Page MenuHomePhabricator
Create Task
Maniphest T304361

Requesting access to stat1007 for sgimeno
Closed, ResolvedPublicRequest
Actions

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Wikitech username: Sergio Gimeno
  • Shell username: sgimeno
  • Email address: sgimeno@wikimedia.org
  • SSH public key (must be a separate key from Wikimedia cloud SSH access): ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGZfnjboIHwyJ849bMbH9NspXL6dTjMkoZHflvrMLcvt sergio@wmf2988
  • Requested group membership: analytics-privatedata-users
  • Reason for access: Analyze GrowthExperiments users data to support Growth-Team efforts to migrate to Vue in T301128: research: Understand how current and new users of Growth features would be affected by switching to Vue
  • Name of approving party (manager for WMF/WMDE staff): @DMburugu
  • Ensure you have signed the L3 Wikimedia Server Access Responsibilities document: I signed this document on Mon, Mar 21, 20:25.
  • Please coordinate obtaining a comment of approval on this task from the approving party.
  • Requesting access to: ssh login to analytics client servers (AKA stat boxes) with Hadoop, Hive, Presto access
    • LDAP membership in the wmf or nda LDAP group. Done
    • Shell (posix) membership in the analytics-privatedata-users group
    • An ssh key for your shell user
    • A Kerberos principal

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
  • - User has provided the following: wikitech username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

SubjectRepoBranchLines +/-
admin: add sgimeno useroperations/puppetproduction+10 -1
Customize query in gerrit

Related Objects

Event Timeline

Sgs created this task.Mar 21 2022, 7:50 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 21 2022, 7:50 PM
Maintenance_bot added a project: SRE.Mar 21 2022, 8:45 PM
DMburugu added a comment.Mar 22 2022, 12:14 PM

I approve the request.

jbond updated the task description. (Show Details)EditedMar 22 2022, 5:25 PM
jbond added subscribers: Ottomata, jbond.

@Sgs the analytics users group is now deprecated. i believe you will need analytics-privatedata-users with kerberos access, @Ottomata should be able to, both, confirm and aprove this. Please also familurise your self with the User responsibilities for this environment.

jbond triaged this task as Medium priority.Mar 22 2022, 5:26 PM
Ottomata added a comment.Mar 22 2022, 6:09 PM

Approved.

But, @Sgs can you edit the description and describe a little more what access you need? See https://wikitech.wikimedia.org/wiki/Analytics/Data_access#What_access_should_I_request? for help deciding.

Sgs updated the task description. (Show Details)Mar 22 2022, 6:19 PM
In T304361#7797589, @jbond wrote:

@Sgs the analytics users group is now deprecated. i believe you will need analytics-privatedata-users with kerberos access, @Ottomata should be able to, both, confirm and aprove this. Please also familurise your self with the User responsibilities for this environment.

Thanks for the insight.

In T304361#7797696, @Ottomata wrote:

Approved.

But, @Sgs can you edit the description and describe a little more what access you need? See https://wikitech.wikimedia.org/wiki/Analytics/Data_access#What_access_should_I_request? for help deciding.

Thank you! I updated the task description. I think my case falls into the ssh login to analytics client servers (AKA stat boxes) with Hadoop, Hive, Presto access category. I should already have the LDAP membership in the wmf group.

Ottomata added a comment.Mar 22 2022, 7:13 PM

+1 sounds good. Approved!

jbond updated the task description. (Show Details)Mar 23 2022, 11:49 AM
gerritbot added a comment.Mar 23 2022, 11:57 AM

Change 773207 had a related patch set uploaded (by Jbond; author: John Bond):

[operations/puppet@production] admin: add sgimeno user

https://gerrit.wikimedia.org/r/773207

gerritbot added a project: Patch-For-Review.Mar 23 2022, 11:57 AM

Change 773207 merged by Jbond:

[operations/puppet@production] admin: add sgimeno user

https://gerrit.wikimedia.org/r/773207

jbond closed this task as Resolved.Mar 23 2022, 12:04 PM
jbond claimed this task.

@Sgs access has now been set up you shuld have recived an email indicating how to configure kerberos, please re-open if you are still having issues

Maintenance_bot removed a project: Patch-For-Review.Mar 23 2022, 12:10 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL