Page MenuHomePhabricator

Requesting access to stewards-users and group approver role for urbanecm
Closed, ResolvedPublicRequest

Description

Requestor provided information and prerequisites

This section is to be completed by the individual requesting access.

  • Wikimedia developer account username: urbanecm
  • Email address: murbanec@wikimedia.org (LDAP address)
  • SSH public key (must be a separate key from Wikimedia cloud SSH access): see puppet
  • Requested group membership: stewards-users
  • Reason for access: To be able to manage the stewards machines that is being created in T344164.
  • Name of approving party (manager for WMF/WMDE staff): not sure
  • Ensure you have signed the L3 Wikimedia Server Access Responsibilities document: L3 is signed
  • Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
  • - User has provided the following: developer account username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - The provided SSH key has been confirmed out of band and is verified not being used in WMCS.
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access


Additionally this is a request to make urbanecm the group approver for the newly created "stewards-users" group. I approve of this as the group creator. --Dzahn

Event Timeline

Dzahn renamed this task from Requesting access to stewards-users for urbanecm to Requesting access to stewards-users and group approver role for urbanecm.Nov 8 2023, 10:39 PM
Dzahn updated the task description. (Show Details)
Dzahn subscribed.

In addition to adding urbanecm to the "stewards-users" group this is also a request to add him as the group approver for future group additions. I approve of this as the creator of the group (https://gerrit.wikimedia.org/r/c/operations/puppet/+/972874).

Change 972909 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] admin: add Martin Urbanec as group approver for stewards-users

https://gerrit.wikimedia.org/r/972909

requestor has existing shell access so no need to worry about L3, NDA, keys.. just a group addition.

Change 972911 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] admin: add urbanecm to stewards-users

https://gerrit.wikimedia.org/r/972911

@DMburugu Namely tells me you are Martin's manager. Would you approve this access please?

I'm confused if this is a staff request (@wikimedia.org email address) or a volunteer request (@Urbanecm volunteer Phabricator account requesting this)

I'm confused if this is a staff request (@wikimedia.org email address) or a volunteer request (@Urbanecm volunteer Phabricator account requesting this)

This is a volunteer request, since the machine is dedicated for the Stewards to make use of it. I specified my work address, since that's the address I currently have on file in data.yaml and in LDAP. Unlike SUL accounts (and sometimes Phab accounts), WMF staff members typically have only one developer/LDAP account, which can have only a single email address, so it can cause a confusion form time to time. So, clarifying.

Change 972909 merged by Dzahn:

[operations/puppet@production] admin: add Martin Urbanec as group approver for stewards-users

https://gerrit.wikimedia.org/r/972909

@Urbanecm As the new group approver for this new group would you approve that guy @Urbanecm?

@Urbanecm As the new group approver for this new group would you approve that guy @Urbanecm?

I'm not sure we can trust them 😉.

I've discussed this with @Urbanecm and I approve his access.

Change 974154 had a related patch set uploaded (by MVernon; author: MVernon):

[operations/puppet@production] admin: add urbanecm to stewards-users group

https://gerrit.wikimedia.org/r/974154

Change 974154 abandoned by MVernon:

[operations/puppet@production] admin: add urbanecm to stewards-users group

Reason:

CR 972911 already does this (without upsetting CI)

https://gerrit.wikimedia.org/r/974154

Change 972911 merged by MVernon:

[operations/puppet@production] admin: add urbanecm to stewards-users

https://gerrit.wikimedia.org/r/972911

MatthewVernon claimed this task.
MatthewVernon subscribed.

Done (once puppet has done its magic).