Page MenuHomePhabricator

Onboard bstorm to WMF
Closed, ResolvedPublic1 Story Points

Description

We have a running doc here: https://www.mediawiki.org/wiki/Wikimedia_Cloud_Services_team/Onboarding_Brooke

[ongoing / incomplete] list of things remaining:

Details

Related Gerrit Patches:
operations/puppet : productionicinga: Add MST to timeperiods.cfg for monitoring
operations/puppet : productiononboarding: Add bstorm to sms contact group
operations/puppet : productiononboarding: Add Bstorm as prod icinga contact
labs/private : masterAdd bstorm to cloud-wide root
operations/puppet : productioncloud: add bstorm to shinken instance

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes

Hi Brooke :)

chasemp updated the task description. (Show Details)Jan 22 2018, 10:37 PM
chasemp updated the task description. (Show Details)Jan 22 2018, 10:39 PM
Bstorm updated the task description. (Show Details)Jan 22 2018, 10:40 PM
chasemp updated the task description. (Show Details)Jan 22 2018, 10:41 PM
Bstorm updated the task description. (Show Details)Jan 22 2018, 10:41 PM
chasemp updated the task description. (Show Details)Jan 22 2018, 11:03 PM
chasemp updated the task description. (Show Details)Jan 22 2018, 11:07 PM
chasemp updated the task description. (Show Details)Jan 22 2018, 11:09 PM
Bstorm updated the task description. (Show Details)Jan 23 2018, 12:16 AM
chasemp updated the task description. (Show Details)Jan 23 2018, 1:53 PM
chasemp updated the task description. (Show Details)Jan 23 2018, 3:21 PM

Change 405886 had a related patch set uploaded (by Rush; owner: cpettet):
[operations/puppet@production] cloud: add bstorm to shinken instance

https://gerrit.wikimedia.org/r/405886

Change 405886 merged by Rush:
[operations/puppet@production] cloud: add bstorm to shinken instance

https://gerrit.wikimedia.org/r/405886

chasemp updated the task description. (Show Details)Jan 23 2018, 3:34 PM
chasemp updated the task description. (Show Details)

@Bstorm for Add to cloud-wide root you can put up a patchset to this file modules/passwords/templates/root-authorized-keys.erb in this repo https://gerrit.wikimedia.org/r/#/admin/projects/labs/private as a gerrit test :)

chasemp updated the task description. (Show Details)Jan 23 2018, 3:41 PM
chasemp updated the task description. (Show Details)
Bstorm updated the task description. (Show Details)Jan 23 2018, 3:48 PM
Bstorm updated the task description. (Show Details)Jan 23 2018, 3:53 PM
Bstorm updated the task description. (Show Details)Jan 23 2018, 3:56 PM
Bstorm updated the task description. (Show Details)Jan 23 2018, 3:59 PM
chasemp updated the task description. (Show Details)Jan 23 2018, 4:11 PM
chasemp updated the task description. (Show Details)Jan 23 2018, 4:13 PM
Bstorm updated the task description. (Show Details)Jan 23 2018, 5:38 PM
Bstorm updated the task description. (Show Details)Jan 23 2018, 6:30 PM
Dzahn updated the task description. (Show Details)Jan 23 2018, 7:01 PM
Dzahn added a subscriber: Dzahn.Jan 23 2018, 7:24 PM
  • subscribed to ops mailing list, invited to private mailing list
Bstorm updated the task description. (Show Details)Jan 23 2018, 8:13 PM
chasemp added a subscriber: Andrew.Jan 29 2018, 9:11 PM

@Andrew when you have a chance can you do whatever cloud admin portion exists on wikitech please?

Dzahn added a comment.Jan 29 2018, 9:31 PM

@Bstorm feel free to ping me about the Icinga contact part, happy to do it together or show you where to do it self-service. you can pick your own phone number, time zone etc and also use it as the example "ops/puppet" change to confirm you have +2 and can merge.

@Andrew when you have a chance can you do whatever cloud admin portion exists on wikitech please?

Done!

@Bstorm feel free to ping me about the Icinga contact part, happy to do it together or show you where to do it self-service. you can pick your own phone number, time zone etc and also use it as the example "ops/puppet" change to confirm you have +2 and can merge.

Thanks!

chasemp updated the task description. (Show Details)Jan 30 2018, 3:58 PM

Change 406842 had a related patch set uploaded (by Bstorm; owner: Bstorm):
[labs/private@master] Add bstorm to cloud-wide root

https://gerrit.wikimedia.org/r/406842

Change 406842 merged by Rush:
[labs/private@master] Add bstorm to cloud-wide root

https://gerrit.wikimedia.org/r/406842

chasemp updated the task description. (Show Details)Jan 30 2018, 7:51 PM
chasemp updated the task description. (Show Details)Jan 31 2018, 10:59 PM

racktables not worth it anymore? almost replaced by netbox. Netbox access should automatically come with the LDAP groups. (https://netbox.wikimedia.org/login/?next=/)

racktables not worth it anymore? almost replaced by netbox. Netbox access should automatically come with the LDAP groups. (https://netbox.wikimedia.org/login/?next=/)

I would still like to grant access when the general approval for root come in on the grounds that until it's actually gone who knows what the timeline for racktables will be.

Dzahn added a subscriber: RobH.Feb 1 2018, 3:56 PM

@RobH could you do the racktables part? ^

RobH updated the task description. (Show Details)Feb 1 2018, 4:00 PM

Emailed it to her just now to update and change once she logs in.

Bstorm added a comment.Feb 1 2018, 5:02 PM

I'm in racktables! :)

Mentioned in SAL (#wikimedia-operations) [2018-02-05T18:31:08Z] <mutante> added bstorm to the 'wmf' and 'ops' LDAP groups (modify-ldap-groups on terbium) (T185493)

Mentioned in SAL (#wikimedia-operations) [2018-02-05T18:37:09Z] <mutante> added bstorm to acl*operations-team (project 29) on Phabricator (T185493)

Dzahn updated the task description. (Show Details)Feb 5 2018, 6:37 PM

Change 408327 had a related patch set uploaded (by Madhuvishy; owner: Madhuvishy):
[operations/puppet@production] onboarding: Add Bstorm as prod icinga contact

https://gerrit.wikimedia.org/r/408327

Change 408328 had a related patch set uploaded (by Madhuvishy; owner: Madhuvishy):
[operations/puppet@production] onboarding: Add bstorm to sms contact group

https://gerrit.wikimedia.org/r/408328

Change 408327 merged by Madhuvishy:
[operations/puppet@production] onboarding: Add Bstorm as prod icinga contact

https://gerrit.wikimedia.org/r/408327

Change 408328 merged by Bstorm:
[operations/puppet@production] onboarding: Add bstorm to sms contact group

https://gerrit.wikimedia.org/r/408328

chasemp updated the task description. (Show Details)Feb 5 2018, 7:44 PM
chasemp updated the task description. (Show Details)
chasemp updated the task description. (Show Details)
chasemp set the point value for this task to 1.Feb 5 2018, 8:08 PM

I see a PGP key for bstorm@wikimedia.org. Let's sign during teh team meeting and f2f tomorrow :)

Change 408445 had a related patch set uploaded (by Bstorm; owner: Bstorm):
[operations/puppet@production] Add MST to timeperiods.cfg for monitoring

https://gerrit.wikimedia.org/r/408445

Change 408445 merged by Bstorm:
[operations/puppet@production] icinga: Add MST to timeperiods.cfg for monitoring

https://gerrit.wikimedia.org/r/408445

@MoritzMuehlenhoff when you get a chance can you help @Bstorm get setup with pwstore? She has a key in the public registery and confirmed during a hangout today for me it was the correct key.

Dzahn added a comment.Feb 6 2018, 8:33 PM

@chasemp Adding the key to pwstore requires that it has at least 2 signatures on it. Since you already confirmed the key during hangout, could you add one of those? Like sign the key and then upload the signed version to keyserver? Then it should show signatures with gpg --list-sigs 2051251AF5172F75 I could then do the second one.

Dzahn added a comment.Feb 6 2018, 8:49 PM

get key:

gpg --search-keys bstorm@wikimedia.org
gpg --recv-keys 2051251AF5172F75

show fingerprint: (verified against a file on bast1001 that Brooke uploaded)
gpg --list-fingerprint 2051251AF5172F75

signed key:
gpg --sign-key 2051251AF5172F75

uploaded key:
gpg --send-keys 2051251AF5172F75
gpg: sending key 2051251AF5172F75 to hkps://hkps.pool.sks-keyservers.net
gpg --keyserver pgp.mit.edu --send-keys 2051251AF5172F75
gpg: sending key 2051251AF5172F75 to hkp://pgp.mit.edu

show signatures:

gpg --list-sigs 2051251AF5172F75

pub   rsa4096 2018-01-29 [SC] [expires: 2022-01-29]
      117337F5D48C4CFF8909CD9C2051251AF5172F75
uid           [ unknown] Brooke Storm <bstorm@wikimedia.org>
sig 3        2051251AF5172F75 2018-01-29  Brooke Storm <bstorm@wikimedia.org>
sig          37E9B5C6F5F6A067 2018-02-06  Daniel Zahn (WMF) <dzahn@wikimedia.org>
sub   rsa4096 2018-01-29 [E] [expires: 2022-01-29]
sig          2051251AF5172F75 2018-01-29  Brooke Storm <bstorm@wikimedia.org>

@chasemp Adding the key to pwstore requires that it has at least 2 signatures on it. Since you already confirmed the key during hangout, could you add one of those? Like sign the key and then upload the signed version to keyserver? Then it should show signatures with gpg --list-sigs 2051251AF5172F75 I could then do the second one.

Apologies, I thought I had already :D Should be gtg now?

Dzahn added a comment.Feb 6 2018, 10:15 PM

I can't see your signature yet. I tried my default keyserver (hkps://hkps.pool.sks-keyservers.net) and pgp.mit.edu. Depending on which keyserver you used it might just take a while until they have synced.

It's on there, now.

Dzahn added a comment.Feb 7 2018, 12:14 AM

Confirmed i saw the new signature now.

I added bstorm to the .users file and then gpg --clearsign'ed the .users file

Then i re-encrypted all (ops) files with pws.rb rc $file and a bash loop.

You should be able to use pwstore now.

Dzahn closed this task as Resolved.Feb 7 2018, 12:18 AM
Dzahn updated the task description. (Show Details)

Looks like we are all done. If there are any issues or things missing, please just reopen it.

chasemp updated the task description. (Show Details)Feb 23 2018, 7:34 PM
chasemp updated the task description. (Show Details)Mar 13 2018, 2:04 PM
Bstorm updated the task description. (Show Details)Mar 13 2018, 4:39 PM