Page MenuHomePhabricator

Give mvolz access to sha machine i.e.
Closed, ResolvedPublic

Event Timeline

Mvolz raised the priority of this task from to Needs Triage.
Mvolz updated the task description. (Show Details)
Mvolz added projects: Citoid, acl*sre-team, Services.
Mvolz moved this task to Production on the Citoid board.
Mvolz added subscribers: Mvolz, GWicke.

I do not currently see a user mvolz in our shell access group (modules/admin/data/data.yml.)

Is this a new user request for access?

If so, I'd request that @Mvolz please review the following URL:

If you are a new user entirely, there are a couple of extra steps that an existing user doesn't have. Both require that you read and sign Additionally, you'll need the following:

:* '''Include the following information:'''
::* Your full name.
::* Your labs username/wikitech username (a link to your profile is welcome).
:::* We base production UID from labs UID, so you have to sign up on labs/wikitech before you request access to the normal cluster.
::* Your preferred shell user name.
::* Your public RSA/DSA key must be provided, and has a few criteria:
:::* Key must be uploaded via a non-email means, the following suggestions suffice:
::::* Put a copy of your public key on your wiki user page.
::::* Paste your public key into a phabricator task directly or onto a file/paste via web (but not via email!)
::::* Upload your own patchset to gerrit which includes your public key.
::* The project being worked on with a full and detailed reason for access and what will be done with said access. Please include as much information as possible, as it will detail what servers you need access to, and we can ensure that we get all the proper permissions correct. There are varying levels of access via shell, and we will err on the side of 'less is more.' It is advised that you are as detailed as possible, or you may find yourself lacking the access you require. If there are existing users who have similar access it is useful to document the group from [ puppet].
::* Approval from your direct supervisor (this is nearly always a paid employee of the Foundation technical staff)
:::* This approval should be via web reply to the phabricator task (this prevents socially engineered or email spoofed approvals.)

Please reply back to this task with the above information after reading the provided links and signing the associated document.

If your an existing user, we'll just need your username, as I don't see one with the same name as your phabricator name.

RobH triaged this task as High priority.Feb 10 2015, 10:00 PM
RobH set Security to None.

I want read access to the output logs from the citoid service which is publicly facing here: This is because it is giving internal server errors and it shouldn't be. (There are some known issues with how the service is being run in production, but those issues don't explain this particular problem.) I anticipate an ongoing need to look at these logs to diagnose issues that crop up.

I don't actually know how or where the output from the service is being stored. Or what machine this is. If this is not enough information then @Catrope or @akosiaris could provide specifics.

Direct supervisor: @Jdforrester-WMF

gerritbot added a subscriber: gerritbot.

Change 190405 had a related patch set uploaded (by Dzahn):
create shell user for Marielle Volz


@Mvolz Hello, welcome to Wikimedia. I made a patch to add your ssh key and create a user.

It is now in code review in gerrit, see the link above. Also added you in the Gerrit UI, which may have mailed you separetely.

There will have to be another one that adds your user into appropriate roles for the citoid access. We will follow-up with that soon.

Thanks @Dzahn

Who do you need to +2 this?

@Mvolz we have a rotation system. this week it's @Ottomata. also it had to wait for 3 (business) days. I just rebased it.

@Ottomata please see the change above. also, it needs some roles for this, so far it's just the user acount itsel

Change 190405 merged by Ottomata:
create shell user for Marielle Volz


@Mvolz, you should be good to go. Add this to your .ssh/config:

ForwardAgent no

Host ! * *.wmnet 
     ProxyCommand ssh -a -W %h:%p

And then try to ssh into sca1001.eqiad.wmnet and sca1002.eqiad.wmnet.