⚓ T251572 SRE Onboarding - Ryan Kemper, Search Platform team

Subject	Repo	Branch	Lines +/-
icinga: Add rkemper to wdqs-admins, sms	operations/puppet	production	+2 -2
icinga: grant 'Ryan Kemper' access to web UI	operations/puppet	production	+4 -4
admin: give ryankemper shell access and add to ops group	operations/puppet	production	+9 -5
admin: add ryankemper to ldap_only_users	operations/puppet	production	+4 -0

		Status	Subtype	Assigned	Task
		Resolved		Gehel	T251149 [epic] Ryan's onboarding to the Search Platform team
		Resolved		herron	T251572 SRE Onboarding - Ryan Kemper, Search Platform team

herron created this task.Apr 30 2020, 8:36 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 30 2020, 8:36 PM

herron triaged this task as High priority.Apr 30 2020, 8:37 PM

herron updated the task description. (Show Details)May 1 2020, 10:02 PM

My Phabricator user (Rkemper) is up. I held off on enabling 2FA per the documentation.

Still need to do the phabricator permissions (NDA, etc) - I'm guessing another SRE might need to add me to those. Planning on getting that going first thing Monday.

Pre-emptively added user-committed-identity-hash here: https://meta.wikimedia.org/wiki/User:RKemper_(WMF)

So, in a month I can safely flip the 2fa switch without needing to worry about my second factor suddenly dying on me.

Phabricator 2FA enabled

herron updated the task description. (Show Details)May 4 2020, 5:27 PM

herron updated the task description. (Show Details)

Change 594544 had a related patch set uploaded (by Herron; owner: Herron):
[operations/puppet@production] admin: add ryankemper to ldap_only_users

https://gerrit.wikimedia.org/r/594544

gerritbot added a project: Patch-For-Review.May 5 2020, 6:22 PM

Change 594544 merged by Herron:
[operations/puppet@production] admin: add ryankemper to ldap_only_users

https://gerrit.wikimedia.org/r/594544

Maintenance_bot removed a project: Patch-For-Review.May 5 2020, 7:10 PM

Production SSH Key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHjbEiVf5Z7L4yrqByE9kVcRtR3MTmwyPg65l3LPZc7 rkemper@wikimedia.org

Change 594563 had a related patch set uploaded (by Herron; owner: Herron):
[operations/puppet@production] admin: give ryankemper shell access and add to ops group

https://gerrit.wikimedia.org/r/594563

gerritbot added a project: Patch-For-Review.May 5 2020, 7:58 PM

Mentioned in SAL (#wikimedia-operations) [2020-05-05T20:02:44Z] <herron> added ryankemper to wmf and ops ldap groups T251572

herron updated the task description. (Show Details)May 5 2020, 8:02 PM

Change 594563 merged by Ryan Kemper:
[operations/puppet@production] admin: give ryankemper shell access and add to ops group

https://gerrit.wikimedia.org/r/594563

herron updated the task description. (Show Details)May 5 2020, 8:22 PM

RKemper updated the task description. (Show Details)May 5 2020, 8:35 PM

Maintenance_bot removed a project: Patch-For-Review.May 5 2020, 9:10 PM

herron updated the task description. (Show Details)May 6 2020, 5:54 PM

added to Google group maint-announce and Google calendar Ops Vendor Maintenance.

Change 594771 had a related patch set uploaded (by Ryan Kemper; owner: Ryan Kemper):
[operations/puppet@production] icinga: grant 'Ryan Kemper' acesss to web UI

https://gerrit.wikimedia.org/r/594771

gerritbot added a project: Patch-For-Review.May 6 2020, 11:09 PM

herron updated the task description. (Show Details)May 7 2020, 3:39 PM

Change 594771 merged by Ryan Kemper:
[operations/puppet@production] icinga: grant 'Ryan Kemper' access to web UI

https://gerrit.wikimedia.org/r/594771

Icinga access is working for me

Maintenance_bot removed a project: Patch-For-Review.May 7 2020, 6:10 PM

herron updated the task description. (Show Details)May 7 2020, 6:17 PM

RKemper updated the task description. (Show Details)May 7 2020, 9:59 PM

Change 595059 had a related patch set uploaded (by Ryan Kemper; owner: Ryan Kemper):
[operations/puppet@production] icinga: Add rkemper to wdqs-admins, sms

https://gerrit.wikimedia.org/r/595059

gerritbot added a project: Patch-For-Review.May 7 2020, 10:22 PM

QUESTIONS

Initial context:

