Request to add mnz to analytics-research-admins
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	MunizaA
	Jun 17 2024, 2:12 PM

Description

Requestor provided information and prerequisites

Complete ALL items below as the individual person who is requesting access:

Wikimedia developer account username: Muniza
Email address: maslam-ctr@wikimedia.org
SSH public key (must be a separate key from Wikimedia cloud SSH access): ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZiBjvl5o40Ile7UjKq2OrMczkHMA4L6Md/6z+llKnY mnz@wlt
Requested group membership: analytics-research-admins
Reason for access: To deploy DAGs on Research team's airflow instance hosted on an-airflow1002.eqiad.wmnet
Name of approving party (manager for WMF/WMDE staff): @XiaoXiao-WMF
Ensure you have signed the L3 Wikimedia Server Access Responsibilities document: Done
Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

- User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
- User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
- User has provided the following: developer account username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
- User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
- ~~The provided SSH key has been confirmed out of band and is verified not being used in WMCS.~~ [not needed, already on file]
- access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
- access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

	Subject	Repo	Branch	Lines +/-
	admin: fix email and realname for user mnz	operations/puppet	production	+2 -2
	admin: add user mnz to analytics-research-admins	operations/puppet	production	+1 -1

Customize query in gerrit

Related Objects

Mentioned In: T368435: add approvers to analytics-research-admins

Event Timeline

MunizaA created this task.Jun 17 2024, 2:12 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 17 2024, 2:12 PM

Maintenance_bot added a project: SRE.Jun 17 2024, 2:29 PM

Hi @MunizaA no problem, but we'll need a few more things from you for that.

Could you please use the template linked from https://wikitech.wikimedia.org/wiki/SRE/Production_access#Filing_the_request and fill it out ?

Direct link: https://phabricator.wikimedia.org/maniphest/task/edit/form/8/

You can either copy/paste into this ticket or make a new one.

Then the next steps will be creating an SSH key and signing the access agreement. Here are the details:

https://wikitech.wikimedia.org/wiki/SRE/Production_access#Signing_the_agreement

@gmodena @fkaelin You are the existing members of the group requested. But unlike other groups this group doesn't have a formal list of approvers yet that we would normally ask for approval. Do you think we could define such a list for the future?

Also, do you confirm this request is legit? I think we need approval from the "project lead" in this case.

Dzahn moved this task from Untriaged to Awaiting User Input on the SRE-Access-Requests board.Jun 18 2024, 9:05 PM

I confirm that this request is legit, also adding @XiaoXiao-WMF as manager.

As for an approvers list, please add myself and @XiaoXiao-WMF (assuming your access is setup).

MunizaA updated the task description. (Show Details)Jun 19 2024, 8:02 PM

kamila updated the task description. (Show Details)Jun 21 2024, 12:32 PM

@KFrancis can you please make sure @MunizaA's NDA is signed? Thank you!

kamila moved this task from Awaiting User Input to Manager/NDA Approval/Confirmation on the SRE-Access-Requests board.Jun 21 2024, 12:56 PM

In T367757#9913302, @kamila wrote:

@KFrancis can you please make sure @MunizaA's NDA is signed? Thank you!

There's no need for this, Muniza is a WMF contractor and the NDA is part of the work contract.

Do we have an estimate of when this access can be given to Muniza?
My understanding is that we are sort of blocked by this access, if it can be resolved sooner that would be appreciated. Thanks!

In T367757#9905191, @Dzahn wrote:

Then the next steps will be creating an SSH key and signing the access agreement. Here are the details:

This isn't needed, there is already existing shell access for the mnz user.

In T367757#9917976, @MoritzMuehlenhoff wrote:

In T367757#9913302, @kamila wrote:

@KFrancis can you please make sure @MunizaA's NDA is signed? Thank you!

There's no need for this, Muniza is a WMF contractor and the NDA is part of the work contract.

Correct, I am confirming there is an NDA on file. Thanks!

Change #1049236 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] admin: add user mnz to analytics-research-admins

https://gerrit.wikimedia.org/r/1049236

gerritbot added a project: Patch-For-Review.Jun 24 2024, 4:53 PM

In T367757#9918194, @MoritzMuehlenhoff wrote:

This isn't needed, there is already existing shell access for the mnz user.

Who is approving when a group doesn't have group approvers? Is it sufficient to ask one of the existing group members?

Change #1049239 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] admin: add approvers to group analytics-research-admins

https://gerrit.wikimedia.org/r/1049239

In T367757#9907306, @fkaelin wrote:

As for an approvers list, please add myself and @XiaoXiao-WMF (assuming your access is setup).

Thanks, I uploaded https://gerrit.wikimedia.org/r/c/operations/puppet/+/1049239

In T367757#9918074, @XiaoXiao-WMF wrote:

Do we have an estimate of when this access can be given to Muniza?

I'll take this as manager approval which unblocked the request. Also, adding group approvers as above should speed this up in the future.

With that my estimate is now today.

kamila updated the task description. (Show Details)Jun 24 2024, 5:30 PM

Change #1049250 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] admin: fix email and realname for user mnz

https://gerrit.wikimedia.org/r/1049250

Change #1049236 merged by Dzahn:

[operations/puppet@production] admin: add user mnz to analytics-research-admins

https://gerrit.wikimedia.org/r/1049236

The user has been created on an-airflow1002, the host that has the research airflow role applied. This is resolved.

[an-airflow1002:~] $ id mnz
uid=32084(mnz) gid=500(wikidev) groups=500(wikidev),732(analytics-admins)

Will follow-up with adding the approvers and fixing the email address and real name associated.

Change #1049250 merged by Dzahn: