ReleaseEngineering/Day 1 Checklist
Welcome to Release Engineering!
This page is meant to get new hires, interns, or interested community members up to speed with the right software, configurations, and communication channels to contribute effectively to the release engineering pipeline.
Overview
- Release Engineering home page
- Video Resources - this page has a mix of introductions, tutorials, and presentations.
Development Best Practices
- Read and keep up to date with: Development Best Practices
Single Sign-On (SSO)
Many Mozilla services use SSO now, including Gmail, Drive, and ServiceNow. The Single Sign-On homepage has a list of the available services.
NOTE: SSO requires that LDAP be setup first.
Mozilla mail is handled by Gmail now.
You should be added to the release@mozilla.com google group as a new hire/intern. This mailing list is managed by Google groups. Owners of this group will be able to add you. Send a test message to release@m.c to verify that your address has been added/subscribed. Talk to your manager if it is not working.
WARNING: release@m.c can contain security-sensitive information. Do not automatically forward your email to a system that is not under Mozilla's control.
Mailing lists
You'll need to manually subscribe to:
- release-engineering public mailing list
- mozilla.dev.planning
These are available as newsgroups, google groups, and Mailman lists
Mail Filtering
With all that new email, you will want to set up some filters in Gmail (https://mail.google.com/mail/u/0/#settings/filters) to filter some of the higher-volume automated mail into a folder. You may eventually want to handle this information, but on day one hundreds of nagios notifications are not going to be educational.
Here is an imperfect set of Gmail filters that you can import to get you started.
A list of new (and some older) automated emails are indexed by subject, along with relevant actions, here.
If you are going to working on puppet, you should also look at this page on how to read releng shared emails.
Calendar
Like mail, we now use Google calendar.
You'll want to subscribe to the following public calendars:
Talk to your manager/mentor to get added to the various other private calendars as appropriate.
Access
Bugzilla
Almost everything at Mozilla goes through Bugzilla. Create a Bugzilla account if you have not already.
You'll need a few tweaks to your account to get access to everything releng-related:
- Add privileges for bugzilla group "build" (Mozilla Build Team) (Can be done by catlee or bugzilla admin.)
- Add your irc nickname & ldap username as "aliases" for your account
- log into bugzilla & follow links "Preferences" -> "Account Information"
- append the aliases, with a leading ':' and enclosed in brackets ('[]') to the "Real Name" field
- e.g.: "Chris AtLee [:catlee]"
- QuickSearch help
Filing bugs against Release Engineering
The product to use is, unsurprisingly, "Release Engineering." There are multiple possible components under that product, so take your best guess or ask for guidance in IRC.
Vidyo Services
Our primary two way video meeting platform is Vidyo. Basic usage instructions are here. Especially if you are running linux, it is highly recommended that you install the client and make test calls prior to any meeting. Many of our team meetings are held in the ReleaseEngineering room.
- Pro tip: many folks have found the mobile client useful to have preinstalled as a backup device.
- If you're going to record a meeting, practice first. (Instructions are linked from mana page.)
- Ask team members for details on recording in the ReleaseEngineering room.
LDAP, SSH, VPN
Warning for people who already have an LDAP account: Change your password. Otherwise, adding you to the releng group may lock your account without further notice.
Note:There is a stronger password policy in releng: users must change their password every 3 months. If you don't change your password, the only symptom will be that one day or another (already observed after 8 days), your regular password won't work anymore. If this happens to you, contact people in #servicedesk, they will be able to reset your password.
This is mostly applicable only to employees and interns, although it *is* possible for other contributors to acquire some limited LDAP access. Speak to someone you work with on the releng team if you would like to investigate this.
SSH keys are used for access to most machines, and some of them are stored in your LDAP record:
- Generate a key for Mozilla based on the Security's recommendations. If you are connecting to buildbot masters and slaves you will need to use the Intermediate ssh config.
- Add your SSH public key to your LDAP account, at https://login.mozilla.com/
You'll need a number of other bits set in your LDAP object to access releng networks and systems via the VPN.
- Full instructions for accessing the VPN are on mana.
- this usually starts by generating a certificate at https://login.mozilla.com/
- file a bug against Product/Component: Infrastructure & Operations/MOC: Service Requests asking to be added to the releng and vpn_releng groups. Something similar to bug 1223449
- If you're on MacOSX or Windows, you might want to request a license for Viscosity (A VPN client). To do so from service-now.
- 'Order Stuff' > 'Software Applications' > 'Viscosity VPN' > 'Buisness Support && follow onscreen instructions
- Your manager is responsible for making sure you belong to the following LDAP groups, ideally before your first day. See below section
example ldap groups they may have by default:
cn=corp-vpn,ou=groups,dc=mozilla cn=IntranetWiki,ou=groups,dc=mozilla cn=irccloud,ou=groups,dc=mozilla cn=mfa,ou=groups,dc=mozilla cn=phonebook_access,ou=groups,dc=mozilla cn=team_moco,ou=groups,dc=mozilla cn=vpn_corp,ou=groups,dc=mozilla cn=vpn_default,ou=groups,dc=mozilla
example ldap groups you may need to file for and request added (example, Bug 1370413):
cn=releng,ou=groups,dc=mozilla cn=RelEngWiki,ou=groups,dc=mozilla cn=vpn_releng,ou=groups,dc=mozilla cn=vpn_releng_loan,ou=groups,dc=mozilla cn=vpn_relengwiki,ou=groups,dc=mozilla
SSH Config
You'll want to update your ~/.ssh/config. Releng uses jump hosts to reach protected servers, so those can be configured in the ssh configuration, too. Mana has some more information about ssh options for older ssh clients (OpenSSH <7.2 doesn't support ProxyJump, for example)
Host hg.mozilla.org
User <short-ldap-name-here>@mozilla.com
Compression yes
ServerAliveInterval 300
Host reviewboard-hg.mozilla.org
User <short-ldap-name-here>@mozilla.com
Host rejh?.srv.releng.????.mozilla.com
ControlMaster auto
ControlPath ~/.ssh/ssh-%C
ControlPersist 10m
ForwardAgent no
Host *.relenv.mdc1.mozilla.com !rejh?.srv.releng.mdc1.mozilla.com
ProxyJump rejh1.srv.releng.mdc1.mozilla.com
Host *.releng.us??.mozilla.com *.releng.scl3.mozilla.com !rejh?.srv.releng.????.mozilla.com
ProxyJump rejh1.srv.releng.scl3.mozilla.com
Host *.mozilla.com
User <short-ldap-name-here>
Compression yes
ServerAliveInterval 300
Host *.build.mozilla.org
Compression yes
User cltbld
ServerAliveInterval 300
You can add an IdentityFile ~/.ssh/<filename> line to those blocks to specify separate keys for different systems (eg Github).
Mercurial (hg)
Most development in releng (and at Mozilla writ-large) is stored in version control using hg.
There is an excellent step-by-step guide for setting up and using hg: Mercurial for Mozillians
The root webview of the Mozilla hg repositories is here: https://hg.mozilla.org/
Most releng code lives in repos under https://hg.mozilla.org/build
There are 3 levels of commit access:
- Level 1 access allows you to use the Try Server and setup user repos. As a new contributor, you should request this on day one.
- Level 2 access is required to land code in the build and project repos. Once you have a proven track record of successful patches, you can ask your manager/mentor to vouch for your Level 2 access. Your manager/mentor can also land patches for you until you receive Level 2 access.
- Level 3 access is required to land code in mozilla-central and its derived integration & release branches. At some point in your Mozilla contribution story, you may need Level 3 access but many contributors never do. Talk to your manager/mentor if you think you need this access. You should already have Level 2 access when you request Level 3.
You need to file an IT bug to get hg commit access. Follow the instructions for Becoming a Mozilla Committer, and for Level 2, specify you need access to (at least) hg.mozilla.org/build/* (Product/Component: mozilla.org/Repository Account Requests).
- example request: bug 703351
Git & Github
There are git mirrors of many popular Mozilla repositories. One of the Mozilla github admins (catlee, kmoir, jlund) can add you to the following GitHub groups:
There are also a handful of git repos hosted directly by Mozilla. Your manager/mentor will let you know if you need access to one of these. (See also)
PGP
PGP keys are used for encrypting sensitive data - you are responsible for generating and managing you own keys. A quick, Mac-focused primer is available on the intranet or you can use the The GNU Privacy Handbook for reference. After you have created your keys, do try to get your key signed by other team members, and uploaded to gpg.mozilla.org.
- It is okay to reuse an existing gpg key, provided you add an additional ID for your canonical LDAP name (e.g. 'hwine [at] mozilla.com', not an alias like 'Hal_9001 [at] mozilla.com').
Other Services
For access to other services, you'll need file a couple of bugs:
- Access to Nagios
- File a bug in bugzilla under 'MOC: Service Requests'
- Access to inventory
- File a bug under 'Infrastructure & Operations::WebOps: Inventory'
Communication
IRC
The majority of day-to-day communication in releng happens on IRC, and many people use the locally-hosted irccloud instance. Servicedesk has some great getting started tips for IRC.
If you run a traditional IRC client:
- https://wiki.mozilla.org/IRC irc://irc.mozilla.org
- irc.mozilla.org:6697 #mozbuild (use SSL, ask for the channel key; your nick needs to be registered)
- private team channel
* /attach ircs://irc.mozilla.org:6697/?pass=[your_irc_pass] * /join #mozbuild [access_key]
- irc.mozilla.org #releng
- public channel for discussion with sheriffs, and continuous integration bot
- keywords to hilite on:
- "!squirrel" is "I need eyes on this now" keyword in #mozbuild & #releng- please set your client to alert on it.
- "r?" - team member looking for a review, perhaps not in but (irc/pastebin)
- also useful to join
- #developers, #airmozilla, #sf, #mobile, #planning, #release-drivers, #ateam,
- #moco access_key is on mana
- #firebot for hiliting when you're mentioned in a bug, review request, etc.
Some folks run a BNC (an IRC bouncer) (e.g. znc) and/or irssi under screen to get continuous view of traffic. Ask around. (some good irssi notes).
See below for a local pastebin install, so you don't paste huge amounts in channel (irccloud handles this internally).
IT now also provides a hosted IRCCloud cloud instance you can partake of.
- NOTE: if you're using IRCCloud, and are invited to a password protected channel, IRCCloud will not have the password available to re-connect you. Do the following as soon as you enter the channel:
- Click the "Options" button
- Copy the password
- Click the "Leave" button
- Click the "Rejoin" button
- Paste the password into the text box.
Slack
Some parts of Mozilla prefer Slack to IRC, more info on mana.
Wiki
If you're reading this now, you found the wiki! ;)
Please add yourself and details to the list of team members.
Don't be shy about making improvements to releng pages based on your experiences. Getting someone in releng to review your changes first is good practice. Just ask in #releng.
- Useful templates (aka "macros")
- for releng, use bug 999 for bugzilla references; 6e453b4f7056 for hg revisions is also quite nice.
Pastebin
There's a local pastebin instance at http://pastebin.mozilla.org/, so you don't need to paste multi-lines into a channel. You'll find a helper script in the braindump repo at utils/pastebin.
- it creates a new page from stdin, and outputs the url to stdout
- an argument will be interpretted as the syntax highlighting format to use
- sample usage: hg diff | pastebin python | pbcopy (last part mac specific)
- set & export PASTEBIN_NAME if you don't want to post as anonymous.
(Many folks now use the pastebin integrated into IRCCloud.)
Google Drive
Google Drive (formerly Google docs) is a preferred way to share things these days. This includes spreadsheets and documents that will change a great deal over time.
Google Drive access should be enabled with your email account when you start. If you need access to a particular document, talk to the document owner or your manager/mentor.
Mana
Some internal Mozilla systems (IT, HR) are documented on mana. File a ServiceNow ticket if you don't have access when you start.
Other Resources
Short-term
- RelEng crowd-sourced Glossary of Terms
- Join https://mozillians.org/ (public, and yet-another-set-of-credentials)
- join the "release engineering" group
- Mozilla intranet
- https://mana.mozilla.org/wiki/display/RelEng/Release+Engineering+Home (for sensitive information only) (LDAP Note: Req attribute RelEng)
- https://trello.com/b/KwwYSXE1/release-engineering-status-board (Projects and deliverables status)
- Sign up for O'Reilly's online library of their boooks - a great resource
- Overview of dev cycle: http://k0s.org/mozilla/workflow.svg (slightly dated). And browse http://k0s.org/mozilla
- Releng Tips and Tricks
Longer-term
Talk to your mentor/manager to see which of these make sense.
- https://build.inventory.mozilla.org/build
- https://nagios.mozilla.org/nagios/
- https://metrics.mozilla.com/
- background for starting to understand buildbot releases (stale, but s/b roughly accurate): Beta schedulers
- How teams coordinate during a release: release work flows
Firefox Desktop + Firefox Mobile release process docs:
- Release_Management/Release_Process
- Release_Management/Release_Process/FAQ
- Egencia account: this should be accessible via SSO