Page MenuHomePhabricator
Create Task
Maniphest T343957

Requesting access to deployment for fkaelin
Closed, ResolvedPublicRequest
Actions

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Wikitech username: Fabian_Kaelin
  • Email address: fkaelin+wikitech@wikimedia.org
  • SSH public key (must be a separate key from Wikimedia cloud SSH access): ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHyKPeAQbIJzDPFnjM4i0gl4RbDUZRJB7aPhzTwtjpAH fab@wmf
  • Requested group membership: deployment
  • Reason for access: deploy miscweb Kubernetes service from deployment hosts
  • Name of approving party (manager for WMF/WMDE staff): @leila
  • Ensure you have signed the L3 Wikimedia Server Access Responsibilities document:
  • Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
  • - User has provided the following: wikitech username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - The provided SSH key has been confirmed out of band and is verified not being used in WMCS.
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

SubjectRepoBranchLines +/-
admin: add fab to deployment groupoperations/puppetproduction+1 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

Jelto created this task.Aug 10 2023, 9:28 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 10 2023, 9:28 AM
Jelto added a parent task: T334511: Move research webpages to gitlab.Aug 10 2023, 9:29 AM
leila added a comment.Aug 13 2023, 1:10 AM

Approved on my end. Thank you!

colewhite updated the task description. (Show Details)Aug 14 2023, 9:44 PM
colewhite added subscribers: thcipriani, colewhite.Aug 14 2023, 9:50 PM
  • L3 not yet signed.
  • LDAP user does not exist. Fabian should try logging in to wikitech and verify the email address, if required.
  • deployment group access needs additional OK from @thcipriani
colewhite moved this task from Untriaged to Awaiting User Input on the SRE-Access-Requests board.Aug 14 2023, 9:51 PM
fkaelin added a comment.Aug 15 2023, 2:43 PM

Thanks @colewhite.

  • As part of the data eng onboarding (T267817), I signed the L3 and a LDAP user should have been created.
  • This is the wikitech account, and the shell name is fab.
  • The SSH in this ticket is also used for the data engineering infra, but not for the cloud services.

Please let me know if something is not in order.

RhinosF1 updated the task description. (Show Details)Aug 15 2023, 2:50 PM
Restricted Application added a subscriber: RhinosF1. · View Herald TranscriptAug 15 2023, 2:50 PM
colewhite updated the task description. (Show Details)Aug 15 2023, 7:40 PM
colewhite added a comment.Aug 15 2023, 7:45 PM

Thanks @fkaelin!

Found the L3 signature. Good to go!
Found based on the shell name and existing data entry. The email is subaddressed making ldap search return false negative.

Just need a sign off from @thcipriani and we can merge the patch.

colewhite updated the task description. (Show Details)Aug 15 2023, 7:45 PM
gerritbot added a comment.Aug 15 2023, 7:48 PM

Change 948693 had a related patch set uploaded (by Cwhite; author: Cwhite):

[operations/puppet@production] admin: add fab to deployment group

https://gerrit.wikimedia.org/r/948693

gerritbot added a project: Patch-For-Review.Aug 15 2023, 7:48 PM
colewhite moved this task from Awaiting User Input to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.Aug 15 2023, 7:48 PM
Clement_Goubert changed the task status from Open to In Progress.Aug 16 2023, 2:22 PM
thcipriani added a comment.Aug 16 2023, 7:11 PM

Approved from the deployment group. Rationale makes sense.

thcipriani updated the task description. (Show Details)Aug 16 2023, 7:11 PM
MoritzMuehlenhoff mentioned this in T325361: Repurpose bast3004 as ganeti node.Aug 17 2023, 5:52 AM
gerritbot added a comment.Aug 17 2023, 8:11 AM

Change 948693 merged by Clément Goubert:

[operations/puppet@production] admin: add fab to deployment group

https://gerrit.wikimedia.org/r/948693

Clement_Goubert closed this task as Resolved.Aug 17 2023, 8:13 AM
Clement_Goubert claimed this task.
Clement_Goubert added a subscriber: Clement_Goubert.

Patch merged, the access should be deployed by puppet in the next half-hour. Boldly resolving, feel free to reopen if there is any issue.

Maintenance_bot removed a project: Patch-For-Review.Aug 17 2023, 8:30 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL