07a03cd add cstone secrets
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Dec 17 2018
36e3166 add cstone user
Thanks everyone, inspiring to see the commitment to donor privacy in action.
Dec 13 2018
Dec 12 2018
@Pcoombe can we get contact/employment info for @Jksamra updated on https://collab.wikimedia.org/wiki/Fundraising#Contact_List ?
Dec 11 2018
@Dzahn yep looks good now! Thanks :)
@Dzahn it goes back as far as current syslog, I'll dig back and see when it started. Fwiw I can telnet to 208.80.154.84 5667 and it works, but 208.80.153.74 says Connection Refused. iptables&pfw both look to be open.
Dec 10 2018
Dec 6 2018
She got into Civi, we are awaiting the Yubikey for shell stuff.
This is fine for now.
Dec 4 2018
From: Lisa Gruwell <lgruwell@wikimedia.org> Date: Mon, 3 Dec 2018 14:57:51 -0800 Subject: Re: New employee access request To: Casey Dentinger <cdentinger@wikimedia.org>
Dec 3 2018
@Jksamra cleaning house, re-open if you have trouble logging in
Nov 29 2018
@TSkaff cleaning house, re-open if you are still having trouble
@spatton cleaning house, re-open if you are still having trouble
@Jksamra there are now 2 files in your home directory on frdev1001, jsamra.p12 (the encrypted certificate) and jsamra.pw (the password to decrypt the cert). Let me know if you need a hand retrieving/installing
Nov 28 2018
Nasty. Can you try removing/re-adding the cert?
@CCogdill_WMF hrm, I think this is a keychain problem based on: https://www.nicksherlock.com/2017/09/fixing-err_ssl_client_auth_signature_failed-on-macos/
Nov 27 2018
@Jksamra you should, collab is actually meant for contractor access, but at the moment I'm not sure who admins access to that wiki...
@spatton my mistake, I forgot you have an account on frdev1001, so that is where your cert and password are located. Hit me up on IRC if you need help retrieving them.
@Jksamra sure, we can get you set up. Can you update your contact info on here? https://collab.wikimedia.org/wiki/Fundraising#Contact_List
@spatton you should have received a new one on or around 10/22 via email, and the password via SMS. Can you check?
@TSkaff ok, you should have received the cert and password, let me know if you can get logged in
@CCogdill_WMF cert and password sent, let me know if it works
this is done
Nov 21 2018
@MNoorWMF ok, pw is sent, instructions are here: https://collab.wikimedia.org/wiki/Fundraising/Engineering/SSL_Client_Authentication
@MNoorWMF I use what is listed on: https://collab.wikimedia.org/wiki/Fundraising#Contact_List
Nov 20 2018
@MNoorWMF I sent you a new cert on 11/13, can you check your mail from then?
@LeanneS thanks! Closing, but re-open if there are problems.
@jkim_wikimedia cleaning house, please re-open if you need help.
@CCogdill_WMF try now, new key is in place
Nov 19 2018
@CCogdill_WMF if you still have your old ssh config, use that one. There is pretty much infinite variation to what it could look like so stick to what you are used to if possible.
@Peachey88 thanks!
@CCogdill_WMF ok, we'll set you up with a new key.
@jgleeson this looks resolved based on how that chart renders now, please re-open if I'm mistaken
Nov 16 2018
He should have the cert and password now
Nov 15 2018
@CCogdill_WMF @Pcoombe what was the problem? I did create .my.cnf and test mysql login.
She has logged in now
Nov 14 2018
@Jgreen figured this out, the root cert (is that the right term here?) had expired and not been replaced due to some puppet cruft. Wildly opaque and unhelpful nginx behavior. Good times.
@CCogdill_WMF @KHaggard ok these accounts are all set up, the next step would be ssh config: https://wikitech.wikimedia.org/wiki/Fundraising/tech/ssh_config
c59e853 add khaggard ssh key, yubikey, and mysql grants
8500d98 add khaggard shell account
Nov 13 2018
@CCogdill_WMF thanks, looks good, setting up the accounts now.
@KHaggard I show it as delivered to your number from: https://collab.wikimedia.org/wiki/Fundraising#Contact_List
Civi cert and password have been sent
@jkim_wikimedia any luck logging in?
Nov 12 2018
@Ppena for Civi access I have enough information and have added it to my to-do list. She will receive the cert by email and the password by sms.
@KHaggard hi!
Date: Fri, 9 Nov 2018 15:54:36 -0800
From: Lisa Gruwell <lgruwell@wikimedia.org>
To: Casey Dentinger <cdentinger@wikimedia.org>
Subject: Re: Also frdev access for Katie Haggard
Date: Fri, 9 Nov 2018 15:54:22 -0800
From: Lisa Gruwell <lgruwell@wikimedia.org>
To: Casey Dentinger <cdentinger@wikimedia.org>
Subject: Re: Access to CiviCRM for Katie
Nov 9 2018
@EBjune cleaning up my tasks, please reopen or find me on IRC if you need help logging in.
Nov 5 2018
@EBjune thanks! You should have received the certificate via email and the password via SMS. Let me know if it works. I am cwd on IRC which is the easiest way to get a hold if you need real time help.
On Mon, Nov 5, 2018 at 9:47 AM Lisa Gruwell <lgruwell@wikimedia.org> wrote:
Removing ops, please re-add if we can help.
@EBjune - I am still waiting to hear from Lisa, her approval is required for all new accounts per: https://collab.wikimedia.org/wiki/Fundraising/Engineering/SSL_Client_Authentication
Nov 1 2018
This has been automated to the point where this change is unnecessary.
@Jgreen points out is is mostly ops/SRE who gets paged. I wonder if devs on other teams get paged about anything? If not I'll abandon this idea. Not trying to set a new precedent.
@CCogdill_WMF did you have any luck getting signed in to Civi?
Oct 30 2018
Yeah couldn't have put it better.
@jkim_wikimedia any luck?
I killed the parent process (13743 above) because it is just repeating:
I acked the alert because I can't kill the processes.
Oct 29 2018
Oct 26 2018
@Krenair I was just assuming GA, didn't know about all the options.
Thanks for the suggestions! I went with FreeOTP :)
Oct 25 2018
Email sent to Lisa for sign off.
Oct 24 2018
Oct 19 2018
@DStrine I'm not sure if this is actionable by ops, could we get a hold of whoever manages the CPS contractors?
@jkim_wikimedia it looks like the file isn't there. I am not personally knowledgeable about Apple computers but I have edited the instructions to add the commands that would work in Linux, hopefully they are the same:
I accidentally commented on the file attachment
Oct 18 2018
[frack::puppet::private] 527140c add iptables/pfw rules for icinga1001
@jkim_wikimedia ok, you are all set up with a shell account on frdev1001 and mysql access.
[frack::puppet] b856bf6 add jkim user
[frack::puppet::private] 35f24cf add jkim user
Oct 15 2018
@jkim_wikimedia thanks, I now have enough info to make the accounts and will find time in the next day or two.
@jkim_wikimedia thanks! As far as the public key I need the actual contents of the file which you can see by typing: