Buildduty/day 1 checklist: Difference between revisions

← Older edit

Buildduty/day 1 checklist (view source)

Revision as of 15:07, 15 January 2019

1,774 bytes removed , 15 January 2019

Removed Nagios entry

Dlabici

Confirmed users

67

edits

@@ Line 1: / Line 1: @@
 __TOC__
-Welcome to Buildduty!
+Welcome to CiDuty!
-This page is meant to serve as a resource for new Buildduty people getting up to speed and ensuring they have access to the appropriate systems that they are expected to use.
+This page is meant to serve as a resource for new CiDuty team-members getting up to speed and ensuring they have access to the appropriate systems that they are expected to use.
-= Buildduty and the Manifesto =
+= CiDuty and the Manifesto =
-* Before you start it would be a good idea to make sure you know what Buildduty is all about. Please have a read through of [[ReleaseEngineering/Buildduty_manifesto|the manifesto]]
+* Before you start it would be a good idea to make sure you know what CiDuty is all about. Please have a read through of [[ReleaseEngineering/Buildduty_manifesto|the manifesto]]
 = Access =
@@ Line 13: / Line 13: @@
 == SSO ==
-Generally, we rely on [https://auth0.com/ auth0] across Mozilla for authentication and [https://mana.mozilla.org/wiki/display/SYSADMIN/LDAP+Architecture LDAP] for authorization. Once given LDAP and you have created a permanent password, you can use that to login to the [https://sso.mozilla.com SSO portal]. From SSO, you should have links to various services from email, irc, calendar, slack, mana, etc. More on each of those later on this page
+Generally, we rely on [https://auth0.com/ auth0] across Mozilla for authentication and [https://mana.mozilla.org/wiki/display/SYSADMIN/LDAP+Architecture LDAP] for authorization. Once given LDAP and you have created a temporary password (about 3 months), you can use that to login to the [https://sso.mozilla.com SSO portal]. From SSO, you should have links to various services from email, irc, calendar, slack, mana, etc. More on each of those later on this page
 == login.mozilla.com ==
@@ Line 25: / Line 25: @@
 === SSH ===
-Upload your public ssh key. It is a good idea to generate a separate ssh keypair from your personal one or any other that you have created in the past and use that explicitly for Buildduty and upload that. Follow this [[Security/Guidelines/OpenSSH#OpenSSH_client|SSH guidelines doc]] on how to generate, configure, and use your ssh key.
+Upload your public ssh key. It is a good idea to generate a separate ssh keypair from your personal one or any other that you have created in the past and use that explicitly for CiDuty and upload that. Follow this [[Security/Guidelines/OpenSSH#OpenSSH_client|SSH guidelines doc]] on how to generate, configure, and use your ssh key.
 note: example ssh config for accessing our systems given below in Jumphost section
@@ Line 42: / Line 42: @@
 See the instructions on how to [https://mana.mozilla.org/wiki/display/SD/VPN install and configure your VPN client] and help choosing the right client for your platform.
-note: macOS and Windows users should use [https://www.sparklabs.com/viscosity/ Viscosity]. This application comes with a free 30 day trial. During your trial, your manager can help you create a ServiceNow ticket to get a Viscosity full license.
+note: macOS users should use [https://www.sparklabs.com/viscosity/ Viscosity]. This application comes with a free 30 day trial. During your trial, your manager can help you create a ServiceNow ticket to get a Viscosity full license. While Windows users can use OpenVPN GUI that is free.
 === MFA ===
@@ Line 93: / Line 93: @@
      ProxyJump rejh1.srv.releng.scl3.mozilla.com
 </source>
-== Buildduty LDAP groups ==
-You may have access to the [https://ldapadmin1.private.scl3.mozilla.com/manage/ ldap admin page] and see your own groups that you have on your record. This page is behind vpn and auth0.
-Although you can read your current groups, you will not be able to modify them. To extend with Buildduty groups that you need. You and your manager will need to file a ticket for them under "MOC: Service Requests"
-example ldap groups they may have by default:
-  cn=corp-vpn,ou=groups,dc=mozilla
-  cn=IntranetWiki,ou=groups,dc=mozilla
-  cn=irccloud,ou=groups,dc=mozilla
-  cn=mfa,ou=groups,dc=mozilla
-  cn=phonebook_access,ou=groups,dc=mozilla
-  cn=team_moco,ou=groups,dc=mozilla
-  cn=vpn_corp,ou=groups,dc=mozilla
-  cn=vpn_default,ou=groups,dc=mozilla
-example ldap groups you may need to file for and request added (example, Bug 1434168):
-  cn=releng,ou=groups,dc=mozilla
-  cn=RelEngWiki,ou=groups,dc=mozilla
-  cn=vpn_releng,ou=groups,dc=mozilla
-  cn=vpn_releng_loan,ou=groups,dc=mozilla
-  cn=vpn_relengwiki,ou=groups,dc=mozilla
-  cn=vpn_tooltooleditor,ou=groups,dc=mozilla
-  cn=inventory,ou=groups,dc=mozilla
-  cn=inventory_build,ou=groups,dc=mozilla
-  cn=vpn_inventory,ou=groups,dc=mozilla
-  cn=nagiosadmin,ou=groups,dc=mozilla
-  cn=GraphsAdmin,ou=groups,dc=mozilla
-  cn=active_scm_level_1,ou=groups,dc=mozilla
-  cn=all_scm_level_1,ou=groups,dc=mozilla
-  cn=vpn_genericrhel6,ou=groups,dc=mozilla
 = Communications =
 == Mail ==
-Mozilla mail is handled by [https://mail.google.com/ Gmail] now.
+Mozilla mail is handled by [https://mail.google.com/ Gmail].
 Have your manager subscribe you to this list if you are not already.
@@ Line 134: / Line 103: @@
 === Mailing lists ===
-Need permission:
+Needs permission:
-* [https://groups.google.com/a/mozilla.com/forum/?hl=en#!forum/buildduty buildduty@mozilla.com] - this is our team email. Ask owner (e.g. jlund) for access
+* [https://groups.google.com/a/mozilla.com/forum/?hl=en#!forum/ciduty ciduty@mozilla.com] - this is our team email. Ask owner (jlund) for access
 * [https://groups.google.com/a/mozilla.com/forum/?hl=en#!forum/releng-puppet-mail Puppet Mail] (warning: you will want to filter this as it can send a lot of mail)
@@ Line 145: / Line 114: @@
 * https://lists.mozilla.org/listinfo/tools-taskcluster - general taskcluster discussion
 * [https://groups.google.com/a/mozilla.com/forum/#!forum/firefox-ci firefox-ci] mailing list
-* TODO public relops
 These are available as [news://news.mozilla.org newsgroups], google groups, and [https://lists.mozilla.org/listinfo Mailman lists]
@@ Line 154: / Line 122: @@
 You'll want to subscribe to the following public calendars:
 * [https://calendar.google.com/calendar/embed?src=mozilla.com_2d32343333353036312d393737%40resource.calendar.google.com Release Engineering - Public]
-* [https://www.google.com/calendar/feeds/mozilla.com_toi1svbfjd878aslutkgj32dco%40group.calendar.google.com/public/basic Releng PTO]
-* TODO public taskcluster
-* TODO public relops
@@ Line 179: / Line 144: @@
 Special [https://mana.mozilla.org/wiki/display/~gene@mozilla.com/How+to+get+Vidyo+working+on+Ubuntu+16.04+and+newer Ubuntu instructions] that may help
-TODO: create a Buildduty room
+Add to your contact list the CiDuty room
 == IRC ==
@@ Line 186: / Line 151: @@
 Useful channels
-* #buildduty, #releng, #taskcluster, #developers, #mobile, #ateam, #moc
+* #ci, #releaseduty, #releng-bots #taskcluster, #developers, #mobile, #ateam, #moc
 Protected channels
-* #platform-ops-soc, #platform-ops-alerts, #access-alerts
+* #platform-ops-soc, #platform-ops-alerts
-   * pw in secrets repo
+   * password in secrets repo
 * you don't need to join all of these but some may be useful: https://mana.mozilla.org/wiki/display/SYSADMIN/IRC+use+within+IT
-   * pw in mana
+   * passwordw in mana
 == Slack ==
@@ Line 233: / Line 198: @@
 There are git mirrors of many popular Mozilla repositories. One of the Mozilla github admins (jlund) can add you to the following GitHub groups:
-* TODO create a Builduty team under Mozilla
+* [https://github.com/orgs/mozilla-releng/teams/buildduty/members CiDuty Github Team]
 There are also a handful of git repos hosted directly by Mozilla. Your manager/mentor will let you know if you need access to one of these. ([[Github|See also]])
@@ Line 239: / Line 204: @@
 = Secrets =
-Releng and Relops have a shared repo of secrets. Please reach out to jlund or another manager for instructions on how to access and ask to be add yourself as a recipient to every secret that the rest of the buildduty team (users/buildduty-fingerprints) has access to
+Releng and Relops have a shared repo of secrets. Please reach out to jlund or another manager for instructions on how to access and ask to be add yourself as a recipient to every secret that the rest of the CiDuty team (users/buildduty-fingerprints) has access to
-= Releng AWS account =
+= Releng/TC AWS account =
-File a release engineering "general" ticket and needinfo jlund or another releng manager to create a user account and add you to the Buildduty group
+File a release engineering "general" ticket and needinfo jlund or another releng manager to create a user account and add you to the CiDuty group
 = Other Services =
 For access to other services, you'll need file a couple of bugs:
-* Access to [http://nagios.mozilla.org/nagios/ Nagios]
-** File a bug in bugzilla under 'MOC: Service Requests'
-* Access to [https://inventory.mozilla.org/en-US/#inventory inventory]
-** File a bug under 'Infrastructure & Operations::WebOps: Inventory'
 * Access to Papertrail
 ** ask jlund or another manager to be added to the encrypted file in the secrets repo