. Specifically, I need access to stat-100* analytics clients servers
  • Name of approving party (manager for WMF/WMDE staff): @MarkTraceur , @Ottomata
  • Ensure you have signed the L3 Wikimedia Server Access Responsibilities document: Yes
  • Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
  • - User has provided the following: wikitech username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
admin: Shell account and analytics-privatedata-users for mfossatioperations/puppetproduction+10 -1
Customize query in gerrit

Related Objects

Event Timeline

mfossati created this task.Jan 17 2022, 12:34 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 17 2022, 12:34 PM
Maintenance_bot added a project: SRE.Jan 17 2022, 12:45 PM
Jelto changed the task status from Open to In Progress.Jan 17 2022, 1:51 PM
Jelto triaged this task as Medium priority.
Jelto updated the task description. (Show Details)
Jelto subscribed.Jan 17 2022, 2:04 PM

Hi,
thanks for the request. It seems that your SSH key is already registered in Wikimedia Cloud Services. Could you please provide a unique SSH key for production access?

We also need approval from @MarkTraceur and @Ottomata here.

mfossati updated the task description. (Show Details)Jan 17 2022, 2:26 PM

Hey @Jelto,

Thank you for your feedback! I'm not using that key for Wikimedia Cloud Services (VPS and Toolforge, right?), but no problem, I've generated a fresh one as you requested.

mfossati updated the task description. (Show Details)Jan 17 2022, 3:35 PM
mfossati added a comment.Jan 17 2022, 3:39 PM

I forgot to include the need for a Kerberos principal. I've updated the task description accordingly

MarkTraceur added a comment.Jan 17 2022, 4:44 PM

Yea, it is approved. Thanks, all!

Jelto updated the task description. (Show Details)Jan 18 2022, 8:55 AM
Ottomata added a comment.Jan 18 2022, 2:28 PM

Approved!

Jelto updated the task description. (Show Details)Jan 18 2022, 2:58 PM
gerritbot added a comment.Jan 18 2022, 3:02 PM

Change 754955 had a related patch set uploaded (by Jelto; author: Jelto):

[operations/puppet@production] admin: Shell account and analytics-privatedata-users for mfossati

https://gerrit.wikimedia.org/r/754955

gerritbot added a project: Patch-For-Review.Jan 18 2022, 3:02 PM
mfossati mentioned this in T299408: Add lead image data to the data file generated for populating weighted_tags in the commons search index.Jan 19 2022, 10:13 AM
gerritbot added a comment.Jan 19 2022, 10:41 AM

Change 754955 merged by Jelto:

[operations/puppet@production] admin: Shell account and analytics-privatedata-users for mfossati

https://gerrit.wikimedia.org/r/754955

Jelto closed this task as Resolved.Jan 19 2022, 10:47 AM
Jelto claimed this task.

@mfossati you should have access now. I'm closing this task. In case you have any problem, feel free to re-open the task.

I added a kerberos principal for mfossati as well:

$ manage_principals.py create mfossati --email_address=mfossati@wikimedia.org
Principal successfully created. Make sure to update data.yaml in Puppet.
Successfully sent email to mfossati@wikimedia.org
Maintenance_bot removed a project: Patch-For-Review.Jan 19 2022, 11:10 AM
mfossati mentioned this in T313706: Requesting access to maintenance servers for mfossati.Jul 25 2022, 9:34 AM
mfossati mentioned this in T314853: Requesting access to Search Airflow instance for mfossati.Aug 9 2022, 11:13 AM
mfossati mentioned this in T321772: Requesting deployment group membership for mfossati.Oct 27 2022, 8:49 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits