Adding users on puppet
Tutorial on adding a new production shell user via Puppet including initial setup of a local clone of operations/puppet.
- 1 Preparation
- 2 Adding a user
- 3 The Gerrit part
- 4 If something goes wrong
- 5 Merging and testing changes on Puppet
- 6 Syncing your local repo
- 7 See also
Request Shell Access
Before everything else, you need to request shell access.
Make sure you have an account on Gerrit.
Find the corresponding Phabricator task.
Your onboarding person or someone with access should provide you with your ldap user id (uid)
ldaplist -l passwd <shell name>
- Clone operations/puppet
$ git clone ssh://email@example.com:29418/operations/puppet
- Create global review alias. Remote for everything is master
$ git config --global alias.review "push origin HEAD:refs/for/master"
- Create a local review alias for operations/puppet. Master branch is production
$ git config alias.review "push origin HEAD:refs/for/production"
Adding a user
modules/admin/data/data.yaml for editing and add a new block under the users key.
Committing changes and review
- Add files
$ git add modules/admin/data/data.yaml
- Run git commit using the following message format (note the empty line before
Bug) where admin is the name of the puppet module and Bug is the corresponding phabricator task number (eg: an onboarding task).
admin: added user <shell_user> Bug: <Phabricatior task #>'
- Local testing - requires Puppet_coding#Set_up_local_environment
rbenv exec bundle exec rake test
- Push for review
$ git review
- Git will complaining that it's missing the pre-commit hook. Follow the instructions to install it and try again.
This will publish on #wikimedia-operations the Gerrit url with your change and and trigger the operations-puppet-tests-docker Jenkins job which performs validations. If the job is successful your patch will move to the review queue. If a reviewer is happy with your patch, they will merge it.
The Gerrit part
After running git review, you should get a Gerrit url.
- Click "Reply" and add +2 on "Code-Review" (or +1, your onboarding buddy will help)
- If you have run Puppet_coding#Jenkins_dry_run_build, you can add the url with the report as a comment
- If the "Submit" button is visible and blue, click it to merge the change
- If not, you will need to rebase first, add +2 and then click "Submit"
Note1: In all repos, do not add +2 unless you are the one to merge it. In most repos +2 automatically merges changes
Note2: If something you merged needs to be reverted, go back to gerrit and revert-merge-apply
If something goes wrong
Sometimes maybe either something goes wrong with your commit e.g. Jenkins gives it -1, or a reviewer finds issues, you will need to upload another patchset.
- Go back to your local repo and make all changes required
$ git add .
$ git commit --amend
$ git review
- Rinse and repeat if required
Merging and testing changes on Puppet
Your onboarding buddy will do the following steps for you. The same process is for all puppet changes.
- ssh to a puppetmaster (try
- Run puppet-merge
$ sudo puppet-merge
- ssh to a bastion and run puppet (this is for testing that everything works)
$ sudo run-puppet-agent
- You should be able to ssh to a bastion!
Syncing your local repo
git pull --rebase
- If that fails, you should do
$ git rebase --abort $ git reset --hard origin
$ git checkout production $ git reset --hard origin $ git pull origin