Page MenuHomePhabricator
Create Task
Maniphest T404697

Requesting access to deployment for mszwarc
Closed, ResolvedPublicRequest
Actions

Description

Requestor provided information and prerequisites

Complete ALL items below as the individual person who is requesting access:

  • Wikimedia developer account username: mszwarc
  • Email address: mszwarc@wikimedia.org
  • SSH public key (must be a separate key from Wikimedia cloud SSH access): ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBNa3Zs0zpzY7nuPIbuFFKUE65xKH4fFHu+u32yjnqIr mszwarc@Marcin-WMF
  • Requested group membership: deployment
  • Reason for access: When working on PSI's projects, I've quite often had to rely on @Dreamy_Jazz or others to apply some patches to the production. These included security patches that needed to be updated for the next week's train, as well as code for CheckUser-SuggestedInvestigations, which in significant part consists of private code (and thus, has to be deployed outside of the train). Apart from that, I've prepred several config patches. Having deployer rights would enable me to apply those changes myself without the need to involve other developers' time.
  • Name of approving party (manager for WMF/WMDE staff): @OKryva-WMF
  • Ensure you have signed the L3 Wikimedia Server Access Responsibilities document: Yes, I did
  • Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
  • - User has provided the following: developer account username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - The provided SSH key has been confirmed out of band and is verified not being used in WMCS.
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
admin: add mszwarc to deployers groupoperations/puppetproduction+1 -1
Customize query in gerrit

Event Timeline

mszwarc created this task.Sep 16 2025, 10:57 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 16 2025, 10:57 AM
OKryva-WMF added a comment.Sep 16 2025, 11:00 AM

As Marcin's Engineering Manager, approve.

colewhite updated the task description. (Show Details)Sep 17 2025, 5:12 PM
colewhite added subscribers: thcipriani, colewhite.Sep 17 2025, 5:15 PM

Requesting approval from @thcipriani. Does everything look in order to you?

colewhite moved this task from Untriaged to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.Sep 17 2025, 5:15 PM
gerritbot added a comment.Sep 17 2025, 5:18 PM

Change #1189259 had a related patch set uploaded (by Cwhite; author: Cwhite):

[operations/puppet@production] admin: add mszwarc to deployers group

https://gerrit.wikimedia.org/r/1189259

gerritbot added a project: Patch-For-Review.Sep 17 2025, 5:18 PM
thcipriani added a comment.Sep 17 2025, 8:35 PM

Approved!

@mszwarc please ensure you're familiar with backporter responsibilities, tips, and tricks. I'm happy to ride along on a deployment with you if it'd be helpful (though I know you have many experienced deployers on your team, too).

colewhite updated the task description. (Show Details)Sep 17 2025, 10:18 PM
gerritbot added a comment.Sep 17 2025, 10:19 PM

Change #1189259 merged by Cwhite:

[operations/puppet@production] admin: add mszwarc to deployers group

https://gerrit.wikimedia.org/r/1189259

colewhite closed this task as Resolved.Sep 17 2025, 10:21 PM
colewhite claimed this task.
colewhite triaged this task as Medium priority.
colewhite moved this task from Manager/NDA Approval/Confirmation to Ready To Go on the SRE-Access-Requests board.

The group membership change has been deployed.

Please feel free to reopen if you encounter any related issue.

Maintenance_bot removed a project: Patch-For-Review.Sep 17 2025, 10:30 PM
Stashbot added a comment.Jan 8 2026, 2:51 PM

Mentioned in SAL (#wikimedia-operations) [2026-01-08T14:51:20Z] <urbanecm> Add mszwarc to wmf-deployment on Gerrit (existing deployer, T404697)

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits