Description
Requestor provided information and prerequisites
This section is to be completed by the individual requesting access.
- Wikitech username: @skyenet
- Email address: skye.berghel@tmlt.io (primary), sberghel@gmail.com (secondary)
- SSH public key (must be a separate key from Wikimedia cloud SSH access): ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFR6HVVjTuiJM6r8Zl12+41Pef80nk/zhchCW3mTzoMx skye@Neikos.local
- Requested group membership: ; I will also need access to the LDAP group and Kerberos credentials
- Reason for access: I am one of the employees at Tumult Labs who will be working with the Wikimedia Foundation on differential privacy
- Name of approving party (manager for WMF/WMDE staff): @JBennett
- Ensure you have signed the L3 Wikimedia Server Access Responsibilities document:
- Please coordinate obtaining a comment of approval on this task from the approving party.
SRE Clinic Duty Confirmation Checklist for Access Requests
This checklist should be used on all access requests to ensure that all steps are covered, including expansion to existing access. Please double check the step has been completed before checking it off.
This section is to be confirmed and completed by a member of the SRE team.
- - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
- - User has a valid NDA on file with WMF legal. (All WMF Staff/Contractor hiring are covered by NDA. Other users can be validated via the NDA tracking sheet)
- - User has provided the following: wikitech username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform)
- - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not shared with any other service (this includes not sharing with WMCS access, no shared keys.)
- - access request (or expansion) has sign off of WMF sponsor/manager (sponsor for volunteers, manager for wmf staff)
- - access request (or expansion) has sign off of group approver indicated by the approval field in data.yaml
For additional details regarding access request requirements, please see https://wikitech.wikimedia.org/wiki/Requesting_shell_access
Details
| Subject | Author | Repo | Branch | Lines +/- | |
|---|---|---|---|---|---|
| admin: add skyenet, krb & analytics-privatedata-users | MVernon | operations/puppet | production | +12 -1 |
Event Timeline
Hi SRE team! Just a couple of clarifications here — the approving party is actually @JBennett, rather than myself.
With regard to the NDA and SAR forms, the confidentiality and access responsibilities of employees from Tumult Labs is actually covered by the MSA that WMF and Tumult both signed, meaning that separate and individual NDAs are not needed in this instance. I don't know all of the legal minutiae, but I got the sign off for this arrangement from Jane Connor from T&S/Legal yesterday (11 Feb). Let me know if you have any questions, and thanks!
Approved. I believe since this is not a WMF employee, we'll need an expiry date to put on the account. It can always be extended later if needed.
I believe the expiry should be roughly 6 months from now — let's say (for the moment, at least) 31 August 2022.
The expiry date will be whenever the contract ends. You should check this with whoever signed it.
@RhinosF1 just checked, the expiry date is 13 September 2022
In T301581#7705703, @RhinosF1 wrote:SRE will be able to check on their tracking sheets or confirm with legal. No need to worry but thanks for being super clear :)
@Htriedman The contractors do NOT seem to appear on the Google doc "NDA and MOU: Volunteer accounts with Server and LDAP-level access". That is where Legal adds them and SRE checks if they have one.
Update: they should all be in the NDA and MOU document now
I have signed the L3 acknowledgment form.
Change 765280 had a related patch set uploaded (by MVernon; author: MVernon):
[operations/puppet@production] admin: add skyenet, krb & analytics-privatedata-users
Change 765280 merged by MVernon:
[operations/puppet@production] admin: add skyenet, krb & analytics-privatedata-users