- OIT LDAP / gmail account
- server root shell
- phabricator login
- phabricator permissions to see NDA and Ops restricted tickets
- add to private IRC channels
- add to mailing lists and aliases
- icinga user and permissions (icinga commands, paging/notifications)
- add to wmf and ops LDAP groups
- login on office wiki
- pwstore access
- network device access
- racktables
- Access to Googlel group for maint-announce mails
Description
Details
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | None | T187035 Ops Onboarding for Valentín Gutiérrez | |||
Resolved | Dzahn | T187055 ldap/ops membership for vgutierrez |
Event Timeline
Change 409844 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] Add vgutierrez shell account in ops
Public GPG key for pwstore access:
-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFqBcZoBEACfsj5/PYP3lHfihfGWVBDkp4GfB8JFTVTeUQS+r8YDhu5k1nMT z4V7gkN7cqHRbQUbSptZ/rjqJHlDqSSH+sAm6nyN/npNJKi/YJ8bmV+FbuhWYKiH C+PkmAXJNt3IBhxr9tlzpEVO6s4HSFIXbdY4bHV4Twiu8dxu+EmVtwEoOsvhNW8L gtPbZr6gv+oPIAKcPjgmK0deGanby9byk5EX2renbR01MePPpqM+b1oRsnCLaAEO cKFdxD11l/OXcO0zNhoTtWlnrssOu4b9kQGSCtrJFDgXWALWHE1DtYwuXMyVsGjz jojdFhdUOSoDN9RTMX7eQ8VqSJP1/XB2jkm78a3rYVxW6EQWjG+Cl3gA+K3/DBGV iBFOLUPBNqnLUemSvHuLF0L9UY8F7k4V+Yb/SIpvPO8CIm4fZI7bTuHS1MjlpFDP Rlw8KxGG4JVEGMyVOj/2eDloC6gKtm2VOEO5d8rjzB5ETA02N1uAJnwvAhXnnAGH BxUacbjCVpl1LhYa1JPWehposnzhr6+cgz9wKr0BGnYVA8FJFqXzNVJMBPnqbibY gSDroHkkzf/NXyyAam6M4t4a+gsixZyTVoPzQ1eysZiMLFftPtsCk1wcZ/L8H5vb kjh4twYvKtVSCZr7lXZ6WKiyk67NYt3EbrulpjBCBjYUzgBs7vE98N7WsQARAQAB tC1WYWxlbnRpbiBHdXRpZXJyZXogPHZndXRpZXJyZXpAd2lraW1lZGlhLm9yZz6J Ak4EEwEKADgWIQS8KFYaFtwtpVIrpWTp+o7lm4wluQUCWoFxmgIbAwULCQgHAwUV CgkICwUWAgMBAAIeAQIXgAAKCRDp+o7lm4wlue9OD/4jPqMbhteh/I6B+gJt2H8I 1UrHwZ+HiQEhImRUo/hy/VYNOZONZqewVckuzEqHj7u1zQOHYR+93R66WccwiZdC UzxV83X6kvaMzY15FRjF+4WLTVs48gk048iVhxc23Y+F13kJ3eJaa5MoX86d4qtL C7J78iDX+cPHxC2if9o3Ain+25o8PAnP5DSst2NrhpTjBJUSBCwbwwmEUe5aNrli RxcILbedUZsFwmEQkOf1oMZUZcRoFLcR337fVbLDDbMekcaHj83H483n2E48uDiR FltAnTxktWxnksfbjffuXEwwumUoIhly0GDrhvVnGYAkva4+avzvfClAi2vKSzVo 51G4iEzPvihSkb5xhGSVyDMX2TzJ41oK7AAsX7hOzIXC0Uc0n3beoB8OTFQFfimk mECDgsy8xAfPl1BT3jl/yu2grX7PFkjQYVb3+SkoDxsdZj8qnQ1xo6hE0Dan0d1M wXV1BQX7X/3higmV7aqdEnrEEMtvfuAsn5zbWW+Oim8mAKNVS2y18HxQZMUKXH4o BlCCzXbbRpjoOwz0wVALwn1/k9C6EA08lDY3mckMimmaUAv3bNf6ejHI6+7dPZvz kfXJOsc9dCfXaD/Q3LnzcxmqyJkL/ubdDLLffFLY2TQvqRAL4NKhIpaYXg8uwZpg UUQcduPCJJrZnKLoqDyjObkCDQRagXI8ARAAwY8xYozAl+JwmbQek6BSR3ZRuX9o kXmJqUc8SLLBSZd7uIvz43OwKgcqsu4I6TlNg2OoCWUku9Zdg5JJlTUk0UT5xKGj TBqh1TMR04Re/z7cORRi5yrKMjMcEqK0qQncREZotzWshhSdVS2+KutZBU/31q3b VJM6abCyYK1r1S4JX39NbAcTXwiinPTDj6rcxUu9mUAIhuMmIEoeiLt8VcvSBKOo 9bn7HT/BpnUYv1XFx1ZCxn/DpkSmbh8pJcGoYmtq+aFbdeE9cpZy0pkuqYHVohPH EsuMczvcbFWcvHTIDIKEhj7QcG7mrVFf5ovayC7z+fkyqExNrHJIvm3LMqVtfn6a HpJvyzy3+tQH3uFu4EoFyb8xHQz9AzJfgDadAN+kS0kkLFU++Ry2IKhHTjcK+1He oHQBYB9m9lN9C6Aew6rrifrLnL/D1JT+ITyZP6Arpo0kTtdzNPeMpZLmjsw/38w9 i7ADeCxO/XKb3PJ5PDM7RgKFkDtITTEZ3iQqnedms62WtsYfOBLpxRTAsvOFNBoE z7eXLj8mpmQsYeW+2dy+WlEUjMiyuUKkLqT8gb+9eD7V6TkkViepFL5cvBARK6Uo fsflD6CIhcWNZEdxKGZDHH0WDAKDnAhRe7nBps7iF+pEKUWvrIzoKgn2/ajMMe07 erwz7uwf11rRkr8AEQEAAYkEbAQYAQoAIBYhBLwoVhoW3C2lUiulZOn6juWbjCW5 BQJagXI8AhsCAkAJEOn6juWbjCW5wXQgBBkBCgAdFiEEfn/w9hBOX8M20/tBZvjf edEHACwFAlqBcjwACgkQZvjfedEHACyUphAAsBg2ZEgm22FWI/MgzNbg8XbxdO1I YRS/vBr1oMGtZobhwiy6sG55RSLuWW+/wTey5/PhF3uee+ntHznQPeZ8j6CXZhSI SG6mfDIFnL41lFjqgZT6sLNCsMtwQjtU+irrWl/epG5+KBM047+ftdSbXdGT8N87 LiM5Qw4rM/0Kpi0oPwFgcX/mtL9CckeHDPXEyehk9prIo1nos/7x3NSNjV0b0omw Cxs7UtGOkFciZhZ5DuLT6oAg0CdFtED8iS1tIZMFcjCqLueOFzQYMS/kt8jQY2HA 1VSYPn686m66nviuymrTQ8J71odEORNFJ10f9GgO0aOiu7aOTwetI/W3k1Q1zutf 2pa5Wzi9SPbrVsE3B31/OegWPhIvujyzOxEGKXX2kYbVCqvCT4SXOMBoG19V/9gF a1G6ogy5huSL0w8axk2QGX8OgPjSwvOhTBR5LOkZ3Cmc1rv8I7l4anAFsnRZHQxH xdo/yvPr2C1E2eadWwXRkouAM+TMRSITdQnzfkhbP3iGy6PFDnrXG30j4SPrSWn2 hkf0ZuuG6zrfrzRCG0uYqUxQ0OcXg4Yi5SuoxGYEFaGz8Ouy6F/QmzIGGc4QT0/m 5AxGAPqk5SomjkbZ45eIgNhDS7ThUOhYKtdYPScXW9DPurpMAtTmnJ9pJzsFrsA4 l8sp/AxH6E4uhr53Yg/6ApFi7T5lMXtNiD5+juiGc0DNjkFPaACxvn0dWWio6gfc nJqc0PI0EdlXkjX08nJ30G4+cg0MQK/CZkRiFy8Do3t2f+UnP+/9ltMNVdjZ0OZx cyJIQ1vBDIFfK8QCGXrlh/HXYFnHHgWo3tAG/VgZpUYI0MfGmEoYoIshxw88GPF5 WtykLC2f21xShFJlKI9pFJKK/IdKv4TXW9bcglFJixBnOkx4UYKPxwiLBc2oe0X7 kUD2vdbwPTsSGbIwucYwlhzVtl0btA5ptnVSGCDRLg2l7r4lRvDi0/ed3h84ROZv 9l5FmK55B3kwfOMK9xScg24oaib130FNP7JFkHhvBDLMmsT/bGMvedLnq+2skmpx TA9fwu7tLxMIHo+b0TYBsTwMOJAA0XmQyFUw8H+S+lOJmZohNhFYVdxx6L6Wt+FI VzFNXAXgxX1cslhfSVZUtTdc8fv6J8MIFGN2+uE45i56QCfo3K+7nGYkc8VSPzBW R3AWMu9bhj359MZrMHHPGltrUh4gDnPA02JrHJKRgjBBXZhIdu+yOIaxLtHvvxMT aUzs/AeFWkHOHJYe8lQVSvQLVstFft36weVGmvAx1FEOkjU1CFsdl8HKxiC+gmh7 qBWEveiQTmAi1S41h4bLFkvtme+EwvRmBUob2pG8mJQWgmj12NYE0ZCY4ezXn7K5 Ag0EWoFydQEQAMCsFhju6Y6w+a8IcN8oQ+A5WwpA38ypytHyJbLFi+dHOTU//9sP T6VRlC1D5/K7cgHgsLuIca3Ac6Dyy9b7HqoeHhtfKUtcYMFcVe6pFIITdGWk7XPo L8/bJOpkJHXgJcvWrwTn/9O/rKzfVPdML93z2+Fyz2Pc4w8NbeOkViuTukaSmfyp JnmoFbrNGfjxHB1CdtckG6sHuH0ud4IrNaugM92Yx7Bg0oz3yfnsa57FcjPwWX3q TSUvhTpz8e1dzDV4APnpYsJ6MkrCg5N1KPkXfzSnR4Im1vZ3SucUTt9nIeWiEUXk 76AfXH+yaEZk3Xlx0G+6TaSTlO9CuOm4h6PTmOUNTMG0sU7+Xd8r98c3Y9pm3lFZ PA8YmFv+X9PtLira9Tg0K93JnMTtjgODHU7qbNJdJdSZrunSES5LsJC2D1gXOyof VysqBVuIFRmoh5PeKLCkAszQfI4ImOKMdf5mHKP7G0IYA74NJKfdtYd0luVtnI/e Gfz2Jt5GJQ98OqEOkogip6O2sl/YrDY+hAjLzE2CPsR0eyjZliKFBfHRPR0hG+uL Btu8R4GtCYO2CYb2zP9tpwLGWT0NnOei8YOAplCTS3dhR6Xw7gPeDIclFbLSNL2O KH7dJPeIXbK0rh4s8W9WkyhgrhSGrp8da3GP6TfbjC11tsDHzMOybLd5ABEBAAGJ AjYEGAEKACAWIQS8KFYaFtwtpVIrpWTp+o7lm4wluQUCWoFydQIbDAAKCRDp+o7l m4wluSYKD/4jSUbIpBp9zeFgMcSf2/nPs0Bfz/zVMeVFr851F1gdqGXdiN/gztyN Hujjnsj/VfKJmn1ajqio9+OsXaAFmAsW6WkHG0svZec/RZywu/wLlsqD3NvEei+C Ui09WKD9Ej/j3yY+vEYMqCxqDqB+5S5GaHHZ++cta7N+DqDxRPC3TQllZumBey0D CggyjTByY39EoXcf0H0YTcKzW4c89gavw9PSZ7yypyscMBtQVg5ern1aA0hJJB1W HKeCMzmwyXXefQE3D3ZR5V78/Og45ZadbloAZ0a6fIW5W1m4ILZc3z3UZyd3P3MQ jgzP8gyr50Ecyf7iR5FHgXXG05d+vo2UwtXwWU9QhRpNo+5nG/HtVsNfNGP78+3H yAMJj478pvhUAW2jjgmBr/gU0qc79fywqkxU/K1YwDPFQ6TRj95WtGt7QUZSADXK pLHyskwrBXXoJw+rFfjd7nKMPYTP4w7d0SXJ8C4mg5SvcWFWQ8nCQT8b7EKg2B8O gBN1CeyxFLJqTxB0BKlHgbiikTELhjo/jbmjYqzenJ48hbDEPUWR6S62JasS6rjv xLZ4LWG61agcUaAMl58Y+ANJdT/uoFgWZ9Obx2gBiLo9NXyKa+PTwc32SUhyeQg5 AK0UxhxkYgOC4nWaRg4CW8rDh033rZfjU9ZQuMuqBz4vwOJHRvMnp7kCDQRagXKi ARAAu5FQXgcd3nMTiqFknghGRxXtkGdG3tPbkOiY7KGgZ5tixzUYN/tI7tHa0nUZ ZxzZny/EvDSs0g9khSx8FxqneKY/CBkEQKSS2x4809qIjQMpWEHhI0iShY7AvNdr Z832t8ruxBj7sLos+VhgXjVnproA2hsu/FE1XYMHuOn0pApmEq3zq2IAmEYYC1Du LNCZv6R+7vqtIhszX5aXAhs/EIH2dg3eZaLpqTJprMA0/cXvfsMo8mZmKr0ZR9Sl WytfQUiYSnU8FfAute/ul/6bHT1bvZziFGhxCel9AcmokLyL50RyLujCk7LHz8JD BGthmuiO21W4jv4oHgmjrp8+4vrDy7qc+qcJcUz6kteXLtyiICccIMHbAiS8q0Nc ido2llTdzyoQc5SWgHH5/YRBhpRU7RIMeI5GsvMT2h6YEPEH4vmgwxel4IHbRWth sW/KW9hUq8bqBaEzXYi5wdsQyOKjBdtdbskaF+vODPVlzZuC3TbnAOdpAwlyQuwz sno6e06GhcioGQFlgEmB7HrepyLxcvHIgIlUtLX4zHrydRsBctM52+x8dmM5gA4C JwmDXGk/USjc/9zmxWgb5WwMHAnigd+IDsn7U8Gb19U9xuPVxkF+eDO3qvLSJU15 /Ami/FX/6tQ/AaLJG0HzV8qS7O6STYK6XinGhjCMBLL3Ce0AEQEAAYkCNgQYAQoA IBYhBLwoVhoW3C2lUiulZOn6juWbjCW5BQJagXKiAhsgAAoJEOn6juWbjCW5ucsP /2/QCZmM882VNZ7LM7y9Vhx/QVj3FVWjSN6oEXeHrA51N90F1QQCxdrLgoLSWwgP q6pOr5mQmia6DgUMCQZPM/P9P59KHvuS3w5ugtGhPXzYKHIJ2yyvhhwWHMlAYLEf GwdxZV8aOgOYk8ClA8q1WC+b9KyJ2AFmWLAy5B1UW/wHUuSelC3wnAP5IO0SQ5O6 KiG5m+kY/o89F1tmBIustESHVjy/akhT08HMOPA45zlxJUAInolLggoQc1Tc3nPm xCnH7uL0732FHfzSU8YD5Xzs4Chw5OFo62gKWQBPaRfIwgrJa+B0eEd+Mqd7Mu6d RfY+HnI6z4YHUHmWmDvtjtfkMaYjWuWXcv74m1o7NcRQVU7GxHOcXgMLBqCWbjXs gLDtO0sThzYjz23QRDnHkwP7ogXtKsrvwd0GMOVpzplFJoPC0gWb/+l3j5mOlTWH I10nRxi2gvRGhbklcFfiQz8KBJIrAfOiA1aXyUk57nRLZQRSXC20wSjHL2LwepO5 C1yUQ5bixot/hYlbYBAIeKt4/CTxn7usyttIPH+dQW/suT7qFlPnvuJrDHBUkRM9 0fvggR284sfjFW9HU8BwrHAhmrWbKjePQN+G/r/hiPtnPEmMBuIaLRjKEQM3f7yi HRWknIxqPS3he6mP4QtVQOxTs4xEvkM+y4KICQpFZsXL =kfcS -----END PGP PUBLIC KEY BLOCK-----
So there is typically a shell request task, and then the ops team approves the access to root and ops groups. We went ahead and just had our ops meeting, and have pre-approved the access that will be needed (root, sudo, ops groups, etc) are all approved in meeting.
Change 409844 merged by Muehlenhoff:
[operations/puppet@production] Add vgutierrez shell account
Change 410168 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] Add vgutierrez to ops group
Change 410168 merged by BBlack:
[operations/puppet@production] Add vgutierrez to ops group
added to "WMF-NDA" in Phabricator
https://phabricator.wikimedia.org/project/members/61/
This should let you see all the private tickets.
subscribed you to both ops mailing lists (others like wikitech-l are optional and self-service)
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
regarding the mail aliases.. since you have the shell access now you can take a look on the host puppetmaster1001, in:
[puppetmaster1001:/srv/private/modules/privateexim/files/wikimedia.org
and add yourself to aliases you are interested in. the main thing is that you are expected to be on root@. There is also security@ there and others like peering@
You can edit that file as root and then git commit and it should just work. Also feel free to ping me with any questions regarding that.
please take a look at
https://office.wikimedia.org/wiki/Office_IT/Calendars#Human_calendars
and check that you can see the "Ops Maintenance & contracts" calendar.
please also go to: https://groups.google.com/a/wikimedia.org/forum/#!forum/ops-maintenance
and check that you can use that Google group
if those works that resolves the checkbox " Access to Googlel group for maint-announce mails"
great! :)
typo on my email address and got suscribed as vguttierez at wikimedia.org instead of vgutierrez at wikimedia.org. @Dzahn could you fix that? Thanks!
oops. fixed just now!
Successfully subscribed:
vgutierrez
Change 410909 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] Add vgutierrez to icinga sms contactgroup
Change 410909 merged by Vgutierrez:
[operations/puppet@production] nagios_common: Add vgutierrez to icinga sms contactgroup
Change 410933 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] icinga: grant vgutierrez permissions to run commands
Change 410933 merged by Dzahn:
[operations/puppet@production] icinga: grant vgutierrez permissions to run commands
@Vgutierrez re: Icinga command permissions. should be all done. the ultimate test is if you try a "schedule downtime" or "disable/enable notifications" or "send acknowledgement" for something from the Icinga web ui. caveat is that auth_ldap will let you login with and without capitalization but to get the permissions above you need to match the "cn" from LDAP, so capitalized. With the other version you would still be logged in but not have the permissions.