Page MenuHomePhabricator
Create Task
Maniphest T342307

Requesting access to ops for taavi
Closed, ResolvedPublicRequest
Actions

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Wikitech username: Majavah (uid=taavi)
  • Email address: hi+wm@taavi.wtf
  • SSH public key (must be a separate key from Wikimedia cloud SSH access): existing production shell account
  • Requested group membership: ops
  • Reason for access: I'm working on quite a few things (in WMCS land and elsewhere) and some of them aren't covered by my current access so this would be generally useful. Plus this gives Puppet merge access which would be quite useful. Nicholas said me requesting this is fine.
  • Name of approving party (manager for WMF/WMDE staff): @nskaggs
  • Ensure you have signed the L3 Wikimedia Server Access Responsibilities document: done a while back
  • Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
  • - User has provided the following: wikitech username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - The provided SSH key has been confirmed out of band and is verified not being used in WMCS.
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
groups: Add taavi to the ops groupoperations/puppetproduction+1 -1
admin: add taavi to ops groupoperations/puppetproduction+1 -1
Customize query in gerrit

Related Objects

Event Timeline

taavi created this task.Jul 19 2023, 10:08 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 19 2023, 10:08 PM
andrea.denisse claimed this task.Jul 20 2023, 3:05 PM
andrea.denisse subscribed.
nskaggs added a comment.Jul 20 2023, 4:44 PM

Taavi is a valued contributor to Wikimedia and it's projects for over 4 years, and is the current Tech contributor of the year for Wikimedia. He possesses both the requisite skills and knowledge to safely carry this level of access, as well as the intention to use it to help keep our infrastructure operational.

As mentioned, Taavi has been restricted at times in his ability to help due to lacking access. See for example T337848, and T325067. Ourselves and movement would benefit from removing these restrictions.

RhinosF1 subscribed.Jul 20 2023, 4:47 PM
Aklapper awarded a token.Jul 20 2023, 5:04 PM
gerritbot added a comment.Jul 21 2023, 12:33 AM

Change 940269 had a related patch set uploaded (by Andrea Denisse; author: Andrea Denisse):

[operations/puppet@production] groups: Add taavi to the ops group

https://gerrit.wikimedia.org/r/940269

gerritbot added a project: Patch-For-Review.Jul 21 2023, 12:33 AM
andrea.denisse changed the task status from Open to In Progress.Jul 21 2023, 12:36 AM
andrea.denisse updated the task description. (Show Details)
LSobanski subscribed.Jul 24 2023, 4:29 PM
taavi added a comment.Aug 7 2023, 8:16 PM

Hey - anything I can do to move this forward?

andrea.denisse added a comment.Aug 7 2023, 9:02 PM

Hi @taavi !

Apologies for the delay this is taking.

Unfortunately the patch I sent to grant you access to ops (#940269) hasn't been reviewed yet and I can't merge it without at least a +1.

Could you please ask on IRC if someone can provide approval to the patch?

Looking forward to seeing you in ops! ^^

Urbanecm_WMF awarded a token.Aug 8 2023, 10:27 AM
Clement_Goubert moved this task from Untriaged to SRE Meeting Review on the SRE-Access-Requests board.Aug 8 2023, 10:54 AM
MatthewVernon added subscribers: joanna_borun, mark, MatthewVernon.Aug 8 2023, 10:55 AM

This needs approval by @mark or @joanna_borun (per data.yaml), I think. So I've tagged them to approve (or otherwise) this request :)

joanna_borun added a comment.Aug 8 2023, 11:05 AM

Apologies for the delay in completing this task. Our Infrastructure Foundations team is currently in the process of evaluating the global root access policy and potential enhancements to permissions. These improvements aim to provide sufficient access to our tools without requiring global root access. I will return with an update early next week. Thank you for your patience and understanding any inconvenience caused.

Volans subscribed.Aug 8 2023, 11:06 AM
Urbanecm_WMF subscribed.Aug 13 2023, 7:25 PM
jbond subscribed.Aug 16 2023, 9:15 AM
joanna_borun added a comment.Aug 16 2023, 1:43 PM

Approved

gerritbot added a comment.Aug 16 2023, 3:01 PM

Change 949536 had a related patch set uploaded (by Jbond; author: jbond):

[operations/puppet@production] admin: add taavi to ops group

https://gerrit.wikimedia.org/r/949536

gerritbot added a comment.Aug 16 2023, 4:05 PM

Change 949536 merged by Jbond:

[operations/puppet@production] admin: add taavi to ops group

https://gerrit.wikimedia.org/r/949536

andrea.denisse closed this task as Resolved.Aug 16 2023, 7:02 PM

Hi, I sent a patch for this change that was awaiting review.

https://gerrit.wikimedia.org/r/c/operations/puppet/+/940269/

Closing this task as resolved.

gerritbot added a comment.Aug 16 2023, 7:11 PM

Change 940269 abandoned by Andrea Denisse:

[operations/puppet@production] groups: Add taavi to the ops group

Reason:

Abandoning as patch #949536 implements this functionality.

https://gerrit.wikimedia.org/r/940269

Maintenance_bot removed a project: Patch-For-Review.Aug 16 2023, 7:30 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits