Page MenuHomePhabricator
Create Task
Maniphest T319014

Requesting access to analytics-privatedata-users for Lucas Werkmeister
Closed, ResolvedPublicRequest
Actions

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Wikitech username: Lucas Werkmeister (WMDE)
  • Email address: lucas.werkmeister@wikimedia.de
  • SSH public key (must be a separate key from Wikimedia cloud SSH access): N/A, I already have shell access (including to stat100x via analytics-wmde-users)
  • Requested group membership: analytics-privatedata-users
  • Reason for access: As a member of the Wikidata team (Wikidata Dev Team), I want to be able to work on tasks related to analytics for Wikidata, such as T304793. Without analytics-privatedata-users access, I can’t test what I’m doing (e.g. HQL queries).
  • Name of approving party (manager for WMF/WMDE staff): @karapayneWMDE
  • Ensure you have signed the L3 Wikimedia Server Access Responsibilities document: ✔
  • Please coordinate obtaining a comment of approval on this task from the approving party.

I believe I will also need a Kerberos principal, though the documentation suggests that this will be created as part of this request (so I assume the option to request one separately, also mentioned on the page, is only necessary for existing analytics-privatedata-users members).

Disclaimer: an equivalent request, T190415, was declined about four years ago; at the time the conclusion was that I wouldn’t need the access after all. I believe this has changed now that the Wikidata team sometimes works on analytics tasks (which IIRC wasn’t the case back then).

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
  • - User has provided the following: wikitech username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

SubjectRepoBranchLines +/-
admin: add lucas to analytics-privatedata-usersoperations/puppetproduction+1 -1
Customize query in gerrit

Related Objects

Event Timeline

Lucas_Werkmeister_WMDE created this task.Sep 30 2022, 11:25 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 30 2022, 11:25 AM
Arnoldokoth added subscribers: Ottomata, Arnoldokoth.Oct 5 2022, 9:18 PM

Hey @Ottomata @karapayneWMDE Kindly approve.

Arnoldokoth updated the task description. (Show Details)Oct 5 2022, 9:19 PM
Ottomata added a comment.Oct 5 2022, 9:45 PM

Approved!

Arnoldokoth moved this task from Untriaged to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.Oct 6 2022, 6:06 PM
Dzahn changed the task status from Open to In Progress.Oct 6 2022, 6:08 PM
Arnoldokoth assigned this task to karapayneWMDE.Oct 6 2022, 6:14 PM
karapayneWMDE reassigned this task from karapayneWMDE to Arnoldokoth.Oct 7 2022, 8:43 AM

Approved! And thanks :)

Arnoldokoth triaged this task as Medium priority.Oct 7 2022, 2:41 PM
Arnoldokoth updated the task description. (Show Details)
gerritbot added a comment.Oct 7 2022, 2:45 PM

Change 840152 had a related patch set uploaded (by AOkoth; author: AOkoth):

[operations/puppet@production] admin: add lucas to analytics-privatedata-users

https://gerrit.wikimedia.org/r/840152

gerritbot added a project: Patch-For-Review.Oct 7 2022, 2:45 PM
Lucas_Werkmeister_WMDE added a comment.Oct 7 2022, 2:46 PM
  • User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)

If you want to have my SSH key again:

$ SSH_AUTH_SOCK=/run/user/$(id -u)/gnupg/S.gpg-agent.ssh ssh-add -L
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCZxk9E7d2qNGlTWlp2zzXTTzVdt69ZPMwvSAwGcE9MV8ARTd5yrXx0qBfd9+MnmnKwlqb5aKXbJ0sgA9bvUkKeXiJLOdm3pzKF4J6ukwZSqxbch3mI60uYmOORCjDDAQtDZWYU6d8M93f9+dINbFLma1P+hHmY6u0/g2VG0Bb1x2Nr6A4OK6OW1oSiokN3y6Z/yTajfE8Eff4T5p8AUZwJ2nGExfskI5810I6sxDFwSi+Uop+zx1/jQVOyDBlpV+O2NA9oiwjOnCLBQptFw7Bdo6MpXRdC6Sm4GqGwepg0z00fCvpcJC+v4aRi12n7ZyL8Bb0YrxExaDzoLFgaxX9uVKmiFgYnVMKNc2fZEE2LEPUMwC3rvh1TiyE5VkEX/YNbV33GVFW9MVgthX4A5moXEfz9DHYr+CEuHUJCDS+0MFvHf5UJFN8SocvGFL6tXEWFY+oLH/jZ97iDR1sfvUsmkh6Wav1suSXlcPm6VvrDvTGFYllGkBXgqUH/HgeMlmfBv4c+z8IueOXOxjMTebKzAidAMHsbJ2fA84kESIev39NunjI4Tds3ijR1Ya5Hs3GPp5IdnkzSG/Vjf5q0IlVxIpKoNtReQCW6hjD0yWNqBZEio7YHhaoJqRaiycYLRNo6XynyaXhnGpGLfgc54mdh9Fvw2GJOODG/puuO+gCWSw== cardno:000614303574

I’ve just checked that this is the same key as the one that’s already in Puppet (modules/admin/data/data.yaml, lucaswerkmeister-wmde).

gerritbot added a comment.Oct 7 2022, 6:58 PM

Change 840152 merged by AOkoth:

[operations/puppet@production] admin: add lucas to analytics-privatedata-users

https://gerrit.wikimedia.org/r/840152

Arnoldokoth added a comment.Oct 7 2022, 6:59 PM

Hey @Lucas_Werkmeister_WMDE Yeah, I was actually debating whether to remove that checkbox but I'll just leave it unchecked since it's not needed in this case. It's resolved now. Feel free to close the ticket.

Maintenance_bot removed a project: Patch-For-Review.Oct 7 2022, 7:30 PM
Lucas_Werkmeister_WMDE added a comment.Oct 10 2022, 2:28 PM

Thanks, I can sudo to analytics-privatedata now. I can’t directly kinit, though:

lucaswerkmeister-wmde@stat1004:~$ kinit
kinit: Client 'lucaswerkmeister-wmde@WIKIMEDIA' not found in Kerberos database while getting initial credentials

Is that expected? Should I always use analytics-privatedata? (I find the documentation on Wikitech pretty confusing, sorry.)

Ottomata added a comment.Oct 10 2022, 2:38 PM

I think this was just overlooked. I just created your kerberos principal. You should have an email with instructions.

Lucas_Werkmeister_WMDE closed this task as Resolved.Oct 10 2022, 2:42 PM

Thanks, I think that worked!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits