Page MenuHomePhabricator

SRE Onboarding - Ryan Kemper, Search Platform team
Closed, ResolvedPublic

Description

Ryan is starting on May 1 2020 with onboarding buddies Trey and Keith

Event Timeline

herron created this task.Apr 30 2020, 8:36 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 30 2020, 8:36 PM
herron triaged this task as High priority.Apr 30 2020, 8:37 PM
herron updated the task description. (Show Details)Fri, May 1, 10:02 PM

My Phabricator user (Rkemper) is up. I held off on enabling 2FA per the documentation.

Still need to do the phabricator permissions (NDA, etc) - I'm guessing another SRE might need to add me to those. Planning on getting that going first thing Monday.

Pre-emptively added user-committed-identity-hash here: https://meta.wikimedia.org/wiki/User:RKemper_(WMF)

So, in a month I can safely flip the 2fa switch without needing to worry about my second factor suddenly dying on me.

RKemper updated the task description. (Show Details)Mon, May 4, 5:14 PM

Phabricator 2FA enabled

herron updated the task description. (Show Details)Mon, May 4, 5:27 PM
herron updated the task description. (Show Details)

Change 594544 had a related patch set uploaded (by Herron; owner: Herron):
[operations/puppet@production] admin: add ryankemper to ldap_only_users

https://gerrit.wikimedia.org/r/594544

Change 594544 merged by Herron:
[operations/puppet@production] admin: add ryankemper to ldap_only_users

https://gerrit.wikimedia.org/r/594544

Production SSH Key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHjbEiVf5Z7L4yrqByE9kVcRtR3MTmwyPg65l3LPZc7 rkemper@wikimedia.org

Change 594563 had a related patch set uploaded (by Herron; owner: Herron):
[operations/puppet@production] admin: give ryankemper shell access and add to ops group

https://gerrit.wikimedia.org/r/594563

Mentioned in SAL (#wikimedia-operations) [2020-05-05T20:02:44Z] <herron> added ryankemper to wmf and ops ldap groups T251572

herron updated the task description. (Show Details)Tue, May 5, 8:02 PM

Change 594563 merged by Ryan Kemper:
[operations/puppet@production] admin: give ryankemper shell access and add to ops group

https://gerrit.wikimedia.org/r/594563

herron updated the task description. (Show Details)Tue, May 5, 8:22 PM
RKemper updated the task description. (Show Details)Tue, May 5, 8:35 PM
herron updated the task description. (Show Details)Wed, May 6, 5:54 PM
Dzahn updated the task description. (Show Details)Wed, May 6, 6:01 PM
Dzahn added a subscriber: Dzahn.

added to Google group maint-announce and Google calendar Ops Vendor Maintenance.

Change 594771 had a related patch set uploaded (by Ryan Kemper; owner: Ryan Kemper):
[operations/puppet@production] icinga: grant 'Ryan Kemper' acesss to web UI

https://gerrit.wikimedia.org/r/594771

herron updated the task description. (Show Details)Thu, May 7, 3:39 PM

Change 594771 merged by Ryan Kemper:
[operations/puppet@production] icinga: grant 'Ryan Kemper' access to web UI

https://gerrit.wikimedia.org/r/594771

RKemper updated the task description. (Show Details)Thu, May 7, 5:50 PM

Icinga access is working for me

herron updated the task description. (Show Details)Thu, May 7, 6:17 PM
RKemper updated the task description. (Show Details)Thu, May 7, 9:59 PM

Change 595059 had a related patch set uploaded (by Ryan Kemper; owner: Ryan Kemper):
[operations/puppet@production] icinga: Add rkemper to wdqs-admins, sms

https://gerrit.wikimedia.org/r/595059

RKemper added a comment.EditedThu, May 7, 10:25 PM

QUESTIONS

Initial context:

These questions are around setting up Icinga. I've made the changes on puppetmaster1001 to add my contact to /srv/private like so:

define contact{

contact_name                    rkemper
alias                           Ryan Kemper
host_notification_period        PST_awake_hours
service_notification_period     PST_awake_hours
host_notification_options       d,r,f
service_notification_options    c,r,f
email                           rkemper@wikimedia.org
pager                           +1redacted
address1                       redacted@vtext.com
host_notification_commands      host-notify-by-email,host-notify-by-sms-gateway
service_notification_commands   notify-by-email,notify-by-sms-gateway

}

^ This change is live. Now we need to make the corresponding public puppet repo changes. I've started here: https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/595059

(Question 1) In the public puppet repo, modules/nagios_common/files/contactgroups.cfg contains two entries that definitely apply to me, but contains this third that I think doesn't but I'm not sure:

`define contactgroup {

contactgroup_name   team-interactive
members             irc-interactive,gehel

}
`

Does the above apply to me? Currently assuming 'no'

(Question 2) In the public puppet repo, herron wasn't sure if we should touch modules/nagios_common/files/contacts-labs.cfg or modules/nagios_common/files/contactgroups-labs.cfg. Should we add my entries to those files too?

Dzahn added a comment.Fri, May 8, 7:58 AM

`define contactgroup {

contactgroup_name   team-interactive
members             irc-interactive,gehel

Does the above apply to me? Currently assuming 'no'

It applies to you if you'll hang out on IRC channel #wikimedia-interactive and/or you want to get notifications about alerts regarding the karthoterian service and maps (OSM) servers.

(Question 2) In the public puppet repo, herron wasn't sure if we should touch modules/nagios_common/files/contacts-labs.cfg or modules/nagios_common/files/contactgroups-labs.cfg. Should we add my entries to those files too?

Only if you are going to look at http://shinken.wmflabs.org/problems and want to get notifications about things going bad in labs and services you are working on also exist in labs. If in doubt ask WMCS team, but i think probably not.

Gehel added a comment.Fri, May 8, 8:15 AM

@RKemper : for the moment, you don't need to be in "team-interactive". We can discuss that synchronously, and maybe change it in the future. For the moment, I don't think you need to be in the "labs" alerts either, we can also change this in the future.

Dzahn added a comment.Fri, May 8, 9:48 AM

@RKemper Your email address was ryankemper@ in the mail alias for root@ and wdqs-admins@ but that does not exist (so far). Changed it to rkemper@. You can optionally ask OIT for an alias if you want that.

@Dzahn Oh, thanks for catching/fixing that! rkemper@ is fine.

herron updated the task description. (Show Details)Fri, May 8, 4:20 PM
RKemper added a comment.EditedFri, May 8, 4:30 PM
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBF61iMEBEAC6+rvVR3kAESzZ6jrftpDY8ELofcI4293aPvQWLtNkXCO9geSD
6Qnuz8F1D6Xk0YCx3M8R96uJ0XjLgx3KE7ivqg3qn1YYgUOGCkJ+YbN6aa0YAUa7
VYTDCNpCL8IBhEMhWSqnPiwX4K6IAguPR4IFxQeMHVt0G5wv4QcpcrjF3OO6VQuB
yhcZrnr8K7cQWH6xbUl0F6PiRec7ThadpYUcT3elIb1rFL2YVjlGKHT/gG4khZNu
piY8QxfarWDkMt8jAsU0vFcPU1cdfv+C1Ax0NCm1c0B6zWyCM+9x9hGYcUO+L5Fz
LGjHsSP0WKElpQdo0e2tmfuaywjIYK1oD191zXYjtbgbKbhUWd8g3KRgsY42jsZ/
uWxt9AITwFbt+i6bxhjQpac2COpXPr5PUCloLejh3Kxoa9BzQ3Ext1Bea8yxZFbN
zPIgCl00yPTyhEBcvOjyoB5pmJRqbin3j0II0Yc7XnxCtWgW+I3TSgLQQ60rF0/m
U4J6C/PWPr52SNJr6FnLZCp6SEjgHMl5zq6xe0yX8nyTktBkNmlpdElscgv1zO6q
+iVeV1YKEgBCh7MaC041nYBqPU42WMWJmmbBDOUVohGNBn8SEFnSpwQQa+G/3TeD
s3slchPOxX3ChZeDRNacj+5AHoSZoTRMv8oYqo8O1kIkvq4CtjhjHn4OowARAQAB
tCNSeWFuIEtlbXBlciA8cmtlbXBlckB3aWtpbWVkaWEub3JnPokCVAQTAQgAPgIb
AwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBPw6kzWUx3F8oBAHDDWnC9nmRUf3
BQJetY6WBQkB4TlVAAoJEDWnC9nmRUf33tUQAIp/PaTbPfNK4W2148tPDhNOHuAq
hujJNncGHuZQ5u2BIw7LpCt7mKDeHoX1LCJIs3/MC/wp0qwn8/KLxYlAmFaYkhvF
j4b5lY0QtrvZU/Id+EWqDcGOseLl+/poyl3znmFxkYbOWkfbMd/vp7TwZLyk+jiu
gAuSfAenWm+JHhcTVa8hon4SUgHlidJp6ab8b1SxuBcBXIm5Ssc1Vwel/TIt93nx
NqhitAev/GRDozyU8wpCknejRSse6xeFKVDbg64i/5lsxMvvpppLWfbKYN2joUjl
q08uZxtY6y51GrcyIXuFApPcm76wLujwdZtsYr5gH+WU+aKC9OQ936UrvRkenTOa
kbdVFoiwwS+gVEFFG3zip1Itktkps67CAjHl4UEKKM814FFxzdQwDyFQ2F1iZF/k
Iw7QWTrlAMXtDGC8pVB/Wa2r/770hlb0hLCJffQdXjLLctF3clL/BirqcMMQxN04
mVJqN1H8PqcigbmDqsF5k9wfodDMYksrsOON68cPSyZB1Og8eVUZ/JeaS/q0blUt
ySe6WCu40bB8Bfh/EQ3EwO6MespcZ7nDV6HwRNElA6y3Pz+N9MsKRvKHA7uXMJQQ
am2/Bk5KtlS6vEUHP8oShsnGXcNr6s78S4pGW2Wn2JHjGSrYRKba1wtN+KZMbuDD
tRO9mL3jytCdE+NFuQINBF61iMEBEADFBRiW+FWYRGiWpX2ia/bwen2jCazQcBnP
QipajsafSJu+Xneu8irtZamdHjav6bRUkFeqOJW58EAFB1bD6Gvhs3UVvFga609X
/qv5NYN23gqV+9m87N4OeuvgrcFFH1buBt2I84tmL6dT2+S23wrkiRSWH5w9cAJR
euXMQRmiDniCybl083MNKV8omGLMsdsYNQShgN0SbktTQ4lRZrCsnPjtzq1xMmZw
epwi3XKUtBgSXxWsNgE6Zjgp0Q9VUwxpKXeDTbl30oinvfUeG0u4OQPCSoWzomlL
1vk377hKa8RGl6x6mbdOjwsOmn3C6MVCL4KIAykPm/qTuNF+X46EG5rR5yJvedMF
+HQEKbvWV2K3PXG0ymsf5CX0qGbXyZvsU9QXcPZvmMUduEzB8fc033IYdn4w6WTW
Bm6b7hromofNR3/0nkDOfjANygve3BF0WR1/7QDG0/BFH8xNnrEjR0PmKX9erdPN
+/2ARgqT7WCZoNDEF7eYanUZKOK6Tvlcwda9je0Y7m/Gj6pX1FYB65Oa9SWhlsoZ
KMG48T6dsW941XnGyl2us68mU8uRShXgXIZPC/BcNhnWSE+y1LpXmwnuTe5GMohy
ROG+fi2liAkgGGMd+MCKww0WPSN54nzezKy1xNpq63ptt6bkHHbKaBC1CluhveKy
E/G88VyYPwARAQABiQI2BBgBCAAgFiEE/DqTNZTHcXygEAcMNacL2eZFR/cFAl61
iMECGwwACgkQNacL2eZFR/dgpQ//RzSIIXom1lzBtzdkwIKw8ASrDmL7UjJpea4r
Llw6SXgATNXByJQ0dQxz2YqpdzrN6bW5FjIEy6VNcXCXDcRNAK7srLXs4Z/UJ5YS
DxNa+QtwqkV9TrAcfjFM3yEz7gpCZaNab0vVa0utrfM0sdEdymz3IGEEaq01GzSp
eYyLf4wK7BSeAigffEwIk9GtmIrFOvP7Nv4hPZ0y2Wqexgz7JqvIb+X1c8zDVwxr
rn9pBfcjJEDgkcgforV8rmgEOCBkTGJOq3GvKSds+cV5IJ5tr98Ty4r+76eObCHC
DDRKDwA9yeuX7/8uCjnklnxO/KBnYYvSK1Try8JtLff947a2AThlg73WA8g598up
7Hn8fO3IJCIL18RL4OKPw4fb9ozU0t7E7dbfzplxllih27NBFSJX45JSkVtBm5hu
Zt/j1XjFgy655gLaQSg932gZywOmJxdRF7J3yLquBWX+nLt/ivWIWqxSI2VZIfSI
bOcCvl7IVQGSnT+F6AnVpWK/wwXKmXFLHQzU/b1oh6sy+KNmK9T+uPZU8HLm0LhQ
wdkxL7CYc5gCY+qDvTxCW8Daxvxz7lt5AolTA/KP4iY3cs8yvxDD6wottUP+QTOn
hVDXELU7HGNrRjT67QLsrce5LdA0WDmy5WcOboqTsCVJHCo7ns1+2QYIWBXrT0yP
pW6OTe0=
=Mwdb
-----END PGP PUBLIC KEY BLOCK-----

Change 595059 merged by Gehel:
[operations/puppet@production] icinga: Add rkemper to wdqs-admins, sms

https://gerrit.wikimedia.org/r/595059

Dzahn updated the task description. (Show Details)EditedTue, May 12, 12:51 PM

Added Ryan to pwstore in the ops group after importing his key and checking it had a signature from Keith.

@RKemper You should now be able to git pull and decrypt files in pwstore.

herron closed this task as Resolved.Mon, May 18, 6:36 PM
herron updated the task description. (Show Details)

Per IRC convo with @RKemper we'll defer the U2F setup for a later date, unless that component becomes mandatory. Updated the description accordingly, and with that said I think we're all good here!