Page MenuHomePhabricator

Requesting access to analytics for AndrewTavis_WMDE
Closed, ResolvedPublicRequest


Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Wikitech username: Andrew McAllister (WMDE)
  • Email address:
  • SSH public key (must be a separate key from Wikimedia cloud SSH access):

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0TtVLJ3ZBLmnxOiFawTtOAoitHj9BpLRyXJZRuG6CI+6pco37i1wqHYCwOpc4jZg8fkPEN0k8lWLkFSzqKt/ZIb44o2g6ntKfzTKl9nsq6hbvPhjELxoU1KvnPeolz5e6d7mkL6uZlOS28zw5QutrjGlfFOREAeitMDkDXJ5YcJOq9/KDtePinHfyqb4djHdA5uuFM4ml4oD/u6FSSSRTUTN3CPbdramhRyfkDDZzBz60td8XTPgK+l7xVqQyQYWQZpeVufRVwYCq7uNMrFYuMI2M/Nuux3YUhq/1ats0LJRUJl1TOmY4g5kY1ltK2ARPsbM3MPc1rJAS2pFw4n8lyYgnZAkju7X0/qqsTfzf3jSh2e2tyFUir3pprMN14QA7PZfLlpZXPMtIKqDmUDVU260XiVDzqdFzUQKWYM0/kEeQ+6wiTfOkpZjP0weaJxj55x8WBVX/cKmVXYjSGiXX+SRPfKViFTg00RzpFGULnnC000KC4ThOiypBUjKmK9fuhVL0+RpPS5+SvHkB4ji4/6tKVm0ec1XL73235buKTwXgb8cLoJGtNZu5dQqesnJeaa0FaYqxXlRqId9WHAioD/IQn0B2WloPsjHH9V+09ICRm2qsScyG2uCG0svdcWSe4sVXRY6/49H0lMGQAVnLoNm9s2trBu/TEPGWuxQLtQ==

  • Requested group membership: analytics-privatedata-users and analytics-wmde-users
  • Reason for access: in my role as a Data Analyst at WMDE I'll need access to Hadoop, Superset and other data sources such as Wikidata data loaded from JSON dumps and directly querying Wikidata and Wikibase usage data. This access will be used to support the Wikidata team at WMDE in product reporting as well as deeper analysis to drive product development.
  • Name of approving party (manager for WMF/WMDE staff): @karapayneWMDE
  • Ensure you have signed the L3 Wikimedia Server Access Responsibilities document: I have read and signed the document on the 27th of April, 2023.
  • Please coordinate obtaining a comment of approval on this task from the approving party.

Thanks and let me know if anything else needs to be done!

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
  • - User has provided the following: wikitech username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - The provided SSH key has been confirmed out of band and is verified not being used in WMCS.
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see

Event Timeline

Hope that the above is in order. Please let me know if I need to do anything on my end 🙏

Hi @AndrewTavis_WMDE I think we need a little clarification here since just "analytics" doesn't exist as a group for users but there are multiple "analytics-*" groups.

Can you specify what you really need access to?

uid: andrewtavis-wmde
uidNumber: 44010

Also, @AndrewTavis_WMDE you need to provide a NEW ssh key, as the current one you've provided is being used in WMCS. You need an unique one which cannot be shared with any other service. Please read:

Marostegui triaged this task as Medium priority.Apr 27 2023, 6:15 AM
Marostegui added a subscriber: AndrewTavis.

@AndrewTavis L3 isn't signed, can yo do so too?

@Marostegui, the account you just tagged is my personal Phabricator account that I use for Wikimedia related projects. Is the signature still needed for this account?

Edit: I see in the notice at the top that this account also hasn't signed it either. Will get to it now :) Thanks!

Sorry about that @AndrewTavis_WMDE - I still don't see this one having signed L3 either :-).
We'd need the account @AndrewTavis_WMDE to have signed it.

@Marostegui, L3 was just signed. Thanks for the help in all this!

@Dzahn, thank you also for checking on this. I need access to analytics-privatedata-users and analytics-wmde-users. I'm referencing similar tickets for team members as directed by my onboarding buddy, with those being T269610 (my onboarding buddy) and T320504.

Confirmed L3 signed.
@odimitrijevic or @Ottomata I need your approval as the request is for analytics-privatedata-users
@AndrewTavis we still need your manager to approve this and also address T335437#8809559
@KFrancis could you confirm that "User has a valid NDA on file with WMF legal" ? I cannot find the spreadsheet :)

@Marostegui, I just updated the task with a new public SSH key that I generated only for these purposes :)

Thanks Andrew, I have contacted you out of band to verify your ssh key.

EM of Wikidata here. As Andrew's manager, I approve this request

Change 912843 had a related patch set uploaded (by Marostegui; author: Marostegui):

[operations/puppet@production] data.yaml: Add Andrew McAllister

This user is already part of NDA ldap group.

Thanks all for the approvals and help with this!

Change 912843 merged by Marostegui:

[operations/puppet@production] data.yaml: Add Andrew McAllister

Marostegui claimed this task.

I have merged the change and created the kerberos principal (the user was already part of NDA ldap group).
@AndrewTavis_WMDE you should've received an email to set up your password. Also, please allow at least 30 minutes for change to spread across all our servers.

Thank you, @Marostegui! 🙏 I did receive the email to set up my password. Appreciate all the assistance! :)

Confirmed L3 signed.
@odimitrijevic or @Ottomata I need your approval as the request is for analytics-privatedata-users
@AndrewTavis we still need your manager to approve this and also address T335437#8809559
@KFrancis could you confirm that "User has a valid NDA on file with WMF legal" ? I cannot find the spreadsheet :)

Hi @Marostegui , yes the NDA is all set. It's listed on the 'users' tab under WMDE on the spreadsheet.

@Marostegui It's called "NDA and MOU: Volunteer accounts with Server and LDAP-level access...". Members of "sre" should be able to see it.

Thanks Daniel - got it and bookmarked it! :)