Page MenuHomePhabricator
Create Task
Maniphest T406590

Requesting access to 'restricted' for neslihanturan
Closed, ResolvedPublic
Actions

Description

Requestor provided information and prerequisites

Complete ALL items below as the individual person who is requesting access:

  • Wikimedia developer account username: neslihanturan
  • Email address: neslihan.turan@wikimedia.de
  • SSH public key (must be a separate key from Wikimedia cloud SSH access):

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB4bZ0rHL3fE0Oo6DkrESNV9X0dSH/85XToTyYA3cpjpOD650/kZgcSphma/1Kt+AnOgOfpDiX1w8nF2jRuukpot47Fh4DwgwWCe39sBScNsaPnhWzuYpAR8umt2ptzGNMqwt1Z45zizG4yoquM1Aan79QLocgm661g/4fkzteVcQNg9JXXj7dqY9Jiw/pY1LWrdZ1cR8/plEO5NMBOccaNRczYmgitg0R3O78+BL/H3PK8kaw5tlhLKCJxZBtjcnwr0zI6gjHw2YuB4ccurTjSLJJmsS2zJ0F7CUSTgNuFKX4WwSCMs94C/SF9uxPjDBMcmHJyCNKibhH77MRHMVUvVYD4tzOw3MIShrLpbCbCffeZ9+BA7C3sEnCLI1WcJoMkJt3y9+PPOmAyrMGQ/GeQsMol4Khel9WYggLZZsD+yi0hQgYK/IiwVTG8uN8OJ5xJuJDi16yXSeLqvWHutbmbZWJgrCzW8sgjHtrOP9Ra082EMjtDVn7zNbfWaieCpOf/34clLqBnWkbIalK/gMmCllxYwfc4jXEtnW5uF8fU12su+cYkWjiQzuOz9TI6eXc6Jj6hxfYXbYKkTb3b72p3/NaLWQ2GnB354iUAqIYR+2TuILPtdS5UGVk6MgSGmwS6w0c8VApfO7CP06TcdDOyjsJVWWt+Lt70vPKq3xr+Q== cardno:20_560_913

  • Requested group membership: restricted
  • Reason for access:I will be working on adding Wikidata support to new wikis (See documentation 1, 2 and example ticket T376575 ). This involves running maintenance scripts on production servers.This requires restricted LDAP group membership.
  • Name of approving party (manager for WMF/WMDE staff): @WMDECyn
  • Ensure you have signed the L3 Wikimedia Server Access Responsibilities document: Yes
  • Please coordinate obtaining a comment of approval on this task from the approving party.

SRE Clinic Duty Confirmation Checklist for Access Requests

This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.

This section is to be confirmed and completed by a member of the SRE team.

  • - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
  • - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
  • - User has provided the following: developer account username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
  • - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
  • - The provided SSH key has been confirmed out of band
  • - The provided SSH key is verified not being used in WMCS.
  • - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
  • - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml

For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
admin: Add neslihanturan to restrictedoperations/puppetproduction+3 -2
admin: add SSH key and restricted group membership for neslihanturanoperations/puppetproduction+3 -2
Customize query in gerrit

Related Objects

Event Timeline

Neslihan_Turan_WMDE created this task.Oct 7 2025, 2:02 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 7 2025, 2:02 PM
WMDECyn added a comment.Oct 8 2025, 5:52 AM

Approved from WMDE side

MoritzMuehlenhoff added subscribers: thcipriani, MoritzMuehlenhoff.Oct 10 2025, 7:16 AM

@thcipriani Ths needs your approval

jijiki changed the task status from Open to In Progress.Oct 16 2025, 9:05 AM
jijiki assigned this task to thcipriani.
thcipriani removed thcipriani as the assignee of this task.Oct 16 2025, 9:14 AM

Approved from my side, sorry for delay.

Ladsgroup updated the task description. (Show Details)Oct 17 2025, 11:28 AM
Ladsgroup updated the task description. (Show Details)Oct 17 2025, 11:31 AM
gerritbot added a comment.Oct 17 2025, 11:43 AM

Change #1196894 had a related patch set uploaded (by Ladsgroup; author: Amir Sarabadani):

[operations/puppet@production] admin: Add neslihanturan to restricted

https://gerrit.wikimedia.org/r/1196894

gerritbot added a project: Patch-For-Review.Oct 17 2025, 11:43 AM
Ladsgroup subscribed.Oct 17 2025, 1:39 PM

Pinged the user out of band for confirmation of the ssh key.

Raine subscribed.Oct 20 2025, 2:20 PM
Raine moved this task from Untriaged to Awaiting User Input on the SRE-Access-Requests board.Oct 23 2025, 2:41 PM
Dzahn subscribed.Oct 27 2025, 8:52 PM

Hi @Neslihan_Turan_WMDE

I took over access requests for this week. We can do the SSH key confirmation to move this forward. Unless you have already done that meanwhile?

Dzahn changed the task status from In Progress to Stalled.Oct 27 2025, 8:53 PM
Dzahn assigned this task to Neslihan_Turan_WMDE.Oct 27 2025, 9:09 PM
Neslihan_Turan_WMDE added a comment.EditedOct 28 2025, 11:59 AM

Hi, sorry for the delay. I had a problem accessing Slack but now I managed to sent my public key to Amir. My public key is already written here on the ticket so I am not sure if I understand the task correctly. Could you elaborate more what I need to do for the process to continue @Dzahn ? If you need me sending my public key to you, which channel do you prefer?

Ladsgroup added a comment.Oct 28 2025, 3:11 PM
In T406590#11318342, @Neslihan_Turan_WMDE wrote:

Hi, sorry for the delay. I had a problem accessing Slack but now I managed to sent my public key to Amir. My public key is already written here on the ticket so I am not sure if I understand the task correctly. Could you elaborate more what I need to do for the process to continue @Dzahn ? If you need me sending my public key to you, which channel do you prefer?

This is called out of band confirmation to protect against social engineering.

Ladsgroup added a comment.Oct 28 2025, 3:12 PM

I confirmed the key out of band.

Ladsgroup updated the task description. (Show Details)Oct 28 2025, 3:12 PM
Dzahn removed Neslihan_Turan_WMDE as the assignee of this task.Oct 28 2025, 5:13 PM

Thank you for taking care of that, Ladsgroup!

Dzahn changed the task status from Stalled to In Progress.Oct 28 2025, 5:13 PM
Dzahn updated the task description. (Show Details)Oct 28 2025, 6:17 PM
gerritbot added a comment.Oct 28 2025, 6:21 PM

Change #1199484 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/puppet@production] admin: add SSH key and restricted group membership for neslihanturan

https://gerrit.wikimedia.org/r/1199484

Dzahn moved this task from Awaiting User Input to Patch in Review on the SRE-Access-Requests board.Oct 28 2025, 6:22 PM
gerritbot added a comment.Oct 28 2025, 6:51 PM

Change #1199484 merged by Dzahn:

[operations/puppet@production] admin: add SSH key and restricted group membership for neslihanturan

https://gerrit.wikimedia.org/r/1199484

Dzahn added a comment.Oct 28 2025, 7:15 PM

@Neslihan_Turan_WMDE Your user has just been created on the deployment server now. You have the access. Do you need any other info how to configure SSH and things like that? Or are you ok just copying from an existing colleague at WMDE? Let us know. Cheers, Daniel

Dzahn closed this task as Resolved.Oct 28 2025, 7:15 PM
Dzahn claimed this task.
deploy1003:~] $ id neslihanturan
uid=17901(neslihanturan) gid=500(wikidev) groups=500(wikidev),706(restricted),714(airflow-deployers)
gerritbot added a comment.Fri, Nov 28, 11:31 AM

Change #1196894 abandoned by Ladsgroup:

[operations/puppet@production] admin: Add neslihanturan to restricted

Reason:

Done already

https://gerrit.wikimedia.org/r/1196894

Maintenance_bot removed a project: Patch-For-Review.Fri, Nov 28, 12:31 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits