Thanks everyone, inspiring to see the commitment to donor privacy in action.

@Pcoombe can we get contact/employment info for @Jksamra updated on https://collab.wikimedia.org/wiki/Fundraising#Contact_List ?

@Dzahn yep looks good now! Thanks :)

@Dzahn it goes back as far as current syslog, I'll dig back and see when it started. Fwiw I can telnet to 208.80.154.84 5667 and it works, but 208.80.153.74 says Connection Refused. iptables&pfw both look to be open.

@Pcoombe sure, it appears @Jksamra is the last member of the cps_data unix group, is that still a relevant distinction? Easiest thing would be to change to the fundraising group.

She got into Civi, we are awaiting the Yubikey for shell stuff.

This is fine for now.

@Jksamra cleaning house, re-open if you have trouble logging in

@TSkaff cleaning house, re-open if you are still having trouble

@spatton cleaning house, re-open if you are still having trouble

@Jksamra there are now 2 files in your home directory on frdev1001, jsamra.p12 (the encrypted certificate) and jsamra.pw (the password to decrypt the cert). Let me know if you need a hand retrieving/installing

Nasty. Can you try removing/re-adding the cert?

@CCogdill_WMF hrm, I think this is a keychain problem based on: https://www.nicksherlock.com/2017/09/fixing-err_ssl_client_auth_signature_failed-on-macos/

@Jksamra you should, collab is actually meant for contractor access, but at the moment I'm not sure who admins access to that wiki...

@spatton my mistake, I forgot you have an account on frdev1001, so that is where your cert and password are located. Hit me up on IRC if you need help retrieving them.

@Jksamra sure, we can get you set up. Can you update your contact info on here? https://collab.wikimedia.org/wiki/Fundraising#Contact_List

@spatton you should have received a new one on or around 10/22 via email, and the password via SMS. Can you check?

@TSkaff ok, you should have received the cert and password, let me know if you can get logged in

@CCogdill_WMF cert and password sent, let me know if it works

this is done

@MNoorWMF ok, pw is sent, instructions are here: https://collab.wikimedia.org/wiki/Fundraising/Engineering/SSL_Client_Authentication

@MNoorWMF I use what is listed on: https://collab.wikimedia.org/wiki/Fundraising#Contact_List

@MNoorWMF I sent you a new cert on 11/13, can you check your mail from then?

@LeanneS thanks! Closing, but re-open if there are problems.

@jkim_wikimedia cleaning house, please re-open if you need help.

@CCogdill_WMF try now, new key is in place

@CCogdill_WMF if you still have your old ssh config, use that one. There is pretty much infinite variation to what it could look like so stick to what you are used to if possible.

See also: T133132 T131219 T147583

@Peachey88 thanks!

@CCogdill_WMF ok, we'll set you up with a new key.

@jgleeson this looks resolved based on how that chart renders now, please re-open if I'm mistaken

He should have the cert and password now

@CCogdill_WMF @Pcoombe what was the problem? I did create .my.cnf and test mysql login.

She has logged in now

@Jgreen figured this out, the root cert (is that the right term here?) had expired and not been replaced due to some puppet cruft. Wildly opaque and unhelpful nginx behavior. Good times.

@CCogdill_WMF @KHaggard ok these accounts are all set up, the next step would be ssh config: https://wikitech.wikimedia.org/wiki/Fundraising/tech/ssh_config

@CCogdill_WMF thanks, looks good, setting up the accounts now.

@KHaggard I show it as delivered to your number from: https://collab.wikimedia.org/wiki/Fundraising#Contact_List

Civi cert and password have been sent

@jkim_wikimedia any luck logging in?

@Ppena for Civi access I have enough information and have added it to my to-do list. She will receive the cert by email and the password by sms.

@KHaggard hi!

Date: Fri, 9 Nov 2018 15:54:36 -0800
From: Lisa Gruwell <lgruwell@wikimedia.org>
To: Casey Dentinger <cdentinger@wikimedia.org>
Subject: Re: Also frdev access for Katie Haggard

Date: Fri, 9 Nov 2018 15:54:22 -0800
From: Lisa Gruwell <lgruwell@wikimedia.org>
To: Casey Dentinger <cdentinger@wikimedia.org>
Subject: Re: Access to CiviCRM for Katie

@EBjune cleaning up my tasks, please reopen or find me on IRC if you need help logging in.

@EBjune thanks! You should have received the certificate via email and the password via SMS. Let me know if it works. I am cwd on IRC which is the easiest way to get a hold if you need real time help.

On Mon, Nov 5, 2018 at 9:47 AM Lisa Gruwell <lgruwell@wikimedia.org> wrote:

Removing ops, please re-add if we can help.

Removing ops, @jrobell @Pcoombe any advice on getting this contact info updated?

@EBjune - I am still waiting to hear from Lisa, her approval is required for all new accounts per: https://collab.wikimedia.org/wiki/Fundraising/Engineering/SSL_Client_Authentication

This has been automated to the point where this change is unnecessary.

@Jgreen points out is is mostly ops/SRE who gets paged. I wonder if devs on other teams get paged about anything? If not I'll abandon this idea. Not trying to set a new precedent.

@CCogdill_WMF did you have any luck getting signed in to Civi?

Yeah couldn't have put it better.

@jkim_wikimedia any luck?

I killed the parent process (13743 above) because it is just repeating:

I acked the alert because I can't kill the processes.

@Krenair I was just assuming GA, didn't know about all the options.

Thanks for the suggestions! I went with FreeOTP :)

Email sent to Lisa for sign off.

@DStrine I'm not sure if this is actionable by ops, could we get a hold of whoever manages the CPS contractors?

@jkim_wikimedia it looks like the file isn't there. I am not personally knowledgeable about Apple computers but I have edited the instructions to add the commands that would work in Linux, hopefully they are the same:

I accidentally commented on the file attachment

@jkim_wikimedia ok, you are all set up with a shell account on frdev1001 and mysql access.

@jkim_wikimedia thanks, I now have enough info to make the accounts and will find time in the next day or two.

@jkim_wikimedia thanks! As far as the public key I need the actual contents of the file which you can see by typing: