Adding users on puppet

From Wikitech

Tutorial on adding a new production shell user via Puppet including initial setup of a local clone of operations/puppet.

Preparation

Request Shell Access

Before everything else, you need to request shell access.

Accounts

Make sure you have an account on Gerrit.

Phabricator

Find the corresponding Phabricator task.

LDAP

Your onboarding person or someone with access should provide you with your ldap user id (uid)

Hint: ldapsearch -x "cn=<shell name>"

Git

 $ git clone ssh://shell_user@gerrit.wikimedia.org:29418/operations/puppet

Adding a user

Edit data.yaml

Open modules/admin/data/data.yaml for editing and add a new block under the users key.

Committing changes and review

  • Add files
 $ git add modules/admin/data/data.yaml
  • Run git commit using the following message format (note the empty line before Bug) where admin is the name of the puppet module and Bug is the corresponding phabricator task number (eg: an onboarding task).
  admin: added user <shell_user>
                                                     
  Bug: <Phabricatior task #>'
 rbenv exec bundle exec rake test  
  • Push for review
 $ git review
  • Git will complaining that it's missing the pre-commit hook. Follow the instructions to install it and try again.

This will publish on #wikimedia-operations the Gerrit url with your change and and trigger the operations-puppet-tests-docker Jenkins job which performs validations. If the job is successful your patch will move to the review queue. If a reviewer is happy with your patch, they will merge it.

The Gerrit part

After running git review, you should get a Gerrit url.

  • Click "Reply" and add +2 on "Code-Review" (or +1, your onboarding buddy will help)
  • If you have run Puppet_coding#Jenkins_dry_run_build, you can add the url with the report as a comment
  • If the "Submit" button is visible and blue, click it to merge the change
    • If not, you will need to rebase first, add +2 and then click "Submit"

Note1: In all repos, do not add +2 unless you are the one to merge it. In most repos +2 automatically merges changes

Note2: If something you merged needs to be reverted, go back to gerrit and revert-merge-apply

If something goes wrong

Sometimes maybe either something goes wrong with your commit e.g. Jenkins gives it -1, or a reviewer finds issues, you will need to upload another patchset.

  • Go back to your local repo and make all changes required
  • $ git add .
  • $ git commit --amend
  • $ git review
  • Rinse and repeat if required

Merging and testing changes on Puppet

Your onboarding buddy will do the following steps for you. The same process is for all puppet changes.

  • ssh to a puppetmaster (try puppetmaster1001.eqiad.wmnet or puppetmaster2001.codfw.wmnet)
  • Run puppet-merge
 $ sudo puppet-merge
  • ssh to a bastion and run puppet (this is for testing that everything works)
 $ sudo run-puppet-agent
  • You should be able to ssh to a bastion!

Syncing your local repo

Using rebase

  • git pull --rebase
    • If that fails, you should do
 $ git rebase --abort 
 $ git reset --hard origin

Using checkout

 $ git checkout production
 $ git reset --hard origin
 $ git pull origin

See also