Versions Compared

Old Version 21

changes.mady.by.user Karl Amrhein

Saved on

compared with

New Version Current

changes.mady.by.user Karl Amrhein

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Configuration ItemChef attribute name for this itemNotesHow to enable it
sudo accessauthorization.sudo.usersRequest sudo access using this form:
https://www.slac.stanford.edu/comp/unix/auth/superuser-req.shtml		 
restrict local login accesslimit_login  
do not update the default boot kernelkernel_updatedefault  
home directory locationoverride_homedirThe default home directory location is /home (local to the host). The home directory listed in the LDAP directory service can be enabled instead. Be sure the directory services home directory location is actually available on this host first. 
    

 

Steps to provide an OCIO admin full access to Chef

These are the steps to grant an OCIO admin full access to the Chef Infrastructure.
Note: for minimal access (eg, to create GitHub Pull Requests and GitHub Issues), just steps 1a and 1b are needed.
Everyone in unix-admin should have steps 1a and 1b done, and optionally all steps for full access.

  1. GitHub: Grant access to https://github.com/orgs/SLAC-CHEF organization
    1. Log into github as the admin for the SLAC-CHEF organization
      1. escrow -c systems display slac-chef-admin
    2. Invite the person using their github account on this page
      1. https://github.com/orgs/SLAC-CHEF/people
    3. The default permission level for members of SLAC-CHEF is read-only
      1. this is so we can invite any SLAC user to be a member so they can collaborate with us
      2. add the unix-admin user to the scs-unix team on this page so they have write access to repos
        1. https://github.com/orgs/SLAC-CHEF/teams/scs-unix/members
    4. The unix-admin person should create an ssh key pair for github use if necessary
      1. https://github.com/settings/keys
  2. Chef Server: create account on Chef Server
    1. Log into https://chef01.slac.stanford.edu
    2. ...
  3. Automate Server: create account on Chef Automate 2 Server
    1. Log into https://chef-automate2.slac.stanford.edu
    2. ...
  4. Jenkins Server: create account on Jenkins Server
    1. escrow -c systems display chef-jenkins
    2. Log into http://chef-build01.slac.stanford.edu:8080
    3. ...
  5. Provide instructions on how to do the following:
    1. clone an existing cookbook, make a change, push changes to github, press the "approve" button on Jenkins
    2. create a new cookbook, with Jenkinsfile
      1. new github repo, with scs-unix team write access
      2. new jenkins project
      3. verify cookbook permissions on chef server (write access for jenkins user only)
      4. add cookbook to a role, if appropriate
    3. how to test changes on cookbook before pushing to production
    4. how to bypass Jenkins pipeline for emergencies (eg, Jenkins server is down)