Jump to content

Fundraising/techops/procedures/users-new user checklist

From Wikitech
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

New User Procedure / Checklist

When adding a new user to the fundraising / fr-tech ecosystem, we have a set of places where we need to create accounts and access.

Prerequisites

Before we can take any action to add a user, we need to verify that they are authorized to have such access. This requires confirmation from their manager and approval from the C level that access is approved.

[ ] user_verification

   Requires: user request
   [ ] access_rights: letter to C level (currently Lisa) verifying grant of access
   [ ] account name/contact info: verify on https://collab.wikimedia.org/wiki/Fundraising#Contact_List
   [ ] (if not advancement) add to okta notify list: create ITS ticket for adding to fr-tech okta notification list

Accounts and Services

[ ] client_ssl_cert

   Requires: user_verification
   [ ] cert_setup: generate cert on frpm1001 using ssl_user_admin
   [ ] account_setup: sms the user the password for the key
   [ ] follow_on: assist with certificate installation

[ ] civicrm

   Requires: client_ssl_cert
   [ ] account_setup: Create user account. This will notify the user via email to update their password.
   [ ] follow_on: Verify user can log in to https://civicrm.wikimedia.org

[ ] superset

   Requires: client_ssl_cert
   [ ] account_setup: Create user account. Notify the user of their account name and password.
   [ ] follow_on: Verify user can log in to https://analytics.frdev.wikimedia.org
   [ ] archive_access: Add to google drive archive group. https://drive.google.com/drive/folders/0ADWGPlZtksGdUk9PVA

[ ] user account

   Requires: user_verification
   [ ] Add the user to the users.yaml and group_members.yaml files as appropriate.
   [ ] Push out puppet changes.

[ ] yubikey

   Requires: useraccount and ITS request to send out yubikey to user
   [ ] physical: Make a request to ITS to have a key sent to the user
   [ ] account_setup: Get public side and add to puppet-private/manifests/passwords/yubico.pp
   [ ] follow_on: Make sure user can use yubikey for ssh access

[ ] ssh

   Requires: useraccount and yubikey
   [ ] key_setup: Send template/docs for generating keypair and ~/.ssh/config file
   [ ] account_setup: Get public side and add to puppet-private/secrets/ssh/default/$username
   [ ] follow_on: Verify user can ssh using correct creds and passphrases when needed.

[ ] mysql

   Requires: useraccount, yubikey, ssh
   [ ] account_setup
       [ ] Create user block in ~/puppet-private/secrets/mysql_grants/fundraising_qa
       [ ] Ensure user is in correct blocks for select rights on dbs.
           - Generally use another user in same group as a guide
       [ ] Run the grant script to get the grants.
       [ ] Copy/paste to execute the grants on appropriate dbs.
       [ ] Create the user a ~/.my.cnf file with the original password from account creation.
   [ ] follow_on: Verify user can ssh to the required host and log in to mysql.

[ ] jupyter

   Requires: useraccount, yubikey, ssh
   [ ] account_setup
       [ ] Add user port mapping in hieradata/hostname/fran1001.yaml
       [ ] Add user password hash in manifests/passwords/jupyter.pp
       [ ] Provide user with necessary ssh port forwarding config and password
   [ ] follow_on: Verify user can log in to fran1001 and connect to instance

[ ] Repository reviewer

   [ ] Add to the necessary fundraising repos to be notified as a reviewer: https://www.mediawiki.org/wiki/Git/Reviewers
Retrieved from "https://wikitech.wikimedia.org/w/index.php?title=Fundraising/techops/procedures/users-new_user_checklist&oldid=2093788"