From Fedora Project Wiki

(New SOP woo!)
 
 
(12 intermediate revisions by 6 users not shown)
Line 1: Line 1:
{{admon/important | Template Guidance | The page source contains comments with guidance for each section. They are invisible when viewing this page in its saved state. To view the comments, choose the "edit" link.<br/> '''Copy the source to a ''new page'' before making changes!'''}}
+
{{admon/important|This page is deprecated| All Fedora Release Engineering Documentation has moved [https://docs.pagure.org/releng/ here] with source hosted along side the code in the [https://pagure.io/releng releng pagure repository]}}
 +
{{needs love}}
 +
== Description ==
 +
People volunteer (or get assigned) to doing Fedora release engineering from time to time.  This SOP seeks to describe the process to add a new release engineer so that they have the rights to accomplish their tasks, know where to find the tasks, and are introduced to the existing members. There are several groups that manage access to the respective systems:
  
== Description ==
+
* ''cvsadmin'': Admin group for pkgdb2 (allows to retire/orphan all packages etc), allows git write access via SSH to all packages in dist-git
<!-- Put a description of the task here. -->
+
* ''gitreleng'': Allows write access to release engineering git repo
People volunteer (or get assigned) to doing Fedora release engineering from time to time. This SOP seeks to describe the process to add a new release engineer so that they have the rights to accomplish their tasks, know where to find the tasks, and are introduced to the existing members.
+
* ''signers'': Membership is necessary to use [[Sigul_Client_Setup_SOP|sigul]].
 +
* ''sysadmin'': Allows SSH access to bastion, the SSH gateway to the PHX2 data center. SSH access to several other internal systems is only possible from here.
 +
* ''sysadmin-cvs'': Allows shell access to pkgs01 (pkgs.fedoraproject.org)
 +
* ''sysadmin-releng'': Allows SSH access to autosign01, koji03, koji04, releng04, relepel01 from bastion
  
 
== Action ==
 
== Action ==
<!-- Describe the action and provide examples -->
 
 
A new release engineer will access rights in a variety of systems, as well as be introduced to the releng group.
 
A new release engineer will access rights in a variety of systems, as well as be introduced to the releng group.
  
Line 12: Line 17:
 
Fedora Release Engineering maintains a git repo of scripts.  This can be found at ssh://git.fedorahosted.org/git/releng .  Write access to this group is controlled by access to the 'gitreleng' FAS group.  The new member's FAS username will need to be added to this group.
 
Fedora Release Engineering maintains a git repo of scripts.  This can be found at ssh://git.fedorahosted.org/git/releng .  Write access to this group is controlled by access to the 'gitreleng' FAS group.  The new member's FAS username will need to be added to this group.
  
FIXME: walkthrough group addition
+
https://git.fedorahosted.org/cgit/releng
 +
 
 +
 
 +
'''FIXME: walkthrough group addition'''
  
 
=== FAS ===
 
=== FAS ===
 
There is a releng group in FAS that release engineers are added to in order to grant them various rights within the Fedora infrastructure.  The new member's FAS username will need to be added to this group.
 
There is a releng group in FAS that release engineers are added to in order to grant them various rights within the Fedora infrastructure.  The new member's FAS username will need to be added to this group.
  
FIXME: walkthrough group addition
+
'''FIXME: walkthrough group addition'''
  
 
=== Koji ===
 
=== Koji ===
Line 40: Line 48:
 
Sigul is our signing server system.  They need to bet setup as a signer if they are going to be signing packages for a release.
 
Sigul is our signing server system.  They need to bet setup as a signer if they are going to be signing packages for a release.
  
FIXME: link to sigul SOP
+
'''FIXME: link to sigul SOP'''
  
 
=== Wiki Page ===
 
=== Wiki Page ===
Line 49: Line 57:
  
 
=== IRC ===
 
=== IRC ===
We ask that release engineers idle in #fedora-admin on Freenode to be available for queries by other infrastructure admins.
+
We ask that release engineers idle in #fedora-releng on Freenode to be available for queries by other infrastructure admins. Idling on #fedora-admin on Freenode is optional. It is noisy little bit but people sometimes ask releng stuff.
  
 
=== New member announcement ===
 
=== New member announcement ===
Line 55: Line 63:
  
 
== Verification ==
 
== Verification ==
<!-- Provide a method to verify that the action completed as expected (success) -->
 
  
 
=== Git ===
 
=== Git ===
Line 61: Line 68:
  
 
<pre>
 
<pre>
$ ssh gateway.fedoraproject.org
+
$ ssh fedorapeople.org getent group gitreleng
$ getent group gitreleng
+
gitreleng:x:101647:ausil,dwa,jwboyer,kevin,notting,pbabinca,sharkcz,skvidal,spot
gitreleng:x:101647:ausil,jkeating,jwboyer,notting,npetrov,skvidal,spot,wtogami
 
 
</pre>
 
</pre>
  
You can verify that npetrov is in the above list.
+
You can verify that the new user is in the above list.
  
 
=== FAS ===
 
=== FAS ===
Line 72: Line 78:
  
 
<pre>
 
<pre>
$ ssh gateway.fedoraproject.org
+
$ ssh fedorapeople.org getent group releng
$ getent group releng
+
releng:x:101737:atowns,ausil,dwa,jwboyer,kevin,lmacken,notting,pbabinca,spot
releng:x:101737:ausil,jkeating,jwboyer,kevin,lmacken,notting,npetrov,spot,wtogami
 
 
</pre>
 
</pre>
  
You can verify that npetrov is in the above list.
+
You can verify that the new user is in the above list.
  
 
=== Koji ===
 
=== Koji ===
Line 90: Line 95:
  
 
=== Sigul ===
 
=== Sigul ===
FIXME
+
* '''FIXME'''
  
 
=== Wiki Page ===
 
=== Wiki Page ===
Line 102: Line 107:
  
 
== Consider Before Running ==
 
== Consider Before Running ==
<!-- Create a list of things to keep in mind when performing action. -->
 
 
* Make sure the releng person has a solid grasp of the tasks we do and where to get help if stuck
 
* Make sure the releng person has a solid grasp of the tasks we do and where to get help if stuck
  
<!-- 1) Be sure to remove the Category:Template link below.
+
 
    2) Keep the RelEng SOP category link.
 
-->
 
 
[[Category:Release Engineering SOPs]]
 
[[Category:Release Engineering SOPs]]

Latest revision as of 17:49, 3 November 2015

Important.png
This page is deprecated
All Fedora Release Engineering Documentation has moved here with source hosted along side the code in the releng pagure repository
Cog.png
This page needs some love
This page should be revised or reconstructed to be more helpful. Problems may include being out of step with current team or project status or process.

Description

People volunteer (or get assigned) to doing Fedora release engineering from time to time. This SOP seeks to describe the process to add a new release engineer so that they have the rights to accomplish their tasks, know where to find the tasks, and are introduced to the existing members. There are several groups that manage access to the respective systems:

  • cvsadmin: Admin group for pkgdb2 (allows to retire/orphan all packages etc), allows git write access via SSH to all packages in dist-git
  • gitreleng: Allows write access to release engineering git repo
  • signers: Membership is necessary to use sigul.
  • sysadmin: Allows SSH access to bastion, the SSH gateway to the PHX2 data center. SSH access to several other internal systems is only possible from here.
  • sysadmin-cvs: Allows shell access to pkgs01 (pkgs.fedoraproject.org)
  • sysadmin-releng: Allows SSH access to autosign01, koji03, koji04, releng04, relepel01 from bastion

Action

A new release engineer will access rights in a variety of systems, as well as be introduced to the releng group.

Git

Fedora Release Engineering maintains a git repo of scripts. This can be found at ssh://git.fedorahosted.org/git/releng . Write access to this group is controlled by access to the 'gitreleng' FAS group. The new member's FAS username will need to be added to this group.

https://git.fedorahosted.org/cgit/releng


FIXME: walkthrough group addition

FAS

There is a releng group in FAS that release engineers are added to in order to grant them various rights within the Fedora infrastructure. The new member's FAS username will need to be added to this group.

FIXME: walkthrough group addition

Koji

In order to perform certain (un)tagging actions a release engineer must be an admin in koji. To grant a user admin rights one uses the grant-permission command in koji.

$ koji grant-permission --help
Usage: koji grant-permission <permission> <user> [<user> ...]
(Specify the --help global option for a list of other help options)

Options:
  -h, --help  show this help message and exit

For example if we wanted to grant npetrov admin rights we would issue:

$ koji grant-permission admin npetrov

Sigul

Sigul is our signing server system. They need to bet setup as a signer if they are going to be signing packages for a release.

FIXME: link to sigul SOP

Wiki Page

The new release engineer should be added to the Release Engineering membership list

rel-eng email list

Release engineering ticket spam and discussion happens on our Mailing List. New releng people need to subscribe.

IRC

We ask that release engineers idle in #fedora-releng on Freenode to be available for queries by other infrastructure admins. Idling on #fedora-admin on Freenode is optional. It is noisy little bit but people sometimes ask releng stuff.

New member announcement

When a new releng member starts, we announce it to the email list. This lets the other admins know to expect a new name to show up in tickets and on IRC.

Verification

Git

You can verify group membership by sshing to a system that is setup with FAS and using getent to verify membership in the gitreleng group:

$ ssh fedorapeople.org getent group gitreleng
gitreleng:x:101647:ausil,dwa,jwboyer,kevin,notting,pbabinca,sharkcz,skvidal,spot

You can verify that the new user is in the above list.

FAS

You can verify group membership by sshing to a system that is setup with FAS and using getent to verify membership in the releng group:

$ ssh fedorapeople.org getent group releng
releng:x:101737:atowns,ausil,dwa,jwboyer,kevin,lmacken,notting,pbabinca,spot

You can verify that the new user is in the above list.

Koji

To verify that the releng member is an admin koji use the list-permissions koji command:

$ koji list-permissions --user npetrov
admin

This shows that npetrov is an admin.

Sigul

  • FIXME

Wiki Page

Verification is easy. Just look at the page.

releng mailing list

Verify by asking the user if they got the announcement email

Announcement email

See above

Consider Before Running

  • Make sure the releng person has a solid grasp of the tasks we do and where to get help if stuck