- Create Wikitech wiki (LDAP) user - https://wikitech.wikimedia.org
- Phabricator User + 2FA | confirm login works on https://phabricator.wikimedia.org/ and setup 2fa
- Phabricator permissions to see NDA and Ops restricted tickets, and added to trusted users for antivandal exempt: https://phabricator.wikimedia.org/project/profile/29/ https://phabricator.wikimedia.org/project/profile/61/ https://phabricator.wikimedia.org/project/profile/974/
- Add to private IRC channels https://office.wikimedia.org/wiki/IRC#Channel_operators_commands
- Add to ops mailing lists (ops and ops-private minimum requirements) | https://lists.wikimedia.org/mailman/listinfo/ops
- Add to Exim mail aliases (root via private.git:modules/privateexim/files/wikimedia.org)
- Icinga contact in private.git (requires shell access, private puppet repo)
- Icinga user and permissions (icinga commands, test privileges to run commands on hosts/services (public puppet repo)
- Phone/pager setup (addition to the Icinga contact)
- Add to wmf and ops LDAP groups (for web services) | requires Wikitech user and shell access
- Access to Office Wiki (OIT grants that) | 18:38, 11 October 2019 User account RLazarus (WMF) talk contribs was created .. | please confirm login works https://office.wikimedia.org
- Gerrit login and +2 on operations/puppet (this is automatic from being added to LDAP groups above) | confirm login on https://gerrit.wikimedia.org and ability to +2 in operations/puppet repo
- Create shell user (can connect to bastions) | please create a SSH key for this and paste the public part
- server root shell (membership in ops group) | change in public puppet repo in admins module | https://gerrit.wikimedia.org/r/c/operations/puppet/+/543204
- Access to pwstore | please create a GPG key for this and have it signed by >= 2 others
- Access to Google group for maint-announce mails (directly added user via "web only partecipation" option from https://groups.google.com/a/wikimedia.org/forum/#!managemembers/ops-maintenance/add though anyone in wikimedia org should be able to join)
- Add to "Ops vendor maintenance" Calendar
Description
Details
Event Timeline
Hello Reuven and welcome to the team!
this is your onboarding ticket. Let's start things with creating a Wikimedia Developer account for you.
Please see https://wikitech.wikimedia.org/w/index.php?title=Special:CreateAccount&returnto=Main+Page and register a user.
You'll have to pick a wiki user and a shell user name. You may want to take some time to decide because they are relatively hard to change once they are created and will be part of wiki and git history.
Cheers,
Daniel
- added to maint-announce shared inbox / Google group
- added to "Ops vendor maintenance" calendar and permissions
Hi, Reuven here! LDAP user created, and I just set up 2FA on this Phabricator account. I'll see what else I can do from this checklist on my own.
Very nice. Welcome @RLazarus! I'll upload a change to code review to create your shell account. Could you create a SSH key pair and paste the public part here on ticket? Also feel free to come to IRC and ping so we can add you to some public and private channels. Cheers, Daniel
Here's the SSH public key:
$ ssh-keygen -t ed25519 $ cat /home/rlazarus/.ssh/id_ed25519.pub ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtpkeKO3QRiK4rGMkCX5u3T55PPWGId+GFPraW0aNLR rlazarus@rlazarus
And here's the as-yet unsigned GPG fingerprint:
$ gpg --fingerprint 6E82BDE26FB4C28628FFA9A7D2A62155895EABB3 pub rsa4096 2019-10-15 [SC] [expires: 2020-10-14] 6E82 BDE2 6FB4 C286 28FF A9A7 D2A6 2155 895E ABB3 uid [ultimate] Reuven Lazarus <rlazarus@wikimedia.org> sub rsa4096 2019-10-15 [E] [expires: 2020-10-14]
Change 543194 had a related patch set uploaded (by RLazarus; owner: RLazarus):
[operations/puppet@production] nagios_common: Add rlazarus to sms contactgroup
Change 543197 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] admins: add Reuven Lazarus to ldap_only_admins
Change 543197 merged by Dzahn:
[operations/puppet@production] admins: add Reuven Lazarus to ldap_only_admins
Mentioned in SAL (#wikimedia-operations) [2019-10-15T19:07:11Z] <mutante> LDAP - adding user rzl to groups wmf and ops (T235215)
Change 543200 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] icinga: give command permissions to RLazarus
Change 543200 merged by RLazarus:
[operations/puppet@production] icinga: give command permissions to RLazarus
Change 543204 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] admins: add shell account for Reuven Lazarus
Change 543194 merged by Dzahn:
[operations/puppet@production] nagios_common: Add rlazarus to sms contactgroup
Change 543204 merged by Dzahn:
[operations/puppet@production] admins: add shell account for Reuven Lazarus