Confirmed users
67
edits
(edit jumphost ssh config to digest more hosts using star globs) |
(Removed Nagios entry) |
||
(3 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
__TOC__ | __TOC__ | ||
Welcome to | Welcome to CiDuty! | ||
This page is meant to serve as a resource for new | This page is meant to serve as a resource for new CiDuty team-members getting up to speed and ensuring they have access to the appropriate systems that they are expected to use. | ||
= | = CiDuty and the Manifesto = | ||
* Before you start it would be a good idea to make sure you know what | * Before you start it would be a good idea to make sure you know what CiDuty is all about. Please have a read through of [[ReleaseEngineering/Buildduty_manifesto|the manifesto]] | ||
= Access = | = Access = | ||
Line 13: | Line 13: | ||
== SSO == | == SSO == | ||
Generally, we rely on [https://auth0.com/ auth0] across Mozilla for authentication and [https://mana.mozilla.org/wiki/display/SYSADMIN/LDAP+Architecture LDAP] for authorization. Once given LDAP and you have created a | Generally, we rely on [https://auth0.com/ auth0] across Mozilla for authentication and [https://mana.mozilla.org/wiki/display/SYSADMIN/LDAP+Architecture LDAP] for authorization. Once given LDAP and you have created a temporary password (about 3 months), you can use that to login to the [https://sso.mozilla.com SSO portal]. From SSO, you should have links to various services from email, irc, calendar, slack, mana, etc. More on each of those later on this page | ||
== login.mozilla.com == | == login.mozilla.com == | ||
Line 25: | Line 25: | ||
=== SSH === | === SSH === | ||
Upload your public ssh key. It is a good idea to generate a separate ssh keypair from your personal one or any other that you have created in the past and use that explicitly for | Upload your public ssh key. It is a good idea to generate a separate ssh keypair from your personal one or any other that you have created in the past and use that explicitly for CiDuty and upload that. Follow this [[Security/Guidelines/OpenSSH#OpenSSH_client|SSH guidelines doc]] on how to generate, configure, and use your ssh key. | ||
note: example ssh config for accessing our systems given below in Jumphost section | note: example ssh config for accessing our systems given below in Jumphost section | ||
Line 42: | Line 42: | ||
See the instructions on how to [https://mana.mozilla.org/wiki/display/SD/VPN install and configure your VPN client] and help choosing the right client for your platform. | See the instructions on how to [https://mana.mozilla.org/wiki/display/SD/VPN install and configure your VPN client] and help choosing the right client for your platform. | ||
note: macOS | note: macOS users should use [https://www.sparklabs.com/viscosity/ Viscosity]. This application comes with a free 30 day trial. During your trial, your manager can help you create a ServiceNow ticket to get a Viscosity full license. While Windows users can use OpenVPN GUI that is free. | ||
=== MFA === | === MFA === | ||
Line 93: | Line 93: | ||
ProxyJump rejh1.srv.releng.scl3.mozilla.com | ProxyJump rejh1.srv.releng.scl3.mozilla.com | ||
</source> | </source> | ||
= Communications = | = Communications = | ||
== Mail == | == Mail == | ||
Mozilla mail is handled by [https://mail.google.com/ Gmail] | Mozilla mail is handled by [https://mail.google.com/ Gmail]. | ||
Have your manager subscribe you to this list if you are not already. | Have your manager subscribe you to this list if you are not already. | ||
Line 134: | Line 103: | ||
=== Mailing lists === | === Mailing lists === | ||
Needs permission: | |||
* [https://groups.google.com/a/mozilla.com/forum/?hl=en#!forum/ | * [https://groups.google.com/a/mozilla.com/forum/?hl=en#!forum/ciduty ciduty@mozilla.com] - this is our team email. Ask owner (jlund) for access | ||
* [https://groups.google.com/a/mozilla.com/forum/?hl=en#!forum/releng-puppet-mail Puppet Mail] (warning: you will want to filter this as it can send a lot of mail) | * [https://groups.google.com/a/mozilla.com/forum/?hl=en#!forum/releng-puppet-mail Puppet Mail] (warning: you will want to filter this as it can send a lot of mail) | ||
Line 145: | Line 114: | ||
* https://lists.mozilla.org/listinfo/tools-taskcluster - general taskcluster discussion | * https://lists.mozilla.org/listinfo/tools-taskcluster - general taskcluster discussion | ||
* [https://groups.google.com/a/mozilla.com/forum/#!forum/firefox-ci firefox-ci] mailing list | * [https://groups.google.com/a/mozilla.com/forum/#!forum/firefox-ci firefox-ci] mailing list | ||
These are available as [news://news.mozilla.org newsgroups], google groups, and [https://lists.mozilla.org/listinfo Mailman lists] | These are available as [news://news.mozilla.org newsgroups], google groups, and [https://lists.mozilla.org/listinfo Mailman lists] | ||
Line 154: | Line 122: | ||
You'll want to subscribe to the following public calendars: | You'll want to subscribe to the following public calendars: | ||
* [https://calendar.google.com/calendar/embed?src=mozilla.com_2d32343333353036312d393737%40resource.calendar.google.com Release Engineering - Public] | * [https://calendar.google.com/calendar/embed?src=mozilla.com_2d32343333353036312d393737%40resource.calendar.google.com Release Engineering - Public] | ||
Line 179: | Line 144: | ||
Special [https://mana.mozilla.org/wiki/display/~gene@mozilla.com/How+to+get+Vidyo+working+on+Ubuntu+16.04+and+newer Ubuntu instructions] that may help | Special [https://mana.mozilla.org/wiki/display/~gene@mozilla.com/How+to+get+Vidyo+working+on+Ubuntu+16.04+and+newer Ubuntu instructions] that may help | ||
Add to your contact list the CiDuty room | |||
== IRC == | == IRC == | ||
Line 186: | Line 151: | ||
Useful channels | Useful channels | ||
* # | * #ci, #releaseduty, #releng-bots #taskcluster, #developers, #mobile, #ateam, #moc | ||
Protected channels | Protected channels | ||
* #platform-ops-soc, #platform-ops | * #platform-ops-soc, #platform-ops-alerts | ||
* | * password in secrets repo | ||
* you don't need to join all of these but some may be useful: https://mana.mozilla.org/wiki/display/SYSADMIN/IRC+use+within+IT | * you don't need to join all of these but some may be useful: https://mana.mozilla.org/wiki/display/SYSADMIN/IRC+use+within+IT | ||
* | * passwordw in mana | ||
== Slack == | == Slack == | ||
Line 233: | Line 198: | ||
There are git mirrors of many popular Mozilla repositories. One of the Mozilla github admins (jlund) can add you to the following GitHub groups: | There are git mirrors of many popular Mozilla repositories. One of the Mozilla github admins (jlund) can add you to the following GitHub groups: | ||
* | * [https://github.com/orgs/mozilla-releng/teams/buildduty/members CiDuty Github Team] | ||
There are also a handful of git repos hosted directly by Mozilla. Your manager/mentor will let you know if you need access to one of these. ([[Github|See also]]) | There are also a handful of git repos hosted directly by Mozilla. Your manager/mentor will let you know if you need access to one of these. ([[Github|See also]]) | ||
Line 239: | Line 204: | ||
= Secrets = | = Secrets = | ||
Releng and Relops have a shared repo of secrets. Please reach out to jlund or another manager for instructions on how to access and ask to be add yourself as a recipient to every secret that the rest of the | Releng and Relops have a shared repo of secrets. Please reach out to jlund or another manager for instructions on how to access and ask to be add yourself as a recipient to every secret that the rest of the CiDuty team (users/buildduty-fingerprints) has access to | ||
= Releng AWS account = | = Releng/TC AWS account = | ||
File a release engineering "general" ticket and needinfo jlund or another releng manager to create a user account and add you to the | File a release engineering "general" ticket and needinfo jlund or another releng manager to create a user account and add you to the CiDuty group | ||
= Other Services = | = Other Services = | ||
For access to other services, you'll need file a couple of bugs: | For access to other services, you'll need file a couple of bugs: | ||
* Access to Papertrail | * Access to Papertrail | ||
** ask jlund or another manager to be added to the encrypted file in the secrets repo | ** ask jlund or another manager to be added to the encrypted file in the secrets repo |