Requesting access to analytics-privatedata-users and Kerberos identity for RMaung
Closed, ResolvedPublicRequest
Actions

Assigned To

Authored By

	Rmaung
	Feb 22 2023, 8:47 PM

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

Wikitech username: RMaung
Email address: rmaung@wikimedia.org
SSH public key (must be a separate key from Wikimedia cloud SSH access): ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQXo1DfnvomYfLMuK4d/3lD2/t/3qPLYNMWvM1ZdlS rmaung@wmf2436
Requested group membership: analytics-privatedata-users and Kerberos identity
Reason for access: For my work tracking community development metrics, I would like to able to use JupyterHub, and also run queries on Hive
Name of approving party (manager for WMF/WMDE staff): @SRamkisson
Ensure you have signed the L3 Wikimedia Server Access Responsibilities document: Yes, signed
Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

- User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
- User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
- User has provided the following: wikitech username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
- User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
- access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
- access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml @odimitrijevic || @Ottomata

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

	Subject	Repo	Branch	Lines +/-
	admin: update ssh key for RMaung	operations/puppet	production	+1 -1
	admin: Update ssh key for rmaung	operations/puppet	production	+1 -1

Customize query in gerrit

Related Objects

Mentioned Here: T266250: Requesting access to Production Shell Access (analytics-privatedata-users) for Rmaung

Event Timeline

Rmaung created this task.Feb 22 2023, 8:47 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 22 2023, 8:47 PM

Rmaung added a subscriber: mpopov.Feb 22 2023, 8:56 PM

SLyngshede-WMF triaged this task as Medium priority.Feb 24 2023, 8:56 AM

SLyngshede-WMF updated the task description. (Show Details)Feb 24 2023, 10:20 AM

JMeybohm updated the task description. (Show Details)Feb 27 2023, 1:21 PM

JMeybohm moved this task from Untriaged to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.

JMeybohm added subscribers: odimitrijevic, SRamkisson, Ottomata.

Approved.

Approved

JMeybohm updated the task description. (Show Details)Mar 2 2023, 10:18 AM

JMeybohm moved this task from Manager/NDA Approval/Confirmation to Ready To Go on the SRE-Access-Requests board.

@Rmaung AIUI you have been granted all requested permissions already in T266250: Requesting access to Production Shell Access (analytics-privatedata-users) for Rmaung. The ssh key on file is a different, though: https://gerrit.wikimedia.org/r/plugins/gitiles/operations/puppet/+/refs/heads/production/modules/admin/data/data.yaml#4436
Do you want us to change the SSH key to the one you've provided here?

JMeybohm moved this task from Ready To Go to Awaiting User Input on the SRE-Access-Requests board.Mar 2 2023, 1:00 PM

@JMeybohm yes, please!

Change 894012 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] admin: Update ssh key for rmaung

https://gerrit.wikimedia.org/r/894012

Change 894012 merged by JMeybohm:

[operations/puppet@production] admin: Update ssh key for rmaung

https://gerrit.wikimedia.org/r/894012

In T330335#8661559, @Rmaung wrote:

@JMeybohm yes, please!

Ok, done. Next time you may say so right away, we don't have to check all the access request boxes again in cases like this.

Maintenance_bot removed a project: Patch-For-Review.Mar 3 2023, 10:31 AM

Hello! I have been issued a new laptop, and now I'm not sure how to set up production access once again. Do I need to provide a new ssh public key? Or open another phab ticket?

Rmaung reopened this task as Open.Aug 24 2023, 1:54 PM

Here is the ssh public key generated from the new machine:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIASWBpeq1Ju1EHwv5Jd7aupwy787kls1Az2ffAPWIPfJ rebeccamaung@MacBook-Pro

Rmaung moved this task from Awaiting User Input to Untriaged on the SRE-Access-Requests board.Aug 24 2023, 3:12 PM

Change 952467 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] admin: update ssh key for RMaung

https://gerrit.wikimedia.org/r/952467

Change 952467 merged by Jbond:

[operations/puppet@production] admin: update ssh key for RMaung

https://gerrit.wikimedia.org/r/952467