These questions are around setting up Icinga. I've made the changes on puppetmaster1001 to add my contact to /srv/private like so:

define contact{

contact_name                    rkemper
alias                           Ryan Kemper
host_notification_period        PST_awake_hours
service_notification_period     PST_awake_hours
host_notification_options       d,r,f
service_notification_options    c,r,f
email                           rkemper@wikimedia.org
pager                           +1redacted
address1                       redacted@vtext.com
host_notification_commands      host-notify-by-email,host-notify-by-sms-gateway
service_notification_commands   notify-by-email,notify-by-sms-gateway

}

^ This change is live. Now we need to make the corresponding public puppet repo changes. I've started here: https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/595059

(Question 1) In the public puppet repo, modules/nagios_common/files/contactgroups.cfg contains two entries that definitely apply to me, but contains this third that I think doesn't but I'm not sure:

`define contactgroup {

contactgroup_name   team-interactive
members             irc-interactive,gehel

}
`

Does the above apply to me? Currently assuming 'no'

(Question 2) In the public puppet repo, herron wasn't sure if we should touch modules/nagios_common/files/contacts-labs.cfg or modules/nagios_common/files/contactgroups-labs.cfg. Should we add my entries to those files too?

In T251572#6117851, @RKemper wrote:
`define contactgroup {
contactgroup_name   team-interactive
members             irc-interactive,gehel

Does the above apply to me? Currently assuming 'no'

It applies to you if you'll hang out on IRC channel #wikimedia-interactive and/or you want to get notifications about alerts regarding the karthoterian service and maps (OSM) servers.

(Question 2) In the public puppet repo, herron wasn't sure if we should touch modules/nagios_common/files/contacts-labs.cfg or modules/nagios_common/files/contactgroups-labs.cfg. Should we add my entries to those files too?

Only if you are going to look at http://shinken.wmflabs.org/problems and want to get notifications about things going bad in labs and services you are working on also exist in labs. If in doubt ask WMCS team, but i think probably not.

@RKemper : for the moment, you don't need to be in "team-interactive". We can discuss that synchronously, and maybe change it in the future. For the moment, I don't think you need to be in the "labs" alerts either, we can also change this in the future.

@RKemper Your email address was ryankemper@ in the mail alias for root@ and wdqs-admins@ but that does not exist (so far). Changed it to rkemper@. You can optionally ask OIT for an alias if you want that.

@Dzahn Oh, thanks for catching/fixing that! rkemper@ is fine.

herron updated the task description. (Show Details)May 8 2020, 4:20 PM

Change 595059 merged by Gehel:
[operations/puppet@production] icinga: Add rkemper to wdqs-admins, sms

https://gerrit.wikimedia.org/r/595059

Maintenance_bot removed a project: Patch-For-Review.May 11 2020, 10:10 AM

Added Ryan to pwstore in the ops group after importing his key and checking it had a signature from Keith.

@RKemper You should now be able to git pull and decrypt files in pwstore.

Per IRC convo with @RKemper we'll defer the U2F setup for a later date, unless that component becomes mandatory. Updated the description accordingly, and with that said I think we're all good here!

SRE Onboarding - Ryan Kemper, Search Platform team
Closed, ResolvedPublic
Actions

Description

Details

Related Objects
Search...

Event Timeline

SRE Onboarding - Ryan Kemper, Search Platform teamClosed, ResolvedPublicActions

Description

Details

Related ObjectsSearch...

Event Timeline

SRE Onboarding - Ryan Kemper, Search Platform team
Closed, ResolvedPublic
Actions

Related Objects
Search...