Page MenuHomePhabricator
Create Task
Maniphest T309045

Requesting access to mwmaint1002.eqiad.wmnet for sgimeno
Closed, ResolvedPublicRequest
Actions

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Wikitech username: Sergio Gimeno
  • Shell username: sgimeno
  • Email address: sgimeno@wikimedia.org
  • SSH public key (must be a separate key from Wikimedia cloud SSH access): ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGZfnjboIHwyJ849bMbH9NspXL6dTjMkoZHflvrMLcvt sergio@wmf2988
  • Requested group membership: TBD
  • Reason for access: Perform GrowthExperiments maintenance tasks as T307451: May 12 – Export and upload welcome survey data
  • Name of approving party (manager for WMF/WMDE staff): @MShilova_WMF
  • Ensure you have signed the L3 Wikimedia Server Access Responsibilities document: I signed this document on Mon, Mar 21, 20:25.
  • Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
  • - User has provided the following: wikitech username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

SubjectRepoBranchLines +/-
admin: Add sgimeno to restrictedoperations/puppetproduction+1 -1
Customize query in gerrit

Related Objects

Event Timeline

Sgs created this task.May 23 2022, 6:31 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 23 2022, 6:31 PM
MShilova_WMF added a comment.May 23 2022, 6:37 PM

I confirm that @Sgs needs access to a production server and it is currently blocking T307454: May 23 – Export and upload welcome survey data. More context for that task can be found here: T303780: Welcome emails: export opted-in users

SCherukuwada subscribed.May 23 2022, 7:41 PM

Manager is OOO.
Skip-level Manager here, approved (if needed).

gerritbot added a comment.May 24 2022, 1:26 PM

Change 798667 had a related patch set uploaded (by Alexandros Kosiaris; author: Alexandros Kosiaris):

[operations/puppet@production] Add sgimeno to deployment

https://gerrit.wikimedia.org/r/798667

gerritbot added a project: Patch-For-Review.May 24 2022, 1:26 PM
Dzahn subscribed.May 24 2022, 10:21 PM
In T309045#7950982, @MShilova_WMF wrote:

I confirm that @Sgs needs access to a production server and it is currently blocking T307454: May 23 – Export and upload welcome survey data

Looking at T307452#7930485 it seems like you may just want to run the same command twice a week (except changing the dates). If that is the case, would it be helpful if we just automated the whole thing for you (and avoid the manual work for you in the first place)?

Sgs added a comment.May 26 2022, 9:17 AM
In T309045#7954779, @Dzahn wrote:
In T309045#7950982, @MShilova_WMF wrote:

I confirm that @Sgs needs access to a production server and it is currently blocking T307454: May 23 – Export and upload welcome survey data

Looking at T307452#7930485 it seems like you may just want to run the same command twice a week (except changing the dates). If that is the case, would it be helpful if we just automated the whole thing for you (and avoid the manual work for you in the first place)?

@Dzahn thanks for the suggestion. We're just running this scripts twice a week for the next 5-6 weeks. I think automating would be nice but I'd like to run the next export manually so I understand the full process. The final step for us is to upload the csv to Google Docs, is that something we could easily automate? If not it seems I would still need to access the final bucket where the csv exports would live right?

Dzahn changed the task status from Open to In Progress.May 26 2022, 9:03 PM
Dzahn claimed this task.
Dzahn updated the task description. (Show Details)
Dzahn added a subscriber: thcipriani.May 26 2022, 9:10 PM

@thcipriani Your approval is requested as group approver for "restricted" (just like for 'deployment').

Dzahn added a comment.May 26 2022, 9:12 PM

@Sgs Understood! I'll move this forward to get you your access to unblock you. Automating it as a systemd timer would be nice indeed and we can help with that (later). I am not sure about the uploading yet but there are webproxies that allow access to external and there are ways we can store auth secrets and populate a script with them. So should be possible if we can use an API.

Dzahn reassigned this task from Dzahn to thcipriani.May 26 2022, 10:16 PM
Sgs added a comment.May 30 2022, 3:19 PM

@thcipriani is there any impediment with my request? Ty.

thcipriani added a comment.May 31 2022, 10:28 PM
In T309045#7961837, @Dzahn wrote:

@thcipriani Your approval is requested as group approver for "restricted" (just like for 'deployment').

Approved!

In T309045#7967861, @Sgs wrote:

@thcipriani is there any impediment with my request? Ty.

Sorry about that, I was out of office for a few days :(

Dzahn claimed this task.May 31 2022, 10:48 PM
Dzahn triaged this task as High priority.
Dzahn updated the task description. (Show Details)
gerritbot added a comment.May 31 2022, 10:48 PM

Change 798667 merged by Dzahn:

[operations/puppet@production] admin: Add sgimeno to restricted

https://gerrit.wikimedia.org/r/798667

Dzahn added a comment.May 31 2022, 10:49 PM

approved by https://meta.wikimedia.org/wiki/User:SCherukuwada_%28WMF%29 in lieue of manager

approved by Tyler as group approver

deploying https://gerrit.wikimedia.org/r/c/operations/puppet/+/798667

Dzahn closed this task as Resolved.May 31 2022, 10:52 PM

Hello @Sgs

your user account has been added to the mwmaint* servers (mwmaint1002 in eqiad, mwmaint2002 in codfw).

Since you already had existing shell access to other servers you should be good to go and I don't need to mention the bastion hosts I assume.

[mwmaint1002:~] $ id sgimeno
uid=34724(sgimeno) gid=500(wikidev) groups=500(wikidev),706(restricted)

Closing this as resolved.

Maintenance_bot removed a project: Patch-For-Review.May 31 2022, 11:30 PM
Sgs added a comment.Jun 1 2022, 9:32 AM

Great. Thank you for helping with the process @Dzahn!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL