Infrastructure Apprentice

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
(Update Nagios alerts)
(add some workflow items)
(4 intermediate revisions by 3 users not shown)
Line 5: Line 5:
 
== Access to many infrastructure machines ==
 
== Access to many infrastructure machines ==
  
Members of the fi-apprentice group have ssh/shell access to many machines, but no sudo rights or ability to commit to puppet (but they do have read-only puppet access). Access is via the bastion.fedoraproject.org machine and from there to each machine. Exceptions to this access are: backups*, db*, fas*, sign*, rel* and compose*, These machines may contain sensitive data and are almost always in a production mode.  
+
Members of the fi-apprentice group have ssh/shell access to many machines, but no sudo rights or ability to commit to puppet (but they do have read-only puppet access). Access is via the bastion.fedoraproject.org machine and from there to each machine. See the [[SSH Access Infrastructure SOP]] for more info.. Exceptions to this access are: backups*, db*, fas*, sign*, rel*, ns* and compose*, These machines may contain sensitive data and are almost always in a production mode.  
  
 
== Nagios alerts ==
 
== Nagios alerts ==
Line 13: Line 13:
 
== Regular checkins ==
 
== Regular checkins ==
  
On the first of each month a mentor will mail all the folks in the group. This email will ask what tasks they are working or or interested in, what they are using their access for and if they intend to be active in infrastructure. Please look for and answer these emails as they come to you.  
+
On the first of each month a mentor will mail all the folks in the group. This email will ask what tasks they are working on or interested in, what they are using their access for and if they intend to be active in infrastructure. Please look for and answer these emails as they come to you.
  
 
== Length of membership ==
 
== Length of membership ==
Line 23: Line 23:
 
There are tickets marked with the 'easyfix' keyword that may be suitable for apprentices to learn how things are setup, and also contribute a fix.  
 
There are tickets marked with the 'easyfix' keyword that may be suitable for apprentices to learn how things are setup, and also contribute a fix.  
 
See: https://fedorahosted.org/fedora-infrastructure/report/14 for this report.  
 
See: https://fedorahosted.org/fedora-infrastructure/report/14 for this report.  
 +
 +
=== Working on a ticket workflow ===
 +
 +
* Pick a ticket
 +
 +
Look in https://fedorahosted.org/fedora-infrastructure/report/14 for a ticket that looks interesting to you. If the ticket is already assigned, but hasn't had any action in a while, feel free to ask on ticket if it's still being worked on, and if no reply in a week or so, take it over. Some tickets can be worked on by several people, so feel free to ask in ticket if this is one of those kinds of tasks and what part you can work on.
 +
 +
* Make patch for fix from git puppet repo
 +
 +
Most any task will require changes to puppet. You can check this out on lockbox01 and make edits to your local copy. Apprentices don't have commit privleges, only checkout, so you will need to make your fix, get a patch of it and attach it to the ticket for someone to apply once it's been reviewed. See the http://infrastructure.fedoraproject.org/infra/docs/puppet.txt for how to check out the puppet git repo. Then 'git diff' should provide a patch for you against the current version in git.
 +
 +
* Attach your patch to ticket
 +
 +
Attach your patch to the ticket and add a comment asking someone to review the patch and apply it if it looks good.
 +
 +
== IRC tips ==
 +
 +
One of the primary ways the infrastructure team communicates is via IRC. Here's a few tips to best communicate with the rest of the team:
 +
 +
* Feel free to ask questions when you think of them/run into them, but don't expect everyone to drop what they are doing and answer right then. Please be patient.
 +
 +
* Try and avoid Private messages to specific team members. Instead ask your questions in #fedora-admin or #fedora-noc if at all possible. This allows anyone to help you out and also other folks to see the answer and peer review the answers you get.
 +
 +
* Try and assume best intentions on past decisions. There is often a reason for something being setup the way it is or there's some history behind it. "Have we considered switching from foo to bar?" is great, "Why are you using foo! bar is better, we should switch to it right now" is not.
 +
 +
* Keep in mind many of the infrastructure folks are busy, so do try and avoid 'pinging' them unless there's a specific need or you know they are active in channel. Many people have a IRC 'trigger' that notifies them when someone mentions their nick.
 +
 +
* Being active in IRC and asking questions is a great way to find out how things are setup and gain more trust.
  
 
== Further information ==
 
== Further information ==
  
 
For further information on this group, please ask in #fedora-admin on irc.freenode.net and/or the fedora infrastructure mailing list.
 
For further information on this group, please ask in #fedora-admin on irc.freenode.net and/or the fedora infrastructure mailing list.

Revision as of 20:54, 29 March 2012

Contents

Infrastructure Apprentice

The 'fi-apprentice' group in the Fedora Account System is one with a lot of read-only access to various Fedora infrastructure machines. This group is used for new folks to look around at the infrastructure setup, check machines and processes and see where they might like to contribute moving forward. This also allows apprentices to examine and gather info on problems, then propose solutions.

Access to many infrastructure machines

Members of the fi-apprentice group have ssh/shell access to many machines, but no sudo rights or ability to commit to puppet (but they do have read-only puppet access). Access is via the bastion.fedoraproject.org machine and from there to each machine. See the SSH Access Infrastructure SOP for more info.. Exceptions to this access are: backups*, db*, fas*, sign*, rel*, ns* and compose*, These machines may contain sensitive data and are almost always in a production mode.

Nagios alerts

This group does NOT get Nagios alerts. If you wish to receive them, you should join the sysadmin group, otherwise you can see them trough #fedora-noc channel or Nagios web interface at: https://admin.fedoraproject.org/nagios/.

Regular checkins

On the first of each month a mentor will mail all the folks in the group. This email will ask what tasks they are working on or interested in, what they are using their access for and if they intend to be active in infrastructure. Please look for and answer these emails as they come to you.

Length of membership

This group will be pruned often of inactive folks who miss checkins. Members who have not logged into any machine and/or are not active will be removed. There's nothing personal in this, and you're welcome to re-join later when you have more time.

easyfix tickets

There are tickets marked with the 'easyfix' keyword that may be suitable for apprentices to learn how things are setup, and also contribute a fix. See: https://fedorahosted.org/fedora-infrastructure/report/14 for this report.

Working on a ticket workflow

  • Pick a ticket

Look in https://fedorahosted.org/fedora-infrastructure/report/14 for a ticket that looks interesting to you. If the ticket is already assigned, but hasn't had any action in a while, feel free to ask on ticket if it's still being worked on, and if no reply in a week or so, take it over. Some tickets can be worked on by several people, so feel free to ask in ticket if this is one of those kinds of tasks and what part you can work on.

  • Make patch for fix from git puppet repo

Most any task will require changes to puppet. You can check this out on lockbox01 and make edits to your local copy. Apprentices don't have commit privleges, only checkout, so you will need to make your fix, get a patch of it and attach it to the ticket for someone to apply once it's been reviewed. See the http://infrastructure.fedoraproject.org/infra/docs/puppet.txt for how to check out the puppet git repo. Then 'git diff' should provide a patch for you against the current version in git.

  • Attach your patch to ticket

Attach your patch to the ticket and add a comment asking someone to review the patch and apply it if it looks good.

IRC tips

One of the primary ways the infrastructure team communicates is via IRC. Here's a few tips to best communicate with the rest of the team:

  • Feel free to ask questions when you think of them/run into them, but don't expect everyone to drop what they are doing and answer right then. Please be patient.
  • Try and avoid Private messages to specific team members. Instead ask your questions in #fedora-admin or #fedora-noc if at all possible. This allows anyone to help you out and also other folks to see the answer and peer review the answers you get.
  • Try and assume best intentions on past decisions. There is often a reason for something being setup the way it is or there's some history behind it. "Have we considered switching from foo to bar?" is great, "Why are you using foo! bar is better, we should switch to it right now" is not.
  • Keep in mind many of the infrastructure folks are busy, so do try and avoid 'pinging' them unless there's a specific need or you know they are active in channel. Many people have a IRC 'trigger' that notifies them when someone mentions their nick.
  • Being active in IRC and asking questions is a great way to find out how things are setup and gain more trust.

Further information

For further information on this group, please ask in #fedora-admin on irc.freenode.net and/or the fedora infrastructure mailing list.