Page MenuHomePhabricator
Create Task
Maniphest T417465

offboarding Alex Kosiaris
Closed, ResolvedPublic
Actions

Description

This is the offboarding ticket for Alex per docs for offboarding an SRE: https://wikitech.wikimedia.org/wiki/SRE_Offboarding#Phabricator_ticket

  • update LDAP permissions based on NDA status
  • update Phabricator permissions based on NDA status
  • Check HBase/Hadoop permissions and inform the SRE analytics team
  • update user in modules/admin/data/data.yaml
  • run the logout cookbook

Additional task for SRE team members

  • Review access to internal IRC channels
  • Remove from ops mailing lists (ops and ops-private)
  • Remove from private Exim aliases
  • Remove VictorOps and OnCallOptimiser users
  • Remove Icinga user
  • Remove from pwstore
  • Review access to network devices (and potentially remove access)
  • Remove Kerberos principal (if present)

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Remove Alex from routersoperations/homer/publicmaster+0 -5
Remove Alex from Icingaoperations/puppetproduction+4 -4
offboarding akosiarisoperations/puppetproduction+7 -1 K
Customize query in gerrit

Related Objects
Search...

Event Timeline

Dzahn created this task.Fri, Feb 13, 11:07 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFri, Feb 13, 11:07 PM
Dzahn added subscribers: Muehlenhoff, akosiaris.Fri, Feb 13, 11:08 PM
gerritbot added a comment.Fri, Feb 13, 11:09 PM

Change #1237055 had a related patch set uploaded (by Dzahn; author: Alexandros Kosiaris):

[operations/puppet@production] offboarding akosiaris

https://gerrit.wikimedia.org/r/1237055

gerritbot added a project: Patch-For-Review.Fri, Feb 13, 11:09 PM
gerritbot added a comment.Sat, Feb 14, 12:33 AM

Change #1237055 merged by Dzahn:

[operations/puppet@production] offboarding akosiaris

https://gerrit.wikimedia.org/r/1237055

Stashbot added a comment.Sat, Feb 14, 1:12 AM

Mentioned in SAL (#wikimedia-operations) [2026-02-14T01:12:01Z] <mutante> cumin1003 - race condition between puppet and systemd - puppet fails because userdel fails. userdel fails because there is still a pid used by the user. that process is /lib/systemdl/system --user - ran "loginctl terminate-user"; killed tmux PID; ran puppet again T417465

Dzahn updated the task description. (Show Details)Sat, Feb 14, 1:25 AM
Maintenance_bot removed a project: Patch-For-Review.Sat, Feb 14, 1:30 AM
MoritzMuehlenhoff subscribed.Sat, Feb 14, 9:02 AM
In T417465#11617433, @Stashbot wrote:

Mentioned in SAL (#wikimedia-operations) [2026-02-14T01:12:01Z] <mutante> cumin1003 - race condition between puppet and systemd - puppet fails because userdel fails. userdel fails because there is still a pid used by the user. that process is /lib/systemdl/system --user - ran "loginctl terminate-user"; killed tmux PID; ran puppet again T417465

That's why there is the "run the logout cookbook" step, it logs the user out via systemd-logind...

Dzahn updated the task description. (Show Details)Sat, Feb 14, 5:57 PM

Ok, I ran it.

[cumin2002:~] $ sudo cookbook sre.idm.logout --uid akosiaris --cn 'Alexandros Kosiaris' 'A:all'
Peachey88 added a parent task: T417489: Remove the admin rights of AKosiaris (WMF) on wikitech.Sun, Feb 15, 1:37 AM
MoritzMuehlenhoff updated the task description. (Show Details)Mon, Feb 16, 7:32 AM
MoritzMuehlenhoff updated the task description. (Show Details)Mon, Feb 16, 7:36 AM
gerritbot added a comment.Mon, Feb 16, 7:38 AM

Change #1239568 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/puppet@production] Remove Alex from Icinga

https://gerrit.wikimedia.org/r/1239568

gerritbot added a project: Patch-For-Review.Mon, Feb 16, 7:38 AM
gerritbot added a comment.Mon, Feb 16, 7:44 AM

Change #1239568 merged by Muehlenhoff:

[operations/puppet@production] Remove Alex from Icinga

https://gerrit.wikimedia.org/r/1239568

MoritzMuehlenhoff updated the task description. (Show Details)Mon, Feb 16, 7:45 AM
MoritzMuehlenhoff updated the task description. (Show Details)Mon, Feb 16, 7:51 AM
gerritbot added a comment.Mon, Feb 16, 7:54 AM

Change #1239574 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/homer/public@master] Remove Alex from routers

https://gerrit.wikimedia.org/r/1239574

MoritzMuehlenhoff updated the task description. (Show Details)Mon, Feb 16, 8:15 AM
MatthewVernon added a project: Infrastructure-Foundations.Mon, Feb 16, 8:33 AM
gerritbot added a comment.Mon, Feb 16, 8:42 AM

Change #1239574 merged by jenkins-bot:

[operations/homer/public@master] Remove Alex from routers

https://gerrit.wikimedia.org/r/1239574

MoritzMuehlenhoff updated the task description. (Show Details)Mon, Feb 16, 8:53 AM
Maintenance_bot removed a project: Patch-For-Review.Mon, Feb 16, 9:31 AM
MoritzMuehlenhoff updated the task description. (Show Details)Mon, Feb 16, 10:28 AM
MoritzMuehlenhoff triaged this task as Medium priority.Mon, Feb 16, 3:41 PM
Peachey88 added a parent task: T417537: Check home/HDFS leftovers of akosiaris.Tue, Feb 17, 9:17 AM
Dzahn updated the task description. (Show Details)Tue, Feb 17, 5:02 PM

removed from ops/ops-private:

[lists1004:~] $ sudo mailman-wrapper delmembers -m akosiaris@wikimedia.org -l ops@lists.wikimedia.org
[lists1004:~] $ sudo mailman-wrapper delmembers -m akosiaris@wikimedia.org -l ops-private@lists.wikimedia.org
MoritzMuehlenhoff closed this task as Resolved.Tue, Feb 17, 7:36 PM
MoritzMuehlenhoff claimed this task.

All done

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits