Page MenuHomePhabricator
Create Task
Maniphest T313429

Requesting access to private-data for Mikeraish (MRaishWMF)
Closed, ResolvedPublicRequest
Actions

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Wikitech username: Mikeraish
  • Email address: mraish@wikimedia.org
  • SSH public key (must be a separate key from Wikimedia cloud SSH access): ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOU1XSmIK51sFOSDgWLTcJDjtfqb5nYfTCnTGrdmjt9c mraish@wikimedia.org
  • Requested group membership: private-data
  • Reason for access: design research analytics work—add SSH to account to access Jupyter Lab and run spark queries
  • Name of approving party (manager for WMF/WMDE staff): @GEscalante-WMF
  • Ensure you have signed the L3 Wikimedia Server Access Responsibilities document: Signed
  • Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
  • - User has provided the following: wikitech username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

SubjectRepoBranchLines +/-
admin: Add SSH key to mraish useroperations/puppetproduction+2 -1
Add SSH key for user mikeraishoperations/puppetproduction+2 -1
Customize query in gerrit

Event Timeline

MRaishWMF created this task.Jul 20 2022, 5:45 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 20 2022, 5:45 PM
Vgutierrez claimed this task.Jul 22 2022, 9:49 AM
Vgutierrez triaged this task as Medium priority.
Vgutierrez moved this task from Untriaged to Awaiting User Input on the SRE-Access-Requests board.
Vgutierrez subscribed.

@MRaishWMF you need to use a dedicated SSH key for production access. Please generate it and update this ticket

MRaishWMF updated the task description. (Show Details)Jul 22 2022, 2:33 PM

@Vgutierrez thanks, I updated with a new SSH key. Let me know if this is adequate, and thank you

Vgutierrez moved this task from Awaiting User Input to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.Jul 22 2022, 2:40 PM
Vgutierrez added subscribers: odimitrijevic, Ottomata.

All good :) waiting for @GEscalante-WMF approval and from @Ottomata || @odimitrijevic

GEscalante-WMF added a comment.Jul 25 2022, 4:51 PM

Go for it!

odimitrijevic added a comment.Jul 28 2022, 3:36 PM

Approved

gerritbot added a comment.Jul 29 2022, 7:48 AM

Change 818397 had a related patch set uploaded (by Vgutierrez; author: Vgutierrez):

[operations/puppet@production] admin: Add mraish to analytics_privatedata_users

https://gerrit.wikimedia.org/r/818397

gerritbot added a project: Patch-For-Review.Jul 29 2022, 7:48 AM
Volans updated the task description. (Show Details)Jul 29 2022, 8:21 AM
Volans subscribed.Jul 29 2022, 8:28 AM

@MRaishWMF your user mikeraish is already part of the analytics-privatedata-users with no SSH key (access to that group can be configured in different ways depending on what data/tool needs to be accessed).

Your request above is for:

Requested group membership: private-data

What exact access are you requesting?
Is this just a request to add an SSH key to your existing user?
Please refer to https://wikitech.wikimedia.org/wiki/Analytics/Data_access for additional guidance on what access you'd like to request.

Volans moved this task from Manager/NDA Approval/Confirmation to Awaiting User Input on the SRE-Access-Requests board.Jul 29 2022, 8:34 AM
Dzahn changed the task status from Open to In Progress.Jul 29 2022, 5:35 PM
Dzahn reassigned this task from Vgutierrez to MRaishWMF.
BCornwall changed the task status from In Progress to Stalled.Aug 11 2022, 5:44 PM
BCornwall subscribed.

@MRaishWMF as asked, are you just wanting us to add your SSH key to your account? Seeing as you're already part of the analytics-privatedata-users group, the access is already granted. Since we don't know what specifically you're trying to do, we don't know if SSH is necessary.

Thank you!

MRaishWMF added a comment.Aug 11 2022, 7:02 PM

Hi @BCornwall, sorry for the delay and thanks for the ping. Yes, I had intended to add an SSH key to my account to facilitate some analytics tasks. Sorry for the confusion, as I didn't know that I also had access granted via analytics-privatedata-users permissions.

Thank you!

BCornwall changed the task status from Stalled to In Progress.Aug 11 2022, 7:10 PM

@MRaishWMF Thanks for replying! Please note that we follow the Principle of least privilege so we'll need to know exactly what you'll be needing SSH access for. If you could provide that information and also update the ticket description with it that'd be fantastic.

@odimitrijevic it'd be good to also get further confirmation that SSH access is needed since this is newer information.

Thanks all!

MRaishWMF added a comment.Aug 11 2022, 8:09 PM

@BCornwall thanks again. I anticipate needing to SSH into stat machines in order to access Jupyter Lab and run spark queries. I'll update the task description accordingly.

MRaishWMF updated the task description. (Show Details)Aug 11 2022, 8:10 PM
BCornwall reassigned this task from MRaishWMF to odimitrijevic.Aug 12 2022, 10:00 PM
Ottomata added a comment.Aug 15 2022, 12:46 PM

Approved!

cmooney subscribed.Aug 17 2022, 9:30 AM

Ok reached out to user on slack to confirm ssh key after which I will add for them.

gerritbot added a comment.Aug 17 2022, 5:22 PM

Change 824245 had a related patch set uploaded (by Cathal Mooney; author: Cathal Mooney):

[operations/puppet@production] Add SSH key for user mikeraish

https://gerrit.wikimedia.org/r/824245

gerritbot added a comment.Aug 18 2022, 9:53 AM

Change 824245 merged by Cathal Mooney:

[operations/puppet@production] Add SSH key for user mikeraish

https://gerrit.wikimedia.org/r/824245

cmooney added a comment.Aug 18 2022, 12:22 PM

@MRaishWMF this should be working for you now if you want to give it a try and report back.

Thanks!

Ladsgroup closed this task as Resolved.Aug 22 2022, 5:38 AM
Ladsgroup reassigned this task from odimitrijevic to cmooney.
Ladsgroup subscribed.

Since there hasn't been any response. I close it, reopen if you have trouble accessing.

gerritbot added a comment.Aug 25 2022, 3:22 PM

Change 818397 abandoned by BCornwall:

[operations/puppet@production] admin: Add SSH key to mraish user

Reason:

https://gerrit.wikimedia.org/r/c/operations/puppet/+/824245/

https://gerrit.wikimedia.org/r/818397

Maintenance_bot removed a project: Patch-For-Review.Aug 25 2022, 3:31 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits