Page MenuHomePhabricator

Ops Onboarding for Keith Herron
Closed, ResolvedPublic

Description

Details

Related Gerrit Patches:
operations/puppet : productionicinga: give permissions to run commands to herron
operations/puppet : productionadmin: add herron to ops group
operations/puppet : productionadmins: create shell account for Keith Herron

Event Timeline

Dzahn created this task.May 30 2017, 4:57 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 30 2017, 4:57 PM
Dzahn updated the task description. (Show Details)May 30 2017, 5:21 PM
Dzahn updated the task description. (Show Details)May 30 2017, 5:48 PM
Dzahn updated the task description. (Show Details)May 30 2017, 5:55 PM
Dzahn added a subscriber: herron.
herron updated the task description. (Show Details)May 30 2017, 7:43 PM

Mentioned in SAL (#wikimedia-operations) [2017-05-30T20:18:15Z] <mutante> LDAP - added uid=herron to groups "ops" and "wmf" for ops onboarding of Keith (T166587)

My GPG key ID is C574276C (keyserver hkp://pool.sks-keyservers.net) and below are my ssh keys: {P5508}

Change 356299 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] admins: create shell account for Keith Herron

https://gerrit.wikimedia.org/r/356299

Change 356299 merged by Dzahn:
[operations/puppet@production] admins: create shell account for Keith Herron

https://gerrit.wikimedia.org/r/356299

Change 356303 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] admin: add herron to ops group

https://gerrit.wikimedia.org/r/356303

Change 356303 merged by Herron:
[operations/puppet@production] admin: add herron to ops group

https://gerrit.wikimedia.org/r/356303

Mentioned in SAL (#wikimedia-operations) [2017-05-30T22:20:27Z] <mutante> Welcome new root shell user herron (T166587)

Dzahn updated the task description. (Show Details)May 30 2017, 10:30 PM

Change 356309 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] icinga: give permissions to run commands to herron

https://gerrit.wikimedia.org/r/356309

Dzahn updated the task description. (Show Details)May 30 2017, 10:45 PM
Dzahn updated the task description. (Show Details)
Dzahn updated the task description. (Show Details)May 30 2017, 10:49 PM
Dzahn added a comment.May 31 2017, 5:50 PM

My GPG key ID is C574276C (keyserver hkp://pool.sks-keyservers.net)

Hi, so i imported this key succesfully but then when i try to use it to encrypt something for you:

gpg: C574276C: skipped: Unusable public key

Looks like I inadvertently generated a signing only key. I've revoked the C574276C key. Let's try this again with new Key ID 0DEC052E.

Dzahn added a comment.May 31 2017, 8:52 PM

@herron Ok, cool. Imported the new key, was able to use it to encrypt. I encrypted a file kherron-racktables.gpg and put it in your home dir on rutherfordium. That contains a login for https://racktables.wikimedia.org

Dzahn updated the task description. (Show Details)May 31 2017, 9:41 PM
Dzahn updated the task description. (Show Details)May 31 2017, 10:18 PM

Change 356309 merged by Herron:
[operations/puppet@production] icinga: give permissions to run commands to herron

https://gerrit.wikimedia.org/r/356309

Dzahn updated the task description. (Show Details)May 31 2017, 10:57 PM

I've added Keith to pwstore and he confirmed that it's working fine.

Dzahn closed this task as Resolved.Jun 6 2017, 10:54 PM
Dzahn updated the task description. (Show Details)

great! thank you. i have removed the network access part from the onboarding.

that means all subtasks are resolved and closing this.

Dzahn reopened this task as Open.Jun 29 2017, 5:20 PM

As was pointed out to me, we did not do the Icinga paging part yet. Just permissions on the web ui..

Dzahn added a comment.Jul 5 2017, 10:57 PM

We talked about this and Keith added his own Icinga contact in private repo, then added himself to "sms" group.

https://gerrit.wikimedia.org/r/#/c/363044/

Should be all done now. The ultimate test would be of course once he can confirm he has received a real alert. There hasn't been one yet during his timezone.

Dzahn reassigned this task from Dzahn to herron.Jul 5 2017, 10:59 PM
Dzahn triaged this task as Low priority.

set priority to low. maybe you can close it once you actually received one?

herron added a comment.Jul 6 2017, 2:29 AM

sounds good 👍

herron added a comment.Jul 7 2017, 3:16 PM

Received an alert today via the email to sms gateway. Is this the expected behavior, or should the alert have been sent directly via SMS?

Dzahn closed this task as Resolved.Jul 7 2017, 6:57 PM

Ok. cool! yes, this should be the expected behaviour, afaik, because of the Google voice number.

11:57 <robh> afaik google voice doesnt have an email to sms address
11:57 <robh> its not supported, so he has to use aql like our EU opsen

Dzahn added a comment.Jul 7 2017, 6:58 PM

P.S. yea, no direct SMS, we used to have a USB dongle in the past to send our own SMS directly from the Icinga server, but that turned out to be less reliable than this.

herron added a comment.Jul 7 2017, 8:06 PM

cool, thanks!