| hashar | |
| May 13 2015, 2:27 PM |
| F164545: antoine+2 | |
| May 13 2015, 8:15 PM |
| F100025: greg_approves.png | |
| May 13 2015, 8:03 PM |
Username: jzerebecki
Full name: Jan Zerebecki
I am requesting access to contint-admins for @JanZerebecki to be able to deploy changes to zuul and other contint servers. Hashar already added him to the "integration" group on gerrit so I am able to merge changes in integration/config, but not deploy them.
Jan is part of WMDE.
| Subject | Repo | Branch | Lines +/- | |
|---|---|---|---|---|
| Add Jan Zerebecki to contint-admins | operations/puppet | production | +1 -1 |
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | hashar | T98865 Grant Zuul deploy rights to Jan Zerebecki | |||
| Resolved | ArielGlenn | T98961 Requesting access to contint-admins for Jan Zerebecki |
Change 210692 had a related patch set uploaded (by Hashar):
Add Jan Zerebecki to contint-admins
Do you want Jan's manager in WMDE to sign off? (If they happen to be on phab too that would be nice)
@greg @Abraham : Jan has been very helpful on CI front as long as I can remember. He effectively maintain the WMDE Jenkins job following up on the path of @Addshore last year.
Granting him shell access and Zuul deployment power would speed up the deployment of CI configuration changes for the WMDE repositories.
https://wikitech.wikimedia.org/wiki/Requesting_shell_access#Escalating_Existing_Shell_Access - "Your manager approval is usually not required, as you've already been granted access to the cluster; the project lead of the cluster you request access to should sign off (if in doubt, ask the Ops_Clinic_Duty person for the week.)"
@JanZerebecki already has shell access for research, this is just adding more access to it. I think @hashar's approval would be probably be appropriate for CI access requests ("lead of the cluster you request access to"), but that's implied here anyway because he created the ticket.
In general I think we need to rethink the references to "manager" or "direct supervisor" on that page and change them so that it only applies to WMF staff/contractors (and potentially WMDE/other affiliates?)
Krenair, we will want some sort of vetting for wmde and for volunteers; we just have to figure out what that looks like. I'm taking greg's signoff as good anyways, now we just wait for the three days to be up.
Checked yesterday's meeting etherpad, the access requests section, i see 2 other requests but this one wasn't mentioned. Shouldn't it have been?
It should have been probably. So I guess it boils down to having this reviewing by ops using whatever internal process you are using.
done, based on previous approvals and comments that we were just waiting for the 3 days to be over.
on gallium:
Notice: /Stage[main]/Admin/Admin::Hashuser[jzerebecki]/Admin::User[jzerebecki]/File[/home/jzerebecki/.ssh/authorized_keys]/ensure: created
[gallium:~] $ id jzerebecki uid=2844(jzerebecki) gid=500(wikidev) groups=500(wikidev),719(contint-admins) .. [gallium:~] $ sudo cat /etc/sudoers.d/contint-admins # This file is managed by Puppet! %contint-admins ALL = (jenkins) NOPASSWD: ALL %contint-admins ALL = (jenkins-slave) NOPASSWD: ALL %contint-admins ALL = (gerritslave) NOPASSWD: ALL %contint-admins ALL = (zuul) NOPASSWD: ALL %contint-admins ALL = NOPASSWD: /etc/init.d/jenkins %contint-admins ALL = NOPASSWD: /etc/init.d/postgresql-8.4 %contint-admins ALL = (postgres) NOPASSWD: /usr/bin/psql
