You are browsing a read-only backup copy of Wikitech. The primary site can be found at wikitech.wikimedia.org

Adding users on puppet

From Wikitech-static
Revision as of 11:43, 11 September 2018 by imported>Mark Bergsma (→‎Merging and testing changes on Puppet: add current puppetmasters)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

The following steps will help you prepare your local puppet repo and add a new user (or yourself).

Preparation

Request Shell Access

Before everything else, you need to request shell access.

Accounts

Make sure you have an account on Gerrit.

Phabricator

Find the corresponding Phabricator task.

LDAP

Your onboarding person or someone with access should provide you with your ldap user id (uid)

Git

  • Clone operations/puppet
 $ git clone ssh://shell_user@gerrit.wikimedia.org:29418/operations/puppet
  • Create global review alias. Remote for everything is master
 $ git config --global alias.review "push origin HEAD:refs/for/master"
  • Create a local review alias for operations/puppet. Master branch is production
 $ git config alias.review "push origin HEAD:refs/for/production"

Do not use git-review!

Adding a user

Edit data.yaml

Open modules/admin/data/data.yaml for editing and add a new block under the users key.

Committing changes and review

  • Add files
 $ git add modules/admin/data/data.yaml
  • Run git commit using the following message format (note the empty line before Bug) where admin is the name of the puppet module and Bug is the corresponding phabricator task number
  admin: added user <shell_user>
                                                     
  Bug: <Phabricatior task #>'
 rbenv exec bundle exec rake test  
  • Push for review
 $ git review
  • Git will complaining that it's missing the pre-commit hook. Follow the instructions to install it and try again.

This will publish on #wikimedia-operations the Gerrit url with your change and and trigger the operations-puppet-tests-docker Jenkins job which performs validations. If the job is successful your patch will move to the review queue. If a reviewer is happy with your patch, they will merge it.

The Gerrit part

After running git review, you should get a Gerrit url.

  • Click "Reply" and add +2 on "Code-Review" (or +1, your onboarding buddy will help)
  • If you have run Puppet_coding#Jenkins_dry_run_build, you can add the url with the report as a comment
  • If the "Submit" button is visible and blue, click it to merge the change
    • If not, you will need to rebase first, add +2 and then click "Submit"

If something goes wrong

Sometimes maybe either something goes wrong with your commit e.g. Jenkins gives it -1, or a reviewer finds issues, you will need to upload another patchset.

  • Go back to your local repo and make all changes required
  • $ git --amend
  • $ git review
  • Rinse and repeat if required

Merging and testing changes on Puppet

Your onboarding buddy will do the following steps for you. The same process is for all puppet changes.

  • ssh to a puppetmaster (try puppetmaster1001.eqiad.wmnet or puppetmaster2001.codfw.wmnet)
  • Run puppet-merge
 $ sudo puppet-merge
  • ssh to a bastion and run puppet (this is for testing that everything works)
 $ sudo puppet agent -tv
  • You should be able to ssh to a bastion!

Syncing your local repo

Using rebase

  • git pull --rebase
    • If that fails, you should do
 $ git rebase --abort 
 $ git reset --hard origin

Using checkout

 $ git checkout production
 $ git reset --hard origin
 $ git pull origin

See also