Page MenuHomePhabricator
Create Task
Maniphest T342535

Requesting access to analytics_privatedata_users, deployment_members for Mabualruz
Closed, ResolvedPublicRequest
Actions

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Wikitech username: Mabualruz
  • Email address: mabualruz@mediawiki.org
  • SSH public key (must be a separate key from Wikimedia cloud SSH access): ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGGla5S5N4SYzbpqWnSzO9AIk2EmjwRoQe807+yQ5zAT
  • Requested group membership: analytics_privatedata_users, deployment_members
  • Reason for access: Deployments for team's ticket. Checking analytics data
  • Name of approving party (manager for WMF/WMDE staff): @Jdlrobson @NatHillard
  • Ensure you have signed the L3 Wikimedia Server Access Responsibilities document: Done!
  • Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
  • - User has provided the following: wikitech username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform) [email is @wikimedia.org, @mediawiki is a typo]
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - The provided SSH key has been confirmed out of band and is verified not being used in WMCS.
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

SubjectRepoBranchLines +/-
admin: add mabualruz to deployment groupoperations/puppetproduction+1 -1
admin: Add Mabualruz to analytics-private-dataoperations/puppetproduction+9 -5
Customize query in gerrit

Related Objects
Search...

Event Timeline

Mabualruz created this task.Jul 24 2023, 12:30 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 24 2023, 12:30 PM
Mabualruz added a comment.Jul 24 2023, 12:31 PM

@NatHillard @Jdlrobson Please provide approval

NBaca-WMF subscribed.Jul 24 2023, 5:57 PM

Approved

Aklapper renamed this task from Requesting access to RESOURCE for USER[S] to Requesting access to analytics_privatedata_users, deployment_members for Mabualruz.Jul 24 2023, 9:23 PM
ssingh updated the task description. (Show Details)Jul 26 2023, 6:06 PM
ssingh added a subscriber: mediawiki.
ssingh added subscribers: odimitrijevic, thcipriani, Milimetric, ssingh.

@thcipriani and @odimitrijevic/@Milimetric this requires your approval for the deployment and analytics-privatedata groups respectively.

odimitrijevic added a comment.Jul 26 2023, 11:26 PM

Approved

fgiunchedi subscribed.Aug 2 2023, 3:15 PM

@thcipriani ping for approval on this re: deployment group, thank you!

fgiunchedi added a comment.Aug 2 2023, 3:17 PM

@Mabualruz we'll also need to verify out of band the ssh public key you provided. One way is if you publish the same key in your wiki user page, thank you !

colewhite moved this task from Untriaged to Awaiting User Input on the SRE-Access-Requests board.Aug 14 2023, 9:52 PM
colewhite assigned this task to Mabualruz.Aug 15 2023, 7:49 PM
Clement_Goubert changed the task status from Open to Stalled.Aug 16 2023, 11:06 AM
thcipriani added a comment.Aug 16 2023, 8:25 PM

@Mabualruz I can't remember have you done our https://wikitech.wikimedia.org/wiki/Deployments/Training before?

I can't seem to find a task for you https://phabricator.wikimedia.org/search/query/RGEIYdZyhw1B/#R

Clement_Goubert subscribed.Aug 17 2023, 8:16 AM

@Mabualruz The out of band verification of your SSH public key is still required as well.

Ladsgroup removed a subscriber: mediawiki.Aug 28 2023, 7:03 AM
Mabualruz added a comment.Aug 28 2023, 11:52 AM
In T342535#9097588, @thcipriani wrote:

@Mabualruz I can't remember have you done our https://wikitech.wikimedia.org/wiki/Deployments/Training before?

I can't seem to find a task for you https://phabricator.wikimedia.org/search/query/RGEIYdZyhw1B/#R

Nope I have not done the training, I would love to start should I create a task for that myself or send a request to someone?

Mabualruz added a comment.Aug 28 2023, 11:53 AM
In T342535#9098329, @Clement_Goubert wrote:

@Mabualruz The out of band verification of your SSH public key is still required as well.

sorry for the late replies, I was out on vacation. Let me know if anything is needed from my side.

Clement_Goubert unsubscribed.Aug 28 2023, 12:39 PM
Ladsgroup subscribed.Aug 28 2023, 5:13 PM

I'm the clinic duty this week. I will take over from here. Let me double check the ssh key.

Ladsgroup added a comment.Aug 29 2023, 3:05 PM

Hi @Mabualruz, you need to confirm your ssh key out of band with me.

Ladsgroup claimed this task.Aug 29 2023, 4:00 PM

SSH key confirmed out of band.

gerritbot added a comment.Aug 30 2023, 9:08 AM

Change 953565 had a related patch set uploaded (by Ladsgroup; author: Amir Sarabadani):

[operations/puppet@production] admin: Add Mabualruz to analytics-private-data

https://gerrit.wikimedia.org/r/953565

gerritbot added a project: Patch-For-Review.Aug 30 2023, 9:08 AM
thcipriani added a comment.Aug 30 2023, 3:21 PM
In T342535#9123141, @Mabualruz wrote:
In T342535#9097588, @thcipriani wrote:

@Mabualruz I can't remember have you done our https://wikitech.wikimedia.org/wiki/Deployments/Training before?

I can't seem to find a task for you https://phabricator.wikimedia.org/search/query/RGEIYdZyhw1B/#R

Nope I have not done the training, I would love to start should I create a task for that myself or send a request to someone?

Yes please! Fill out the form here to make a task, and I'll get you on the schedule: https://phabricator.wikimedia.org/maniphest/task/edit/form/96/

Mabualruz added a comment.Aug 30 2023, 3:40 PM
In T342535#9131286, @thcipriani wrote:

Yes please! Fill out the form here to make a task, and I'll get you on the schedule: https://phabricator.wikimedia.org/maniphest/task/edit/form/96/

I just did yesterday https://phabricator.wikimedia.org/T345186

Ladsgroup added a comment.Aug 31 2023, 10:06 AM

What kind of analytics data you need access to? https://wikitech.wikimedia.org/wiki/Analytics/Data_access#Access_Levels There are different levels

gerritbot added a comment.Aug 31 2023, 10:25 AM

Change 953565 merged by Ladsgroup:

[operations/puppet@production] admin: Add Mabualruz to analytics-private-data

https://gerrit.wikimedia.org/r/953565

Maintenance_bot removed a project: Patch-For-Review.Aug 31 2023, 10:30 AM
hashar subscribed.Sep 14 2023, 7:16 AM

While doing the backport & config training this morning with Mohd (T345186), we found out he has no access to the deployment server since he hasn't been added to the deployment group.

May you add his account to deployment_members and I guess that will solve this task.

hashar added a parent task: T345186: Deployment training request for mabualruz.Sep 14 2023, 7:16 AM
hashar mentioned this in T345186: Deployment training request for mabualruz.Sep 15 2023, 4:41 PM
RLazarus changed the task status from Stalled to Open.Sep 16 2023, 7:10 PM
RLazarus subscribed.

@thcipriani Sorry for the back-and-forth, but just because it isn't 100% explicit from reading this task -- did you want @Mabualruz to get deployer training before being added to the group? Or do we have your approval to add him, so that he can do the training hands-on?

Ladsgroup added a comment.Sep 17 2023, 12:08 PM

My understanding has been that Mo should do a couple of training before the access to get trained (from T342535#9097588 by Tyler) and then can have access but hashar's comment coneys the opposite? (T342535#9165606). Can we have a clear criteria on when training should be given?

thcipriani added a comment.Sep 19 2023, 4:35 PM
In T342535#9171415, @RLazarus wrote:

@thcipriani Sorry for the back-and-forth, but just because it isn't 100% explicit from reading this task -- did you want @Mabualruz to get deployer training before being added to the group? Or do we have your approval to add him, so that he can do the training hands-on?

I wanted @Mabualruz to attend at least one training before getting access so he has some familiarity with the process. Now that he has, I'm happy to approve access.

In T342535#9172944, @Ladsgroup wrote:

My understanding has been that Mo should do a couple of training before the access to get trained (from T342535#9097588 by Tyler) and then can have access but hashar's comment coneys the opposite? (T342535#9165606). Can we have a clear criteria on when training should be given?

Ideally, a person would get some overview/training before being granted access (so, attend at least one training). That way, they're not going into the process without any background.

More ideally, they'd get more training after getting access. They'd get to deploy themselves, gaining hands-on experienced with a seasoned deployer there to answer questions/catch anything is amiss.

Most ideally, that'd be a single training session; i.e., we demo and explain deployment, flip a switch, then they push the buttons to do a deployment. But we don't have the mechanism for people doing the training to flip that switch during the training at the moment.

</braindump> (hope this clarifies my thinking here; if not, please ask)

So now that @Mabualruz has attended a training, I'm happy to approve access request.

Sorry for any confusion!

Mabualruz added a comment.Sep 19 2023, 5:16 PM

I am happy to attend another training session with access so I can try to gain some hands on experience.

hashar added a comment.Sep 20 2023, 8:13 AM

My intent was to let @Mabualruz run a backport during the training which in turns require access to the deployment group hence why I came back to this task. Would be great to have the access granted today so we can do the training tomorrow.

Ladsgroup added a comment.Sep 20 2023, 9:27 AM

Today we have the datacenter switchover.

colewhite updated the task description. (Show Details)Sep 21 2023, 11:22 PM
colewhite added a subscriber: mediawiki.
gerritbot added a comment.Sep 21 2023, 11:26 PM

Change 958982 had a related patch set uploaded (by Cwhite; author: Cwhite):

[operations/puppet@production] admin: add mabualruz to deployment group

https://gerrit.wikimedia.org/r/958982

gerritbot added a project: Patch-For-Review.Sep 21 2023, 11:26 PM
colewhite removed a subscriber: mediawiki.Sep 21 2023, 11:26 PM
colewhite updated the task description. (Show Details)Sep 21 2023, 11:28 PM
colewhite added a subscriber: mediawiki.
colewhite removed a subscriber: mediawiki.
gerritbot added a comment.Sep 22 2023, 3:50 PM

Change 958982 merged by Cwhite:

[operations/puppet@production] admin: add mabualruz to deployment group

https://gerrit.wikimedia.org/r/958982

colewhite closed this task as Resolved.Sep 22 2023, 3:51 PM
colewhite subscribed.

The group membership change has been deployed.

Please feel free to reopen if you encounter any related issue.

Maintenance_bot removed a project: Patch-For-Review.Sep 22 2023, 4:10 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL