Page MenuHomePhabricator

Access to analytics-privatedata-users for Research intern AniketArs
Closed, ResolvedPublic

Description

Who:
Aniket Bharti @AniketArs

Access Groups
analytics-privatedata-users
LDAP-group

Aniket, please:
[1] Sign up for a wikitech account at https://www.mediawiki.org/wiki/Developer_access per https://wikitech.wikimedia.org/wiki/Production_shell_access. Let us know the username.
[2] Read this https://wikitech.wikimedia.org/wiki/Requesting_shell_access
[3] And then sign this: https://phabricator.wikimedia.org/L3
[4] Generate a dedicated SSH key pair (Note to all: this should be a dedicated key generated for this specific access. Please do not share it between this and your other personal/academic projects.) - how to here: https://wikitech.wikimedia.org/wiki/Production_shell_access#Generating_your_SSH_key
[5] Post the link to your key in this task and also specify your preferred login name.

Many thanks!

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
  • - User has provided the following: wikitech username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Event Timeline

Hi @Miriam
My wikitech username: AniketArs
Preferred shell username: aniketars
SSh public key:

b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBvrrWP3F
d0O3tZWsWqhiU2AAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAII6hwenLcS9M70ib
9p5WcKtHY7jH08zGDTD+slHf24XbAAAAkAI4ybdMD6/0a8uzyFTKLCjYqdjD2UJ8RvYYEL
esPbFSd4DuF7aP/gTTSwxpET06pRf5AnuPxsx/ETiNBgICK4iN32uhvhR3+qisVpvodWun
Sgd6Q1snWGbRYTC3wvlJ7YY70Hm0oyu3lJxqF5sIC9Co29Q9gmvkH6O1YUGrV20DqT6znx
uUuUrQv3axqbwf6A==

I have read and signed the L3 Wikimedia Server Access Responsibilities document.
Thanks
Aniket

Hi Aniket, would you kindly provide the following:

  1. Email address
  2. Full reasoning for access (including what commands and/or tasks they expect to perform)
  3. SSH public key, I tried to decode the one you sent, but I am having difficulties, how did you generate it?
Volans triaged this task as Medium priority.Jan 25 2022, 9:46 AM

Hi Jhathaway,

  1. aniket.code.ars@gmail.com
  2. Mainly i will be generating embeddings of image using one of tensorflow model so that i can write some APIs in the end to use that embeddings. As far as commands are concern i will mainly use pip to install some libraries to work with
  3. Sorry for inconvenience, I've generated the key with ssh-keygen -t ed25519. This time I'm attaching `public key also.

@AniketArs thanks for the followup. Unfortunately since you pasted your private ssh key in your first message, you will need to regenerate both keys, since that private key is now considered compromised. Your private key should be kept secret, treat it as a password which you never share. The public key however you can paste into your phabricator reply, or attach as you did previously. There are some further detail in the L3 document, which may be helpful to review.

@jhathaway Sorry for the key error, I again generated keys which I'm sharing with you(public one)

this time it is a correct key

@AniketArs as an added layer of insurance can you provide that public key via a Gerrit patch, wikitech user page, or Phabricator post with Add Action (Sign with MFA)?

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGk3CgXqD8AxkboJ22zxWQ1CYDhaRuSgiV2A32G+Z9SL aniket@ars

Approved. @Miriam should this account have an expiry_date?

Also, I'm guessing this user will need Kerberos access too, correct?

Thanks @Ottomata! @AniketArs will be with us until the end of the fiscal year, so the expiry_date should be 2020-06-30.
And yes, could we please get Kerberos access too?

@Miriam I assume you mean 2022-06-30 😉, though with covid still with us, who knows what year it is!

Change 757926 had a related patch set uploaded (by JHathaway; author: JHathaway):

[operations/puppet@production] Add Aniket Bharti to analytics-privatedata-users

https://gerrit.wikimedia.org/r/757926

Change 757926 merged by JHathaway:

[operations/puppet@production] Add Aniket Bharti to analytics-privatedata-users

https://gerrit.wikimedia.org/r/757926

@AniketArs change has been submitted, including your kerberos access, please give it a try!

@Miriam I assume you mean 2022-06-30 😉, though with covid still with us, who knows what year it is!

Aha, yes 😊 Thanks so much @jhathaway !

@jhathaway could you double check that @AniketArs has LDAP access? They are not able to access the notebooks.
He is able to access the stat machines now, but not able to login the notebooks (Jupyterhub). It shows 'Invalid username or password'.
Thanks!

@Miriam & @AniketArs they were not part of the nda group, they are added now, please try again.

Thanks @jhathaway , Now I'm able to login
Finally thanks @Miriam

great, marking as resolved, please reopen if you discover any new issues.