[go: up one dir, main page]
Page MenuHomePhabricator
Create Task
Maniphest T338468

Requesting access to deployment shell group and nda LDAP for Superpes15
Closed, ResolvedPublicRequest
Actions

Description

Requestor provided information and prerequisites

  • Wikitech username: Superpes15 (ldap is superpes)
  • Email address: superpes15.itwiki@gmail.com
  • SSH public key (must be a separate key from Wikimedia cloud SSH access): ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJK0i21TsIz650lKc7SFharnLlbH3rXimyt+74ckKJ55 superpes15.itwiki@gmail.com
  • Requested group membership: deployment shell group / nda LDAP
  • Reason for access: I'd like to start a training, as suggested by @ArielGlenn on IRC, to deploy MediaWiki and config changes. @Urbanecm directed me to ask for the permission in the groups above.

I've signed the L3 Wikimedia Server Access Responsibilities document (but I never signed the WMF NDA).

In the first phase, I'll probably only need for the access to nda, while waiting to complete the training. Thanks!

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
  • - User has provided the following: wikitech username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - The provided SSH key has been confirmed out of band and is verified not being used in WMCS.
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

SubjectRepoBranchLines +/-
data.yaml: Add user superpes to deployment.operations/puppetproduction+11 -5
data.yaml: Add superpes as LDAP only users.operations/puppetproduction+4 -0
Customize query in gerrit

Event Timeline

Superpes15 created this task.Jun 8 2023, 2:26 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 8 2023, 2:26 PM
MatthewVernon added subscribers: Urbanecm_WMF, KFrancis, thcipriani, MatthewVernon.Jun 8 2023, 3:24 PM

@KFrancis can you arrange for an NDA for this person, please?

@ArielGlenn / @Urbanecm_WMF are you prepared to sponsor this request, please?

@thcipriani do you approve membership of the deployment group, please?

Restricted Application removed a subscriber: Urbanecm. · View Herald TranscriptJun 8 2023, 3:24 PM
MatthewVernon moved this task from Untriaged to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.Jun 8 2023, 3:25 PM
taavi subscribed.Jun 8 2023, 3:28 PM
This comment was removed by taavi.
taavi added a comment.Jun 8 2023, 3:30 PM

Is there any activity this Gerrit query does not see? In general I'd like to see deployers have experience with developing MediaWiki itself so they're familiar with it's internals (which helps reviewing patches and troubleshoot issues when things go wrong).

TheresNoTime subscribed.Jun 8 2023, 5:03 PM
Superpes15 added a comment.Jun 8 2023, 5:16 PM
In T338468#8914550, @taavi wrote:

Is there any activity this Gerrit query does not see? In general I'd like to see deployers have experience with developing MediaWiki itself so they're familiar with it's internals (which helps reviewing patches and troubleshoot issues when things go wrong).

Hi taavi, yes you're right, but my work here is mainly focused on config changes (actually, I didn't ask to be a deployer, but just to be able to start the training to deploy config changes). About your doubt on MW, I think to have a sufficient knowledge of the software and its dynamics/what generally goes wrong, as I work and test quite a lot on different local test wikis on my computer, even if in this field I'm not very active on gerrit, neither in reviewing other patches or make them myself, mainly due to time constraints - compatibly with my duties on wiki and in RL. I generally tend not to overdo, so I like to always ask for advice from others, my only goal here was to learn how to deploy - mainly config changes with possibility to extend to more in the future - and help out when needed :)

TheresNoTime added a comment.Jun 8 2023, 5:20 PM

Either way, no harm in signing up for some training while you wait :-)

KFrancis added a comment.Jun 8 2023, 5:24 PM

Hi all, I will need the volunteer's full name, mailing address, and email to process the NDA. Please send the following information to: kfrancis@wikimedia.org. Thank you!

Superpes15 added a comment.Jun 8 2023, 5:40 PM
In T338468#8915005, @TheresNoTime wrote:

Either way, no harm in signing up for some training while you wait :-)

Yep, this is actually my only purpose, and I need the permission for this (see the form - this explain why I created this task before asking for a training and only after reading the documents). After the training we'll see :)

In T338468#8915030, @KFrancis wrote:

Hi all, I will need the volunteer's full name, mailing address, and email to process the NDA. Please send the following information to: kfrancis@wikimedia.org. Thank you!

Done! I wrote via wikimail from my account linked to the e-mail address above. Thanks :)

Urbanecm_WMF added a comment.Jun 8 2023, 6:05 PM
In T338468#8915158, @Superpes15 wrote:
In T338468#8915005, @TheresNoTime wrote:

Either way, no harm in signing up for some training while you wait :-)

Yep, this is actually my only purpose, and I need the permission for this (see the form - this explain why I created this task before asking for a training and only after reading the documents). After the training we'll see :)

As Superpes said :). The goal here is to attend the training, which seems to require NDA on-file according to the form. I recommended Superpes to fill an access request to get past the NDA bit. That said, not sure what the process for that should be like (I assume @thcipriani will clarify :)).

In T338468#8914512, @MatthewVernon wrote:

@ArielGlenn / @Urbanecm_WMF are you prepared to sponsor this request, please?

See above -- the first goal here is to get to the training, and then we can go from there. Does that sound good @MatthewVernon?

