Page MenuHomePhabricator
Create Task
Maniphest T409707

Requesting access to Analytics_Privatedata for Chandra-WMDE
Closed, ResolvedPublicRequest
Actions

Description

Requestor provided information and prerequisites

Complete ALL items below as the individual person who is requesting access:

  • Wikimedia developer account username: chandra_wmde
  • Email address: chandra.prakash@extern.wikimedia.de
  • SSH public key (must be a separate key from Wikimedia cloud SSH access):

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuEKd+skdVK3ghID4xf1EGNU6bMz3maIa4UPTthJ2sl chandra.prakash@extern.wikimedia.de

  • Requested group membership: analytics_privatedata_users group membership and Kerberos credentials
  • Reason for access: Needed for work as an Analyst/Engineer at WMDE
  • Name of approving party (manager for WMF/WMDE staff): @WMDECyn
  • Ensure you have signed the L3 Wikimedia Server Access Responsibilities document: Signed
  • Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
  • - User has provided the following: developer account username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - The provided SSH key has been confirmed out of band and is verified not being used in WMCS.
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
admin: add user chandra-wmdeoperations/puppetproduction+12 -1
Customize query in gerrit

Event Timeline

Chandra-WMDE created this task.Mon, Nov 10, 10:15 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMon, Nov 10, 10:15 AM
AndrewTavis_WMDE updated the task description. (Show Details)Mon, Nov 10, 10:22 AM
AndrewTavis_WMDE edited subscribers, added: WMDECyn, AndrewTavis_WMDE; removed: Acynthiaanyango.
CDanis subscribed.Mon, Nov 10, 5:02 PM

Hi @Chandra-WMDE , seems like you posted the private key in the task instead of the public. Please stop using that key for anything, and generate a new one, and then we can get you sorted with access.

Chandra-WMDE added a comment.Tue, Nov 11, 2:00 PM

Hi @CDanis - Fine, No worries. I can create a new one. Can we continue with the same request or do I need to create a new one ?

AndrewTavis_WMDE added a comment.Tue, Nov 11, 2:05 PM

I'm sure we'll be fine with continuing on this request @Chandra-WMDE, and you can edit the task to reflect the new public key :)

WMDECyn added a comment.Tue, Nov 11, 3:27 PM

request approved from WMDE side

Chandra-WMDE updated the task description. (Show Details)Wed, Nov 12, 5:29 AM
Chandra-WMDE added a comment.EditedWed, Nov 12, 7:21 AM

@AndrewTavis_WMDE, @CDanis I have updated the public key after generating it again (i.e. new key) hope this will work. :)

AndrewTavis_WMDE updated the task description. (Show Details)Thu, Nov 13, 2:14 PM
Dzahn added subscribers: KFrancis, Dzahn.Fri, Nov 14, 4:58 PM

Hi @Chandra-WMDE Thank you, the key looks good and we can keep using this ticket. As the next step, could you please send an email to Katie Francis of WMF Legal (@KFrancis ) to start the NDA process (for WMDE staff).

@KFrancis I did not see the name on the spreadsheet yet. This is for WMDE staff (or rather, a WMDE contractor I think due to the "extern" part in the email address). Thanks!

Dzahn changed the task status from Open to In Progress.Fri, Nov 14, 4:58 PM
Dzahn moved this task from Untriaged to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.
Dzahn updated the task description. (Show Details)
KFrancis added a comment.Mon, Nov 17, 7:15 PM

Hi all, the NDA has been sent for signatures. I'll confirm when it's complete.

KFrancis added a comment.Tue, Nov 18, 5:18 PM

Hi all, the NDA has been signed. Thanks!

Volans triaged this task as Medium priority.Tue, Nov 18, 6:20 PM
Volans updated the task description. (Show Details)
Volans added subscribers: Ahoelzl, Milimetric, Volans.Tue, Nov 18, 7:18 PM

@WMDECyn, in case @Chandra-WMDE's position is a fixed term contract, could you provide us with the expiration date so that we can add it to data.yaml to track it?

Given that kerberos was also requested adding Data-Engineering for visibility and requesting approval by either @Milimetric or @Ahoelzl.

Volans updated the task description. (Show Details)Tue, Nov 18, 7:18 PM
WMDECyn added a comment.EditedWed, Nov 19, 6:38 AM

@Volans Chandra's position is fixed till maximum 31st Jan 2026

Volans updated the task description. (Show Details)Wed, Nov 19, 8:15 AM
Volans added a project: Data-Engineering.Fri, Nov 21, 5:13 PM

@Milimetric / @Ahoelzl by any chance one of you could review this task for approval?

gerritbot added a comment.Mon, Nov 24, 8:58 AM

Change #1210496 had a related patch set uploaded (by Volans; author: Volans):

[operations/puppet@production] admin: add user chandra-wmde

https://gerrit.wikimedia.org/r/1210496

gerritbot added a project: Patch-For-Review.Mon, Nov 24, 8:58 AM
RLazarus subscribed.Tue, Nov 25, 12:37 AM

@Milimetric @Ahoelzl Ping - can you approve for Data Engineering please? The requester is not a WMF or WMDE employee so this needs an explicit signoff.

Milimetric added a comment.Tue, Nov 25, 12:52 PM

Approved

sorry to miss the previous ping

gerritbot added a comment.Tue, Nov 25, 5:52 PM

Change #1210496 merged by RLazarus:

[operations/puppet@production] admin: add user chandra-wmde

https://gerrit.wikimedia.org/r/1210496

RLazarus updated the task description. (Show Details)Tue, Nov 25, 6:02 PM
RLazarus closed this task as Resolved.Tue, Nov 25, 6:10 PM
RLazarus claimed this task.

Thanks @Milimetric!

Added to nda:

rzl@ldap-maint1001:~$ ldapsearch -x cn=nda | grep chandra-wmde
member: uid=chandra-wmde,ou=people,dc=wikimedia,dc=org

Created Kerberos principal:

rzl@krb1002:~$ sudo manage_principals.py get chandra-wmde
get_principal: Principal does not exist while retrieving "chandra-wmde@WIKIMEDIA".
rzl@krb1002:~$ sudo manage_principals.py create chandra-wmde --email_address=chandra.prakash@extern.wikimedia.de
Principal successfully created. Make sure to update data.yaml in Puppet.
Successfully sent email to chandra.prakash@extern.wikimedia.de

@Chandra-WMDE Please allow up to 30 minutes for all that to take effect, and check your email for a temporary Kerberos password and instructions on how to change it. Then you should be all set, thanks for your patience!

Please also ensure you're also familiar with https://wikitech.wikimedia.org/wiki/Data_Platform/Data_access#User_responsibilities and reach out if you have any questions.

If you have any trouble with your access, feel free to reopen this task or file a new one.

Maintenance_bot removed a project: Patch-For-Review.Tue, Nov 25, 6:30 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits