Yea, i think the only part missing here is that you (guys) confirm if it works. The "login on web UI and see if you can ACK / leave a comment / schedule a downtime" for checks with the wikidata contacts. We can go through it together on IRC if you like.

I see that T190327 is closed meanwhile. Did it actually become easy now? :)

The comments from T201668#4503338 and following also apply to this ticket. The user_password field is not populated in the DB yet.

Hi @RStallman-legalteam here's another WMDE engineer who needs an NDA signed.

Ok, so let's first have the 2 users (also see T201667) confirm they set their intial password. Maybe that already changes things.

@Jalexander Can we just let her create a normal user (as anon) and not worry about the "(WMF)" part on wikitech? There aren't many users with (WMF) in here and i think that should solve the issue.

on DB level i can see these differences:

@Krenair this would confirm my suspicion. thank you. it looks like that might not work with LDAP integration.

@Jalexander I was able to go directly to the wikitech wiki database and look in the user table and i see both of the users you created.. with their email addresses. but they are not in LDAP.. also searching by email. it's almost as if your method to create the user for somebody else only created a local user. will have to keep debugging this..

This is a bit strange, i can't find a user "karen" nor any user with email kbrown_at_wikimedia.org in LDAP but i can see how you created it in wiki.

• added to https://phabricator.wikimedia.org/project/members/974/ and then https://phabricator.wikimedia.org/project/members/61/ for access to "WMF-NDA" Phabricator tickets

We have tested and confirmed access to bast1002 works.

@jijiki created her own user with https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/452685/

Done. @mepps You have been added to security@wikimedia.org now.

@JanWMF Do you approve of this request?

Hi @PEarleyWMF @Jalexander Could you please create a user on Wikitech/LDAP (https://wikitech.wikimedia.org/w/index.php?title=Special:CreateAccount&returnto=Main+Page) and let us know which user name you picked?

Note that "kbrown" is a username already taken in LDAP and it's KEVIN Brown, not Karen.

now on Icinga

@thcipriani resolved?

we have not heard from this user yet. We still need them to: sign L3, create a wikitech user and provide us with a SSH key to be able to move forward with their access requests. Can you ping them or provide email addresses / make them sign up on Phabricator?

we have not heard from this user yet. We still need them to: sign L3, create a wikitech user and provide us with a SSH key to be able to move forward with their access requests. Can you ping them or provide email addresses / make them sign up on Phabricator?

we have not heard from this user yet. We still need them to: sign L3, create a wikitech user and provide us with a SSH key to be able to move forward with their access requests. Can you ping them or provide email addresses / make them sign up on Phabricator?

@Rossi.dario.g Please create a wikitech user at https://wikitech.wikimedia.org/w/index.php?title=Special:CreateAccount&returnto=Main+Page and let us know when done. It's a prerequisite for us creating the production shell access user. Thank you

Since Birgit is already in the "nda" group this should also give her access to grafana.

added to "nda" -> https://tools.wmflabs.org/ldap/user/lea-wmde

Well, if access to grafana requires an NDA and signing an NDA means being added to the group called "nda" and that group gives access to grafana.. then i don't know what grafana-admin would be used for.

I wasn't aware of any group called "grafana-admin". Apparently there is one though (with just 4 users in it??)

I wasn't aware of any group called "grafana-admin". Apparently there is one though (with just 4 users in it??)

Lea has been added to the "wmde" LDAP group in the linked subtask.

done. Lea has been added to "wmde" as well.

I was able to find @Lea_WMDE's username by searching LDAP for the email address like so:

This request has been neither approved nor denied but set to "needs more discussion" in SRE meeting.

• approved in SRE meeting

Are "feature, coming soon" and "priority: lowest" contradicting each other?

I'll be bold and decline it. Please reopen if you think otherwise and still want a new instance or help with it. (You should be able to create one yourself in another project and the exiting project is gone).

only 6 R320s left today: acamar.wikimedia.org,achernar.wikimedia.org,baham.wikimedia.org,bast2001.wikimedia.org,heze.codfw.wmnet,labservices1002.wikimedia.org

baham is done: Installed version: 2.4.2

There are 2 of them CRIT again since a while.

There are Icinga alerts for DNS and Gridmaster:

I see "racadm getsel" has been cleared and does not show an error anymore. I will re-add bast1002 to smokeping (https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/450870/).

In T185504#4145176, @ema wrote:

We've had the following Icinga UNKNOWN on netmon2001

I fixed replication between netmon1002 and netmon2001.

alert1001 because the puppet role it uses is called "alerting_host", for the reasons Jaime mentioned above and to avoid a specific software name that might change while having the same role.

Note that we already have:

Subtask to setup backups is now resolved. Incl. testing restore of files from Bacula console back to both netmon servers and dropping the psql database for netbox and then restoring it from one of the dump files.

I also tested actual restore of the database: