Requesting access to deployment for arthurtaylor
Closed, ResolvedPublicRequest
Actions

Assigned To

Authored By

	ArthurTaylor
	Feb 13 2025, 12:20 PM

Description

Requestor provided information and prerequisites

Complete ALL items below as the individual person who is requesting access:

Wikimedia developer account username: arthurtaylor
Email address: arthur.taylor@wikimedia.de
SSH public key (must be a separate key from Wikimedia cloud SSH access): ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDLDJE2cFfSD48QeoiWLFr7P2eBiXTYcT+q9i5rohciO4KAEfYmcBSY7oyHmwAdCgdJowz3Kq+S7pvU6TNn+1PEfQY6iBW8ZPfYalxWyJlObNyIzlGnqELZI7b2cjkOfV9GPBH6p+gThAW2dpyUYqE18GvRYH/uNaUbvNBF2KBXx9PniZSqh6RCjMvHMS2JjiVdQCa+W8dV26lQDyLXNTAL+przkq4pUFpF2sC77hQrah+MGu4XaJ7Sj+3OsWEZujd9vKmtwfGbM/BTeqi2ktgSf5ucS4TVU8ZfEEUN/1aJzwURphGFWHVBCWOmabR2ti+NV1uVUPQ/z8JtE2Jy4XOVXZlTJ7gcsb2ZhJ2tLPtor8olQKqIi/Wbl+VWgp5vQ6c+DyssZhIvH7EFdpHzbG0x8/OHQcJawQg3lEOJKw/8iLqUTLd6t1JOz5L46NDHG/LkR0RUelZbe+q0yz91ZkD/hMy7mFOQrQOc0jhgGIjYO5+VdABBLg9H4jHolhJVK19oZbfB/9633NzGZTr3t5UhNDl3HSfP6CQ3xRiRCht/V/a8Ud8uO42F7wVvodh0s7y9db6Mz5S9eTGpIRClLJVHcmVnehcb//+nLvssoOqh0YVr0zmRRJKhG+eZSe8ktzjh1R1eQExfKaAlm7/oh3+9AmxxHwoxfcURznS8PlpPmw==
Requested group membership: deployment
Reason for access: deploying updates - will deploy backports and config changes as part of my Wikibase / Wikidata work
Name of approving party (manager for WMF/WMDE staff): @karapayneWMDE
Ensure you have signed the L3 Wikimedia Server Access Responsibilities document:
Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

- User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
- User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
- User has provided the following: developer account username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
- User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
- The provided SSH key has been confirmed out of band and is verified not being used in WMCS.
- access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
- access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

Related Changes in Gerrit:

	Subject	Repo	Branch	Lines +/-
	admin: upgrade arthurtaylor from restricted to deployment	operations/puppet	production	+2 -2

Customize query in gerrit

Event Timeline

ArthurTaylor created this task.Feb 13 2025, 12:20 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 13 2025, 12:20 PM

as the EM of Wikidata at WMDE, I approve this request!

Confirming Arthur is already on the NDA tracking sheet, checking this box off.

Dzahn updated the task description. (Show Details)Feb 13 2025, 10:16 PM

Dzahn updated the task description. (Show Details)

@thcipriani Hello, here is a request for deployment access for your consideration.

Dzahn moved this task from Untriaged to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.Feb 13 2025, 10:20 PM

Thanks for the ping @Dzahn

Request looks good to me, approved.

Thanks for volunteering. Please reach out if you need anything.

Dzahn updated the task description. (Show Details)Feb 13 2025, 10:22 PM

I have sent an email to Arthur to verify the SSH key outside of this ticket.

Arthur confirmed via email that this is the correct key and it has not been used elsewhere / in cloud before. Checking that box off as well.

Dzahn updated the task description. (Show Details)Feb 19 2025, 8:15 PM

Dzahn moved this task from Manager/NDA Approval/Confirmation to Patch in Review on the SRE-Access-Requests board.

Noticed now Arthur already has other non-deployment but production shell access, using this key:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/OQjQqWzDvDCW9JNQxNAXEwlJ1BL2DCQHItZMxZELH arthur.taylor@wikimedia.de

Change #1121088 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] admin: upgrade arthurtaylor from restricted to deployment

https://gerrit.wikimedia.org/r/1121088

gerritbot added a project: Patch-For-Review.Feb 19 2025, 8:28 PM

Dzahn changed the task status from Open to In Progress.Feb 19 2025, 8:30 PM

Arthur clarified the new key is a yubikey key. I advised to first have this added in addition to the existing key and test things.

And that we should treat the key addition or replacement as separate from the deployment access request which is good to go with the existing key.

Change #1121088 merged by Dzahn:

[operations/puppet@production] admin: upgrade arthurtaylor from restricted to deployment

https://gerrit.wikimedia.org/r/1121088

20:52 < mutante> !log welcome new deployer Arthur Taylor (T386349)

[deploy1003:~] $ id arthurtaylor
uid=45664(arthurtaylor) gid=500(wikidev) groups=500(wikidev),705(deployment),721(deployment-ci-admins)

Arthur, You have been added to the deployment group. You already had shell access to the deployment servers but now you have the group with rights to actually deploy.

Please coordinate with Tyler and/or deployment training for next steps.

Maintenance_bot removed a project: Patch-For-Review.Feb 20 2025, 9:30 PM

Requesting access to deployment for arthurtaylorClosed, ResolvedPublicRequestActions