KFrancis added a comment.Jun 8 2023, 8:12 PM

Thank you! The agreement has been sent for signatures. I'll confirm when it's complete.

KFrancis added a comment.Jun 8 2023, 8:38 PM

The NDA is complete. Please proceed with the access request.

Zabe subscribed.Jun 8 2023, 9:52 PM
thcipriani added a comment.Jun 9 2023, 2:13 AM
In T338468#8915689, @KFrancis wrote:

The NDA is complete. Please proceed with the access request.

Awesome!

In T338468#8914512, @MatthewVernon wrote:

@KFrancis can you arrange for an NDA for this person, please?

@ArielGlenn / @Urbanecm_WMF are you prepared to sponsor this request, please?

@thcipriani do you approve membership of the deployment group, please?

Now that @Superpes15 has NDA, they can attend a deployment training slot (note: use this form to set one up if you haven't coordinated with @ArielGlenn already).

After some training, we can get you deploying. Until then, let's hold this—is that fine @MatthewVernon ?

SLyngshede-WMF updated the task description. (Show Details)Jun 9 2023, 8:15 AM
SLyngshede-WMF added a subscriber: Urbanecm.
Restricted Application removed a subscriber: Urbanecm. · View Herald TranscriptJun 9 2023, 8:15 AM
SLyngshede-WMF subscribed.Jun 9 2023, 8:29 AM

User have been added to the LDAP NDA group, we're holding off processing the rest until after training.

Superpes15 added a comment.Jun 9 2023, 10:34 AM
In T338468#8916922, @thcipriani wrote:

Now that @Superpes15 has NDA, they can attend a deployment training slot (note: use this form to set one up if you haven't coordinated with @ArielGlenn already).

After some training, we can get you deploying. Until then, let's hold this

Yep, thanks, I'll plan a training :)

MoritzMuehlenhoff subscribed.Jun 13 2023, 7:13 AM
In T338468#8917166, @SLyngshede-WMF wrote:

User have been added to the LDAP NDA group, we're holding off processing the rest until after training.

This also needs an entry in data.yaml in puppet.git

gerritbot added a comment.Jun 13 2023, 7:25 AM

Change 929623 had a related patch set uploaded (by Slyngshede; author: Slyngshede):

[operations/puppet@production] data.yaml: Add user superpes to deployment.

https://gerrit.wikimedia.org/r/929623

gerritbot added a project: Patch-For-Review.Jun 13 2023, 7:25 AM
SLyngshede-WMF updated the task description. (Show Details)Jun 13 2023, 7:34 AM
SLyngshede-WMF added a subscriber: Urbanecm.
Restricted Application removed a subscriber: Urbanecm. · View Herald TranscriptJun 13 2023, 7:34 AM
MoritzMuehlenhoff added a comment.Jun 13 2023, 10:12 AM
In T338468#8926447, @MoritzMuehlenhoff wrote:
In T338468#8917166, @SLyngshede-WMF wrote:

User have been added to the LDAP NDA group, we're holding off processing the rest until after training.

This also needs an entry in data.yaml in puppet.git

The interim LDAP access needs a tracking entry I meant, it's currently alerting for a lack of it, see the mail sent root@

gerritbot added a comment.Jun 13 2023, 10:18 AM

Change 929672 had a related patch set uploaded (by Slyngshede; author: Slyngshede):

[operations/puppet@production] data.yaml: Add superpes as LDAP only user.

https://gerrit.wikimedia.org/r/929672

SLyngshede-WMF added a comment.Jun 13 2023, 10:22 AM

The interim LDAP access needs a tracking entry I meant, it's currently alerting for a lack of it, see the mail sent root@

Added a new patch, I'll rebase the original when merged.

gerritbot added a comment.Jun 13 2023, 10:27 AM

Change 929672 merged by Slyngshede:

[operations/puppet@production] data.yaml: Add superpes as LDAP only users.

https://gerrit.wikimedia.org/r/929672

ssingh updated the task description. (Show Details)Jun 19 2023, 5:03 PM
ssingh added a subscriber: Urbanecm.
Restricted Application removed a subscriber: Urbanecm. · View Herald TranscriptJun 19 2023, 5:03 PM
Dzahn subscribed.Jun 29 2023, 8:24 PM

@Superpes15 @SLyngshede-WMF @MatthewVernon If i read the ticket right then access to NDA is done and access to deployment is postponed for the future, after training. Can we close this as resolved and ask for a new ticket at a later time? That makes it easier for us to handle since handling these ticket is rotating between different people every week.

Dzahn assigned this task to MatthewVernon.Jun 29 2023, 8:55 PM
MatthewVernon added a comment.Jun 30 2023, 7:27 AM

I have no problem with that (but I was just the clinician when this ticket came in), if the other people you tagged are also happy with that approach.

SLyngshede-WMF added a comment.Jun 30 2023, 7:43 AM

No problem here either.

MatthewVernon closed this task as Resolved.Jun 30 2023, 10:20 AM
Dzahn awarded a token.Jun 30 2023, 12:51 PM
gerritbot added a comment.Jun 24 2024, 4:00 PM

Change #929623 abandoned by Slyngshede:

[operations/puppet@production] data.yaml: Add user superpes to deployment.

Reason:

T338468 Resolved

https://gerrit.wikimedia.org/r/929623

Maintenance_bot removed a project: Patch-For-Review.Jun 24 2024, 4:30 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits