Page MenuHomePhabricator
Create Task
Maniphest T331899

Requesting access to deployment for ItamarWMDE
Closed, ResolvedPublicRequest
Actions

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Wikitech username: Itamar Givon
  • Email address: itamar.givon@wikimedia.de
  • SSH public key (must be a separate key from Wikimedia cloud SSH access): ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+qAVkcIT2B/CjXPVPgbf8Z9MEZFG/+awJOSJd0GkTC itgi@C285
  • Requested group membership: restricted
  • Reason for access: To be able to access deplyed Wiki instances and ensure that wikibase (namely wikibase client) is properly installed and configured
  • Name of approving party (manager for WMF/WMDE staff): @karapayneWMDE
  • Ensure you have signed the L3 Wikimedia Server Access Responsibilities document: I have.
  • Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
  • - User has provided the following: wikitech username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Add itamar to restricted groupoperations/puppetproduction+1 -1
Customize query in gerrit

Related Objects

Event Timeline

ItamarWMDE created this task.Mar 13 2023, 5:00 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 13 2023, 5:00 PM
Addshore awarded a token.Mar 13 2023, 5:00 PM
MoritzMuehlenhoff added subscribers: thcipriani, MoritzMuehlenhoff.Mar 14 2023, 8:04 AM

@karapayneWMDE : This needs your sign off on the WMDE side.
@thcipriani : This needs your approval for the deployment access

MoritzMuehlenhoff updated the task description. (Show Details)Mar 14 2023, 8:05 AM
gerritbot added a comment.Mar 14 2023, 8:08 AM

Change 898675 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Add itamar to deployment group

https://gerrit.wikimedia.org/r/898675

gerritbot added a project: Patch-For-Review.Mar 14 2023, 8:08 AM
karapayneWMDE added a comment.EditedMar 15 2023, 8:39 AM

approved / signed off by me @MoritzMuehlenhoff

MoritzMuehlenhoff triaged this task as Medium priority.Mar 15 2023, 9:11 AM
MoritzMuehlenhoff updated the task description. (Show Details)Mar 16 2023, 8:08 AM
Ladsgroup claimed this task.Mar 27 2023, 9:39 PM
Ladsgroup subscribed.

I'm on clinic duty this week. Waiting for signoff by Tyler. Maybe a deployment training can be arranged (or other devs in wmde can do an informal training)

Ladsgroup added a comment.Mar 27 2023, 9:39 PM

https://wikitech.wikimedia.org/wiki/Deployments/Training

taavi subscribed.Mar 27 2023, 9:42 PM

To be able to access deplyed Wiki instances and ensure that wikibase (namely wikibase client) is properly installed and configured

Unless you're also planning to deploy changes, this sounds like you might be fine with restricted which would let you run maintenance scripts and SQL queries but not deploy new code.

MoritzMuehlenhoff added a comment.Apr 5 2023, 6:05 AM
In T331899#8731595, @taavi wrote:

To be able to access deplyed Wiki instances and ensure that wikibase (namely wikibase client) is properly installed and configured

Unless you're also planning to deploy changes, this sounds like you might be fine with restricted which would let you run maintenance scripts and SQL queries but not deploy new code.

@ItamarWMDE : What's your take on this, would this suit your use case?

Restricted Application added a project: User-ItamarWMDE. · View Herald TranscriptApr 5 2023, 6:05 AM
Dzahn changed the task status from Open to In Progress.Apr 6 2023, 5:46 PM
Dzahn reassigned this task from Ladsgroup to ItamarWMDE.
Dzahn moved this task from Untriaged to Awaiting User Input on the SRE-Access-Requests board.
BCornwall subscribed.Apr 10 2023, 3:44 PM

Unless you're also planning to deploy changes, this sounds like you might be fine with restricted which would let you run maintenance scripts and SQL queries but not deploy new code.

Hi, @ItamarWMDE! Could you respond whether this suits your use-case? Thanks!

BCornwall changed the task status from In Progress to Stalled.Apr 10 2023, 3:44 PM
ItamarWMDE added a subscriber: Addshore.EditedApr 12 2023, 8:24 AM

Hello @MoritzMuehlenhoff and @BCornwall, apologies for the delay in the response. I am just back from holidays.

I am not so well versed in our access groups to say if restricted is enough, I just know from @Addshore that in order to perform the following tasks, I will need deployment access to run maintenance scripts on deployed wikis. If restricted is enough, then I'll be alright with that as well.

The tasks are:

Thank you for your assistance.

MoritzMuehlenhoff added a comment.Apr 13 2023, 11:08 AM
In T331899#8774740, @ItamarWMDE wrote:

Hello @MoritzMuehlenhoff and @BCornwall, apologies for the delay in the response. I am just back from holidays.

I am not so well versed in our access groups to say if restricted is enough, I just know from @Addshore that in order to perform the following tasks, I will need deployment access to run maintenance scripts on deployed wikis. If restricted is enough, then I'll be alright with that as well.

I'd say let's start with "restricted" initially, and if you run into anything you need in addition, we can extend to deployment permissions.

ItamarWMDE added a comment.Apr 13 2023, 11:30 AM

sure, do I need to open a separate request for that?

MoritzMuehlenhoff added a comment.Apr 13 2023, 12:30 PM
In T331899#8778731, @ItamarWMDE wrote:

sure, do I need to open a separate request for that?

No need, the SRE on our weekly rotation (current @BCornwall ) will process your access request and if "restricted" proves to be insuffcient, simply reply to this task.

BCornwall reassigned this task from ItamarWMDE to thcipriani.Apr 13 2023, 4:55 PM

@thcipriani can you approve @ItamarWMDE's inclusion to the private group, please? Thanks!

Clement_Goubert moved this task from Awaiting User Input to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.Apr 17 2023, 8:39 AM
Clement_Goubert updated the task description. (Show Details)Apr 17 2023, 8:45 AM
thcipriani added a comment.Apr 17 2023, 5:23 PM

restricted sounds perfect, thanks for the discussion all. Approved!

Clement_Goubert subscribed.Apr 18 2023, 2:17 PM

Approval verified

gerritbot added a comment.Apr 18 2023, 2:17 PM

Change 898675 merged by Clément Goubert:

[operations/puppet@production] Add itamar to restricted group

https://gerrit.wikimedia.org/r/898675

Clement_Goubert closed this task as Resolved.Apr 18 2023, 2:17 PM
Clement_Goubert updated the task description. (Show Details)

I have merged your access request @ItamarWMDE, your access should be functional in the next half hour or so. Feel free to reopen if there are any issues.

Maintenance_bot removed a project: Patch-For-Review.Apr 18 2023, 2:30 PM
ItamarWMDE added a comment.Apr 19 2023, 8:23 AM

Thank you @Clement_Goubert!

ItamarWMDE mentioned this in T354049: Requesting access to <restricted> for Arthur Taylor.Jan 18 2024, 8:27 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits