Pangeo Access for 2i2c Engineers #136
Comments
sgibson91
added
🏷️ team-process
Task
|
I have added the |
|
@rabernat is it realistic for all 2i2c team members to get a columbia.edu account? and more generally, can we think of any creative ways around this limitation? As a one-off I think it's fine, but if we will need to create university-specific accounts for each university we work with, that will be super not-scalable. |
Might not be the most elegant solution, but if we have to create a university specific account to access cloud resources, I wonder if it could be something like Ultimately I think whether we come across this again, it will need to be a discussion to assess each university's risk towards giving non-domain/2i2c.org accounts access. This discussion should be a part of the scoping process before we agree to take on the project/a contract, since a uni's proposed solution may not be within the limits we are able to flex to. |
100% - basically, the more "contract-specific" stuff we have to do, the more work it'll be for us, so we will need to make stronger considerations about the contract sustainability. |
Not elegant but enough practical, IMHO. |
|
I think this may actually be a blocker for the deploying a cluster now 2i2c-org/infrastructure#488 (comment) |
|
Based on the info I needed to provide them to get my id, I am skeptical that Columbia will provide an account that can be shared among us. But let's ask for that, and if not let's start the process of each of us getting an id? |
|
Hey all - per our recent discussions, are we still planning to get access for all 2i2c team members on this infrastructure? Can we update the checklist above with next steps so we know what's left? Also I'm going to move this one to the Development Backlog since it's more like a multi-week improvement rather than a 2-3 day improvement. |
Columbia will definitely not do that. 😞 Each UNI must be linked to a specific individual. However, the time cost of creating these "contractor" UNIs is very low. (There is no financial cost.) So I am happy to help create as many as needed. Yuvi and Sarah have been through the process already and can explain exactly what is needed. |
|
I had to provide a scan of my passport and I got the UNI the next day. The headache is not getting one, it's managing the different logins to get our shared Terraform state and such. But the note in this section of the docs describes a workaround for that. |
|
@damianavila @GeorgianaElena @choldgraf can you email Ryan a copy of your passport so we can get this started? Also, @sgibson91 did 2i2c-org/infrastructure#561 which helps manage the complexity of multiple logins |
|
This one somehow got moved off of our deliverables backlog but I just added it back on. I think this should be high-priority because currently only @sgibson91 and @yuvipanda have the ability to manage Pangeo's hub infrastructure. I've updated the top comment so it's a bit clear what are our next steps, and assigning everybody on this thread who hasn't yet sent in their passport photo to @rabernat |
|
Let's initiate the process a bit differently. Please give me the emails you want to use for this. I will then send an email to Columbia HR to initiate the UNI process. You can send the passports and other info to them. |
|
@rabernat when you say "the emails you want to use for this" you mean "the Columbia emails" right? So the answer would be something like |
|
No I mean the people I should include in my email to Columbia HR. In slack you suggested
|
|
Hi @rabernat I updated your comment above about my email for this, if it doesn't make sense to be added as erik@2i2c.org then go for erik@sundellopensource.se |
|
Email sent to Rebecca (Becca) Kinney of LDEO HR. All the above people were cc'd. |
|
Once folks have their |
|
Just checking up on this. Were folks able to get their Columbia UNIs activated? |
|
We are still in the process - @yuvipanda is trying to resolve the NFS issue on the staging hub while @sgibson91 is gone, and he already has access so work can continue 👍 |
|
What's the status of this now? Do people have their UNIs yet? |
|
I can confirm I got my Columbia account activated, @sgibson91. |
|
I got my Columbia account activated today too @sgibson91. Sorry for taking this long :( ! |
choldgraf
moved this from Ready to work
to Blocked
in DEPRECATED Engineering and Product Backlog
damianavila
moved this from Blocked
to Complete
in DEPRECATED Engineering and Product Backlog
|
I failed to acquire an account, instead of investigating it further, I'm closing this issue though. |
Summary
@yuvipanda and I have been given Columbia identities (known as UNIs) in order to be granted access to the Pangeo GCP projects. Currently, only members with columbia.edu emails (that come with the UNI) can be added to the project, which means that only Yuvi and I will be able to maintain this infrastructure as opposed to the whole 2i2c engineering team. I suspect this is a GDPR requirement from Columbia, which is fine, but we need a plan for how this project (and future ones) fit into our team practice.
Tasks
Send information
First each team member must send their passport to @rabernat so that he can get a Columbia account made for them. Then, @rabernat will convert those emails into
@columbia.eduaddresses.@columbia.eduaddresses for the teamtwo-eye-two-seeproject withcloudkms.cryptoKeyEncrypterDecrypterpermission forsopscc: @rabernat
The text was updated successfully, but these errors were encountered: