Access is requested for Rosie Lewis to frdev1001 to access the donation database, for tracking major gifts and endowment appeals. Rosie already has a Yubikey, but this is a new access request and needs C-level authorization.
==== [x] user_verification ====
Requires: user request
[x] access_rights: letter to C level (currently Lisa) verifing grant of access
[x] account name/contact info: verify on https://collab.wikimedia.org/wiki/Fundraising#Contact_List
=== Accounts and Services ===
==== [x] user account ====
Requires: user_verification
[x] Add the user to the users.yaml and group_members.yaml files as appropriate.
[x] Push out puppet changes.
==== [ ] yubikey ====
Requires: useraccount and OIT request to send out yubikey to user
[x] physical: Make a request to OIT to have a key sent to the user
[x] account_setup: Get public side and add to puppet-private/manifests/passwords/yubico.pp
[ ] follow_on: Make sure user can use yubikey for ssh access
==== [ ] ssh ====
Requires: useraccount and yubikey
[x] key_setup: Send template/docs for generating keypair and ~/.ssh/config file
[ x account_setup: Get public side and add to puppet-private/secrets/ssh/default/$username
[ ] follow_on: Verify user can ssh to frdev1001 using correct creds and passphrases when needed.
==== [ ] mysql ====
Requires: useraccount, yubikey, ssh
[ ] account_setup
[ ] Add user account to mysql on appropriate master host with random password.
[ ] Grab password hash from mysql.
[ ] Create user block in grants file
[ ] Ensure user is in correct blocks for select rights on dbs.
- Generally use another user in same group as a guide
[ ] Run the grant script to get the grants.
[ ] Copy/paste to execute the grants
[ ] Create the user a ~/.my.cnf file with the original password from account creation.
[ ] follow_on: Verify user can ssh to database host and log in to mysql.