Buildduty/day 1 checklist: Difference between revisions

Removed Nagios entry
(edit jumphost ssh config to digest more hosts using star globs)
(Removed Nagios entry)
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
__TOC__
__TOC__


Welcome to Buildduty!  
Welcome to CiDuty!  


This page is meant to serve as a resource for new Buildduty people getting up to speed and ensuring they have access to the appropriate systems that they are expected to use.
This page is meant to serve as a resource for new CiDuty team-members getting up to speed and ensuring they have access to the appropriate systems that they are expected to use.


= Buildduty and the Manifesto =
= CiDuty and the Manifesto =


* Before you start it would be a good idea to make sure you know what Buildduty is all about. Please have a read through of [[ReleaseEngineering/Buildduty_manifesto|the manifesto]]
* Before you start it would be a good idea to make sure you know what CiDuty is all about. Please have a read through of [[ReleaseEngineering/Buildduty_manifesto|the manifesto]]


= Access =
= Access =
Line 13: Line 13:
== SSO ==
== SSO ==


Generally, we rely on [https://auth0.com/ auth0] across Mozilla for authentication and [https://mana.mozilla.org/wiki/display/SYSADMIN/LDAP+Architecture LDAP] for authorization. Once given LDAP and you have created a permanent password, you can use that to login to the [https://sso.mozilla.com SSO portal]. From SSO, you should have links to various services from email, irc, calendar, slack, mana, etc. More on each of those later on this page
Generally, we rely on [https://auth0.com/ auth0] across Mozilla for authentication and [https://mana.mozilla.org/wiki/display/SYSADMIN/LDAP+Architecture LDAP] for authorization. Once given LDAP and you have created a temporary password (about 3 months), you can use that to login to the [https://sso.mozilla.com SSO portal]. From SSO, you should have links to various services from email, irc, calendar, slack, mana, etc. More on each of those later on this page


== login.mozilla.com ==
== login.mozilla.com ==
Line 25: Line 25:
=== SSH ===
=== SSH ===


Upload your public ssh key. It is a good idea to generate a separate ssh keypair from your personal one or any other that you have created in the past and use that explicitly for Buildduty and upload that. Follow this [[Security/Guidelines/OpenSSH#OpenSSH_client|SSH guidelines doc]] on how to generate, configure, and use your ssh key.
Upload your public ssh key. It is a good idea to generate a separate ssh keypair from your personal one or any other that you have created in the past and use that explicitly for CiDuty and upload that. Follow this [[Security/Guidelines/OpenSSH#OpenSSH_client|SSH guidelines doc]] on how to generate, configure, and use your ssh key.


note: example ssh config for accessing our systems given below in Jumphost section
note: example ssh config for accessing our systems given below in Jumphost section
Line 42: Line 42:
See the instructions on how to [https://mana.mozilla.org/wiki/display/SD/VPN install and configure your VPN client] and help choosing the right client for your platform.
See the instructions on how to [https://mana.mozilla.org/wiki/display/SD/VPN install and configure your VPN client] and help choosing the right client for your platform.


note: macOS and Windows users should use [https://www.sparklabs.com/viscosity/ Viscosity]. This application comes with a free 30 day trial. During your trial, your manager can help you create a ServiceNow ticket to get a Viscosity full license.  
note: macOS users should use [https://www.sparklabs.com/viscosity/ Viscosity]. This application comes with a free 30 day trial. During your trial, your manager can help you create a ServiceNow ticket to get a Viscosity full license. While Windows users can use OpenVPN GUI that is free.


=== MFA ===
=== MFA ===
Line 93: Line 93:
     ProxyJump rejh1.srv.releng.scl3.mozilla.com
     ProxyJump rejh1.srv.releng.scl3.mozilla.com
</source>
</source>
== Buildduty LDAP groups ==
You may have access to the [https://ldapadmin1.private.scl3.mozilla.com/manage/ ldap admin page] and see your own groups that you have on your record. This page is behind vpn and auth0.
Although you can read your current groups, you will not be able to modify them. To extend with Buildduty groups that you need. You and your manager will need to file a ticket for them under "MOC: Service Requests"
example ldap groups they may have by default:
  cn=corp-vpn,ou=groups,dc=mozilla
  cn=IntranetWiki,ou=groups,dc=mozilla
  cn=irccloud,ou=groups,dc=mozilla
  cn=mfa,ou=groups,dc=mozilla
  cn=phonebook_access,ou=groups,dc=mozilla
  cn=team_moco,ou=groups,dc=mozilla
  cn=vpn_corp,ou=groups,dc=mozilla
  cn=vpn_default,ou=groups,dc=mozilla
example ldap groups you may need to file for and request added (example, Bug 1434168):
  cn=releng,ou=groups,dc=mozilla
  cn=RelEngWiki,ou=groups,dc=mozilla
  cn=vpn_releng,ou=groups,dc=mozilla
  cn=vpn_releng_loan,ou=groups,dc=mozilla
  cn=vpn_relengwiki,ou=groups,dc=mozilla
  cn=vpn_tooltooleditor,ou=groups,dc=mozilla
  cn=inventory,ou=groups,dc=mozilla
  cn=inventory_build,ou=groups,dc=mozilla
  cn=vpn_inventory,ou=groups,dc=mozilla
  cn=nagiosadmin,ou=groups,dc=mozilla
  cn=GraphsAdmin,ou=groups,dc=mozilla
  cn=active_scm_level_1,ou=groups,dc=mozilla
  cn=all_scm_level_1,ou=groups,dc=mozilla
  cn=vpn_genericrhel6,ou=groups,dc=mozilla


= Communications =
= Communications =


== Mail ==
== Mail ==
Mozilla mail is handled by [https://mail.google.com/ Gmail] now.
Mozilla mail is handled by [https://mail.google.com/ Gmail].


Have your manager subscribe you to this list if you are not already.
Have your manager subscribe you to this list if you are not already.
Line 134: Line 103:
=== Mailing lists ===
=== Mailing lists ===


Need permission:
Needs permission:
* [https://groups.google.com/a/mozilla.com/forum/?hl=en#!forum/buildduty buildduty@mozilla.com] - this is our team email. Ask owner (e.g. jlund) for access
* [https://groups.google.com/a/mozilla.com/forum/?hl=en#!forum/ciduty ciduty@mozilla.com] - this is our team email. Ask owner (jlund) for access
* [https://groups.google.com/a/mozilla.com/forum/?hl=en#!forum/releng-puppet-mail Puppet Mail] (warning: you will want to filter this as it can send a lot of mail)
* [https://groups.google.com/a/mozilla.com/forum/?hl=en#!forum/releng-puppet-mail Puppet Mail] (warning: you will want to filter this as it can send a lot of mail)


Line 145: Line 114:
* https://lists.mozilla.org/listinfo/tools-taskcluster - general taskcluster discussion
* https://lists.mozilla.org/listinfo/tools-taskcluster - general taskcluster discussion
* [https://groups.google.com/a/mozilla.com/forum/#!forum/firefox-ci firefox-ci] mailing list
* [https://groups.google.com/a/mozilla.com/forum/#!forum/firefox-ci firefox-ci] mailing list
* TODO public relops


These are available as [news://news.mozilla.org newsgroups], google groups, and [https://lists.mozilla.org/listinfo Mailman lists]
These are available as [news://news.mozilla.org newsgroups], google groups, and [https://lists.mozilla.org/listinfo Mailman lists]
Line 154: Line 122:
You'll want to subscribe to the following public calendars:
You'll want to subscribe to the following public calendars:
* [https://calendar.google.com/calendar/embed?src=mozilla.com_2d32343333353036312d393737%40resource.calendar.google.com Release Engineering - Public]
* [https://calendar.google.com/calendar/embed?src=mozilla.com_2d32343333353036312d393737%40resource.calendar.google.com Release Engineering - Public]
* [https://www.google.com/calendar/feeds/mozilla.com_toi1svbfjd878aslutkgj32dco%40group.calendar.google.com/public/basic Releng PTO]
* TODO public taskcluster
* TODO public relops




Line 179: Line 144:
Special [https://mana.mozilla.org/wiki/display/~gene@mozilla.com/How+to+get+Vidyo+working+on+Ubuntu+16.04+and+newer Ubuntu instructions] that may help
Special [https://mana.mozilla.org/wiki/display/~gene@mozilla.com/How+to+get+Vidyo+working+on+Ubuntu+16.04+and+newer Ubuntu instructions] that may help


TODO: create a Buildduty room
Add to your contact list the CiDuty room


== IRC ==
== IRC ==
Line 186: Line 151:


Useful channels
Useful channels
* #buildduty, #releng, #taskcluster, #developers, #mobile, #ateam, #moc
* #ci, #releaseduty, #releng-bots #taskcluster, #developers, #mobile, #ateam, #moc


Protected channels
Protected channels
* #platform-ops-soc, #platform-ops-alerts, #access-alerts
* #platform-ops-soc, #platform-ops-alerts
   * pw in secrets repo
   * password in secrets repo
* you don't need to join all of these but some may be useful: https://mana.mozilla.org/wiki/display/SYSADMIN/IRC+use+within+IT
* you don't need to join all of these but some may be useful: https://mana.mozilla.org/wiki/display/SYSADMIN/IRC+use+within+IT
   * pw in mana
   * passwordw in mana


== Slack ==
== Slack ==
Line 233: Line 198:


There are git mirrors of many popular Mozilla repositories. One of the Mozilla github admins (jlund) can add you to the following GitHub groups:
There are git mirrors of many popular Mozilla repositories. One of the Mozilla github admins (jlund) can add you to the following GitHub groups:
* TODO create a Builduty team under Mozilla
* [https://github.com/orgs/mozilla-releng/teams/buildduty/members CiDuty Github Team]


There are also a handful of git repos hosted directly by Mozilla. Your manager/mentor will let you know if you need access to one of these. ([[Github|See also]])
There are also a handful of git repos hosted directly by Mozilla. Your manager/mentor will let you know if you need access to one of these. ([[Github|See also]])
Line 239: Line 204:
= Secrets =
= Secrets =


Releng and Relops have a shared repo of secrets. Please reach out to jlund or another manager for instructions on how to access and ask to be add yourself as a recipient to every secret that the rest of the buildduty team (users/buildduty-fingerprints) has access to
Releng and Relops have a shared repo of secrets. Please reach out to jlund or another manager for instructions on how to access and ask to be add yourself as a recipient to every secret that the rest of the CiDuty team (users/buildduty-fingerprints) has access to


= Releng AWS account =
= Releng/TC AWS account =


File a release engineering "general" ticket and needinfo jlund or another releng manager to create a user account and add you to the Buildduty group
File a release engineering "general" ticket and needinfo jlund or another releng manager to create a user account and add you to the CiDuty group


= Other Services =
= Other Services =


For access to other services, you'll need file a couple of bugs:
For access to other services, you'll need file a couple of bugs:
* Access to [http://nagios.mozilla.org/nagios/ Nagios]
** File a bug in bugzilla under 'MOC: Service Requests'
* Access to [https://inventory.mozilla.org/en-US/#inventory inventory]
** File a bug under 'Infrastructure & Operations::WebOps: Inventory'
* Access to Papertrail
* Access to Papertrail
** ask jlund or another manager to be added to the encrypted file in the secrets repo
** ask jlund or another manager to be added to the encrypted file in the secrets repo
Confirmed users
67

edits