Wikimedia Release Engineering Team/Onboarding

Pre-boarding checklist

 * 1) Get access to @wikimedia.org email
 * 2) WMF OIT should have created a wiki account for you.
 * 3) Generate 2 ssh keys
 * 4) *prod - for production logins e.g. bastions.
 * 5) *non-prod (aka your "cloud" or "labs" key) - for everything else e.g. Cloud Services (WMCS), Gerrit
 * 6) Select a shell/unix name,  this is important, choose wisely .
 * 7) Select a username on Wikitech,   this is important, choose wisely . Many go with their full name.
 * 8) * The Wikitech username (aka LDAP username) will be visible in many many places (including Gerrit). You will be seeing it ALL THE TIME.
 * 9) Generate a GPG key
 * 10) Choose an IRC nickname. Make sure nick you turn nick enforcement is on or/and get an IRC cloak

Wikitech
After creating an account on Wikitech, go to preferences


 * User Profile: Enable 2FA (hint: use Google Authenticator or Authy or whatever system you use already)
 * Openstack: Add your non-prod key

Copy/paste into onboarding task

 * More context:** https://www.mediawiki.org/wiki/Wikimedia_Release_Engineering_Team/Onboarding

You --- [ ] Create a Wikimedia Developer Account (an LDAP account). Follow the "VPS and General users" process here: https://wikitech.wikimedia.org/wiki/Help:Create_a_Wikimedia_developer_account [ ] Register in phabricator (https://www.mediawiki.org/wiki/Phabricator/Help#Creating_your_account_and_notifications) - use your LDAP/wikitech account (created in the previous step). [ ] Associate WMF mediawiki account with your Phabricator user account (**hack this url:** https://phabricator.wikimedia.org/settings/user/YOURUSERNAMEHERE/page/external/) [ ] Add 2factor to Phabricator login [ ] Add 2factor to wikitech login - https://wikitech.wikimedia.org/wiki/Special:Preferences [ ] Create IRC account and join channels (see: https://meta.wikimedia.org/wiki/IRC/Instructions#Register_your_nickname,_identify,_and_enforce): [X] Create IRC account and choose a "nick" (nickname) (if you don't already have one or if one is not already created for you via OIT). IRCCloud is easy: https://www.irccloud.com/ [ ] Register your IRC account: `/msg nickserv register YourPassword your@email.address.com` [ ] Enforce nick protection: `/msg nickserv set enforce on` [ ] Join public IRC channels (`#wikimedia-releng`, `#wikimedia-operations`, `#wikimedia-pipeline`, `#wikimedia-cloud`, `#wikimedia-cloud-admin` ) [ ] Mailing lists: [ ] Subscribe to ops@ mailing list (https://lists.wikimedia.org/mailman/listinfo/ops) [ ] Subscribe to qa@ (https://lists.wikimedia.org/mailman/listinfo/qa) [ ] Subscribe to wikitech-l@ list (https://lists.wikimedia.org/mailman/listinfo/wikitech-l) [ ] Verify you are subscribed to the engineering@lists.wikimedia.org mailing list: https://lists.wikimedia.org/mailman/listinfo/engineering [ ] Gerrit... [ ] Log into  Gerrit  (it uses your LDAP/Wikimedia Developer Account, aka: what you use to log into wikitech.wikimedia.org). [ ] Follow along with https://www.mediawiki.org/wiki/Gerrit/Tutorial (notably adding ssh keys) [ ] Get access to servers: [ ] Read and sign the Server access and responsibilities agreement https://phabricator.wikimedia.org/L3 [ ] New shell user process (https://wikitech.wikimedia.org/wiki/Production_shell_access#New_users) (Add to data.yaml in correct groups) - **link as subtask** [ ] Create GPG key for use with our pwstore (if you don't have one already) - https://phabricator.wikimedia.org/source/releng-secrets/repository/master/ [ ] Add yourself to the Contact List on officewiki: https://office.wikimedia.org/wiki/Contact_list [ ] Read the readings: https://www.mediawiki.org/wiki/Wikimedia_Release_Engineering_Team/Onboarding#Readings [ ] Have a 1:1 with everyone on the team. See https://www.mediawiki.org/wiki/Wikimedia_Release_Engineering_Team/Onboarding#People_to_meet_and_things_to_do_with_them

Somebody else - [ ] Add to releng@ private team list (https://lists.wikimedia.org/mailman/listinfo/releng) [ ] Add to private IRC channels (`#wikimedia-releng-team`, `#wikimedia-staff`, `#mediawiki_security`) [ ] Add to Gerrit group: wmf-deployments [ ] Add to LDAP groups: wmf, releng, ciadmin - https://wikitech.wikimedia.org/wiki/LDAP/Groups - **link as subtask** [ ] Add to Phabricator groups: #WMF-NDA, #trusted-contributors, #acl_releng, #acl_repository-admins, #acl_project-admins, #acl_phabricator [ ] Add to #RelEng-Kanban's sidebar [ ] Add to team Herald rule: H229 [ ] Add to #Security phabricator group: https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Policy/Access_to_security_issues - **link as subtask** [ ] Add to our Cloud VPS projects - https://horizon.wikimedia.org/project/member/ (deployment-prep and integration) [ ] Add GPG key to pwstore - https://phabricator.wikimedia.org/source/releng-secrets/repository/master/ [ ] Add to relevant Team Drives in Google Drive: RelEng,  Pipeline ,  Code Health

Gerrit login
Use your Wikitech credentials to login to Gerrit. Go to preferences and add your non-prod key.

Your onboarding person should add you to the wmf-deployments group: https://gerrit.wikimedia.org/r/#/admin/groups/21,members

Phabricator login
Login to phabricator using your Wikitech credentials.

Shell user (connecting to bastions)

 * Read Wikimedia Server Access Responsibilities for your responsibilities, and Bastion or more details on the bastion hosts. Pick the one geographically closest to you.
 * Read Production shell access and copy the SSH config described there.
 * Prepare a patch for your user on puppet.

Access to pwstore

 * Run  and follow the prompts (default expiration is "never", but you should limit it to 1 year)
 * Then uploads public key to key server


 * Reach out to Greg to see about getting it signed. Requires two signatures.

Mailing lists descriptions

 * releng@lists.wikimedia.org - Private team list
 * ops@lists.wikimedia.org - Private ops list, includes all deployers
 * qa@lists.wikimedia.org - public list
 * security@wikimedia.org - (if appropriate) private alias for security issue reporting and follow-up
 * wikitech-l@wikimedia.org - public list for all things Wikimedia development
 * engineering@wikimedia.org - public list (initially just for WMF engineering staff, now public)

IRC Channel descriptions

 * #wikimedia-releng - team channel with task, code review, and monitoring bot announcements
 * #wikimedia-staff - private WMF staff and contractors only channel, useful backchannel for staff-only meetings
 * #wikimedia-releng-team - private team IRC channel
 * Prerequisite: the user's nick must be registered on Freenode, see: https://freenode.net/kb/answer/registration
 * Add the user to the access list for the channel using the  template:
 * Then add to invite list (so they don't have to invite themselves each time):
 * #wikimedia-operations - most production server discussion happens here
 * #wikimedia-pipeline - focused on the cross-team Deployment Pipeline project
 * #wikimedia-tech - general Wikimedia tech discussion
 * #wikimedia-dev - Wikimedia dev related bot announcements (tasks and code review)
 * #wikimedia-cloud and #wikimedia-cloud-admin - Cloud VPS (much of our CI infrastructure depends on Wikimedia Cloud VPS)
 * #wikimedia-dev - Wikimedia dev related bot announcements (tasks and code review)
 * #wikimedia-cloud and #wikimedia-cloud-admin - Cloud VPS (much of our CI infrastructure depends on Wikimedia Cloud VPS)

= People to meet and things to do with them = You'll want to meet these people soon, some on the first day! You should probably introduce yourself over IRC and ask to schedule a Google hangout with them.

The goal of this section is to meet some of your team mates and learn how the team fits together. Hopefully you'll talk to everyone on the team one on one for about thirty minutes over the first week or two.

First day

 * Greg Grossmeier, manager of the Release Engineering team. He is normally in the Pacific timezone.
 * Tell him everything is going great and that the instructions are easy to follow but you are still overwhelmed by the reading you have to do.
 * Tell him that you found some errors in the instruction and fixed the template. :P
 * Ask him to give you an overview of how the foundation is organized, what teams do what, and all that.
 * Make sure he adds you to any relevant team meetings.
 * He'll want to talk to you one on one a few times in the first week.

First couple of weeks

 * Antoine Musso - Central European timezone
 * Ask him to tell you the origin story of our Continuous Integration infrastructure, including Beta Cluster.
 * Ask him all about French cooking and why it's the best country to live in.
 * Dan Duvall - Pacific timezone
 * Ask him about the Deployment Pipeline.
 * Ask him about maintaining the infrastructure for a website that got 99% of it's traffic in one month.
 * Jean-Rene Branaa - Pacific timezone
 * Ask him about Code Health and what it means here.
 * Ask him to tell you all about gaming.
 * Lars Wirzenius - Eastern European timezone
 * Ask him about being the other new person on the team.
 * Ask him about his obsession with backups.
 * Mukunda Modell - Central timezone
 * Ask him about Phabricator and why it's a game.
 * Ask him about his RX7.
 * Tyler Cipriani (thcipriani) - Mountain timezone
 * Ask him why MediaWiki deployment still sucks, and then pair on a SWAT deploy.
 * Ask him about his increasingly ridiculous collection of dotfiles.
 * Zeljko Filipin - Central European timezone
 * Ask him about Selenium, continuous integration, MediaWiki-Vagrant, SWAT, train deploys.
 * Ask him about daylight saving time, juggling, Rubik's Cube, ukulele, Pareto principle, lightning talks, open space.

Readings

 * https://office.wikimedia.org/wiki/New_tech_employee_orientation <-- important
 * https://office.wikimedia.org/wiki/Technical_onboarding_for_new_hires
 * https://office.wikimedia.org/wiki/New_Hire_Orientation_Videos
 * From SRE:
 * Life of a request presentation
 * Application layer deeper dive presentation
 * The "Kubernetes" (2018-11-16) presentation from https://office.wikimedia.org/wiki/Operations/Ops_sessions
 * http://www.aosabook.org/en/mediawiki.html <-- lower priority, but interesting