Wikimedia Release Engineering Team/Onboarding

Copy/paste into onboarding task

 * More context:** https://www.mediawiki.org/wiki/Wikimedia_Release_Engineering_Team/Onboarding

You --- [ ] Create a Wikimedia Developer Account (an LDAP account). Follow the "VPS and General users" process here: https://wikitech.wikimedia.org/wiki/Help:Create_a_Wikimedia_developer_account [ ] Register in phabricator (https://www.mediawiki.org/wiki/Phabricator/Help#Creating_your_account_and_notifications) - use your LDAP/wikitech account (created in the previous step). [ ] Associate WMF mediawiki account with your Phabricator user account (**hack this url:** https://phabricator.wikimedia.org/settings/user/YOURUSERNAMEHERE/page/external/) [ ] Add 2factor to Phabricator login [ ] Add 2factor to wikitech login - https://wikitech.wikimedia.org/wiki/Special:Preferences [ ] Create IRC account and join channels (see: https://meta.wikimedia.org/wiki/IRC/Instructions#Register_your_nickname,_identify,_and_enforce): [X] Create IRC account and choose a "nick" (nickname) (if you don't already have one or if one is not already created for you via OIT). IRCCloud is easy: https://www.irccloud.com/ [ ] Register your IRC account: `/msg nickserv register YourPassword your@email.address.com` [ ] Enforce nick protection: `/msg nickserv set enforce on` [ ] Join public IRC channels (`#wikimedia-releng`, `#wikimedia-operations`, `#wikimedia-pipeline`, `#wikimedia-cloud`, `#wikimedia-cloud-admin` ) [ ] Mailing lists: [ ] Subscribe to ops@ mailing list (https://lists.wikimedia.org/mailman/listinfo/ops) [ ] Subscribe to qa@ (https://lists.wikimedia.org/mailman/listinfo/qa) [ ] Subscribe to wikitech-l@ list (https://lists.wikimedia.org/mailman/listinfo/wikitech-l) [ ] Verify you are subscribed to the engineering@lists.wikimedia.org mailing list: https://lists.wikimedia.org/mailman/listinfo/engineering [ ] Gerrit... [ ] Log into  Gerrit  (it uses your LDAP/Wikimedia Developer Account, aka: what you use to log into wikitech.wikimedia.org). [ ] Follow along with https://www.mediawiki.org/wiki/Gerrit/Tutorial (notably adding ssh keys) [ ] Get access to servers: [ ] Read and sign the Server access and responsibilities agreement https://phabricator.wikimedia.org/L3 [ ] New shell user process (https://wikitech.wikimedia.org/wiki/Production_shell_access#New_users) (Add to data.yaml in correct groups) - **link as subtask** [ ] Create GPG key for use with our pwstore (if you don't have one already) - https://phabricator.wikimedia.org/source/releng-secrets/repository/master/ [ ] Add yourself to the Contact List on officewiki: https://office.wikimedia.org/wiki/Contact_list [ ] Read the readings: https://www.mediawiki.org/wiki/Wikimedia_Release_Engineering_Team/Onboarding#Readings [ ] Have a 1:1 with everyone on the team. See https://www.mediawiki.org/wiki/Wikimedia_Release_Engineering_Team/Onboarding#People_to_meet_and_things_to_do_with_them

Somebody else - [ ] Add to releng@ private team list (https://lists.wikimedia.org/mailman/listinfo/releng) [ ] Add to private IRC channels (`#wikimedia-releng-team`, `#wikimedia-staff`, `#mediawiki_security`) [ ] Add to Gerrit group: wmf-deployments [ ] Add to LDAP groups: wmf, releng, ciadmin - https://wikitech.wikimedia.org/wiki/LDAP/Groups - **link as subtask** [ ] Add to Phabricator groups: #WMF-NDA, #trusted-contributors, #acl_releng, #acl_repository-admins, #acl_project-admins, #acl_phabricator [ ] Add to #RelEng-Kanban's sidebar [ ] Add to team Herald rule: H229 [ ] Add to #Security phabricator group: https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Policy/Access_to_security_issues - **link as subtask** [ ] Add to our Cloud VPS projects - https://horizon.wikimedia.org/project/member/ (deployment-prep and integration) [ ] Add GPG key to pwstore - https://phabricator.wikimedia.org/source/releng-secrets/repository/master/ [ ] Add to relevant Team Drives in Google Drive: RelEng,  Pipeline ,  Code Health

Gerrit login
Use your Wikimedia developer account (aka Wikitech credentials) to login to Gerrit. Go to preferences and add your non-prod key.

Your onboarding person should add you to the wmf-deployments group: https://gerrit.wikimedia.org/r/#/admin/groups/21,members

Phabricator login
Login to phabricator using your Wikitech credentials.

Shell user (connecting to bastions)

 * Read Wikimedia Server Access Responsibilities for your responsibilities, and Bastion or more details on the bastion hosts. Pick the one geographically closest to you.
 * Read Production shell access and copy the SSH config described there.

SSH keys generation
Generate two new SSH keys, be sure to use a memorable passphrase.

ssh-keygen -f ~/.ssh/id_ed25519.wmfdev -t ed25519 -C "your_email@youremail.com"
 * For your WIkimedia developer account use:

ssh-keygen -f ~/.ssh/id_ed25519.wmfprod -t ed25519 -C "your_email@youremail.com"
 * For your production account use:

You will now have 4 files in your  directory as follows: id_ed25519.wmfdev - Wikimedia developer account private key id_ed25519.wmfdev.pub - Wikimedia developer account public key id_ed25519.wmfprod - Wikimedia production account private key id_ed25519.wmfprod.pub - Wikimedia production account public key

We have a recommended .ssh/config to use.

Generating a GPG key

 * Run  and follow the prompts. Defaults are usually good, but use a 4096 bit length.
 * Then uploads public key to key server


 * Reach out to Greg to see about getting it signed. Requires two signatures.

Mailing lists descriptions

 * releng@lists.wikimedia.org - Private team list
 * ops@lists.wikimedia.org - Private ops list, includes all deployers
 * qa@lists.wikimedia.org - public list
 * security@wikimedia.org - (if appropriate) private alias for security issue reporting and follow-up
 * wikitech-l@wikimedia.org - public list for all things Wikimedia development
 * engineering@wikimedia.org - public list (initially just for WMF engineering staff, now public)

IRC Channel descriptions

 * #wikimedia-releng - team channel with task, code review, and monitoring bot announcements
 * #wikimedia-staff - private WMF staff and contractors only channel, useful backchannel for staff-only meetings
 * #wikimedia-releng-team - private team IRC channel
 * Prerequisite: the user's nick must be registered on Freenode, see: https://freenode.net/kb/answer/registration
 * Add the user to the access list for the channel using the  template:
 * Then add to invite list (so they don't have to invite themselves each time):
 * #wikimedia-operations - most production server discussion happens here
 * #wikimedia-pipeline - focused on the cross-team Deployment Pipeline project
 * #wikimedia-tech - general Wikimedia tech discussion
 * #wikimedia-dev - Wikimedia dev related bot announcements (tasks and code review)
 * #wikimedia-cloud and #wikimedia-cloud-admin - Cloud VPS (much of our CI infrastructure depends on Wikimedia Cloud VPS)
 * #wikimedia-dev - Wikimedia dev related bot announcements (tasks and code review)
 * #wikimedia-cloud and #wikimedia-cloud-admin - Cloud VPS (much of our CI infrastructure depends on Wikimedia Cloud VPS)

= People to meet and things to do with them = You'll want to meet these people soon, some on the first day! You should probably introduce yourself over IRC and ask to schedule a Google hangout with them.

The goal of this section is to meet some of your team mates and learn how the team fits together. Hopefully you'll talk to everyone on the team one on one for about thirty minutes over the first week or two.

First day

 * Greg Grossmeier, manager of the Release Engineering team. He is normally in the Pacific timezone.
 * Tell him everything is going great and that the instructions are easy to follow but you are still overwhelmed by the reading you have to do.
 * Tell him that you found some errors in the instruction and fixed the template. :P
 * Ask him to give you an overview of how the foundation is organized, what teams do what, and all that.
 * Make sure he adds you to any relevant team meetings.
 * He'll want to talk to you one on one a few times in the first week.

First couple of weeks

 * Antoine Musso - Central European timezone
 * Ask him to tell you the origin story of our Continuous Integration infrastructure, including Beta Cluster.
 * Ask him all about French cooking and why it's the best country to live in.
 * Dan Duvall - Pacific timezone
 * Ask him about the Deployment Pipeline.
 * Ask him about maintaining the infrastructure for a website that got 99% of it's traffic in one month.
 * Jean-Rene Branaa - Pacific timezone
 * Ask him about Code Health and what it means here.
 * Ask him to tell you all about gaming.
 * Lars Wirzenius - Eastern European timezone
 * Ask him about being the other new person on the team.
 * Ask him about his obsession with backups.
 * Mukunda Modell - Central timezone
 * Ask him about Phabricator and why it's a game.
 * Ask him about his RX7.
 * Tyler Cipriani (thcipriani) - Mountain timezone
 * Ask him why MediaWiki deployment still sucks, and then pair on a SWAT deploy.
 * Ask him about his increasingly ridiculous collection of dotfiles.
 * Zeljko Filipin - Central European timezone
 * Ask him about Selenium, continuous integration, MediaWiki-Vagrant, SWAT, train deploys.
 * Ask him about daylight saving time, juggling, Rubik's Cube, ukulele, Pareto principle, lightning talks, open space.

Readings

 * https://office.wikimedia.org/wiki/New_tech_employee_orientation <-- important
 * https://office.wikimedia.org/wiki/Technical_onboarding_for_new_hires
 * https://office.wikimedia.org/wiki/New_Hire_Orientation_Videos
 * From SRE:
 * Life of a request presentation
 * Application layer deeper dive presentation
 * The "Kubernetes" (2018-11-16) presentation from https://office.wikimedia.org/wiki/Operations/Ops_sessions
 * http://www.aosabook.org/en/mediawiki.html <-- lower priority, but interesting