generated from sig_core/wiki-template
start basis for infrastructure wiki
This commit is contained in:
parent
87d724f9a7
commit
8daa220852
@ -1,7 +1,7 @@
|
||||
# REPLACEME Wiki
|
||||
# Infrastructure Wiki
|
||||
|
||||
@TODO - fill in :)
|
||||
|
||||
## Continuous Integration / Continuous Deployment
|
||||
|
||||
Actions Runner executes workflow to publish to https://REPLACEME.rocky.page on push to main.
|
||||
Actions Runner executes workflow to publish to https://infra.rocky.page on push to main.
|
||||
|
@ -1 +1 @@
|
||||
REPLACEME.rocky.page
|
||||
infra.rocky.page
|
||||
|
3
docs/assets/icon-white.svg
Normal file
3
docs/assets/icon-white.svg
Normal file
@ -0,0 +1,3 @@
|
||||
<svg width="4096" height="4096" viewBox="0 0 192 192" fill="none" xmlns="http://www.w3.org/2000/svg">
|
||||
<path fill-rule="evenodd" clip-rule="evenodd" d="M186.658 127.658C190.119 117.746 192 107.093 192 96C192 42.9807 149.019 0 96 0C42.9807 0 0 42.9807 0 96C0 122.234 10.523 146.011 27.5783 163.338L124.958 65.9584L149 90L186.658 127.658ZM169.122 158.205L124.958 114.042L55.7978 183.202C68.0268 188.849 81.6455 192 96 192C125.288 192 151.514 178.884 169.122 158.205Z" fill="white"/>
|
||||
</svg>
|
After Width: | Height: | Size: 487 B |
62
docs/include/resources_bottom.md
Normal file
62
docs/include/resources_bottom.md
Normal file
@ -0,0 +1,62 @@
|
||||
|
||||
<h4>Resources</h4>
|
||||
|
||||
=== "Account Services"
|
||||
|
||||
**URL**: [https://accounts.rockylinux.org](https://accounts.rockylinux.org)
|
||||
|
||||
**Purpose**: Account Services maintains the accounts for almost all components of the Rocky ecosystem
|
||||
|
||||
**Technology**: Noggin used by Fedora Infrastructure
|
||||
|
||||
**Contact**: `~Infrastructure` in Mattermost and `#rockylinux-infra` in Libera IRC
|
||||
|
||||
=== "Git (RESF Git Service)"
|
||||
|
||||
**URL**: [https://git.resf.org](https://git.resf.org)
|
||||
|
||||
**Purpose**: General projects, code, and so on for the Rocky Enterprise Software Foundation.
|
||||
|
||||
**Technology**: [Gitea](https://gitea.io/en-us/)
|
||||
|
||||
**Contact**: `~Infrastructure`, `~Development` in Mattermost and `#rockylinux-infra`, `#rockylinux-devel` in Libera IRC
|
||||
|
||||
=== "Git (Rocky Linux GitHub)"
|
||||
|
||||
**URL**: [https://github.com/rocky-linux](https://github.com/rocky-linux)
|
||||
|
||||
**Purpose**: General purpose code, assets, and so on for Rocky Linux. Some content is mirrored to the RESF Git Service.
|
||||
|
||||
**Technology**: [GitHub](https://github.com)
|
||||
|
||||
**Contact**: `~Infrastructure`, `~Development` in Mattermost and `#rockylinux-infra`, `#rockylinux-devel` in Libera IRC
|
||||
|
||||
|
||||
=== "Git (Rocky Linux GitLab)"
|
||||
|
||||
**URL**: [https://git.rockylinux.org](https://git.rockylinux.org)
|
||||
|
||||
**Purpose**: Packages and light code for the Rocky Linux distribution
|
||||
|
||||
**Technology**: [GitLab](https://gitlab.com)
|
||||
|
||||
**Contact**: `~Infrastructure`, `~Development` in Mattermost and `#rockylinux-infra`, `#rockylinux-devel` in Libera IRC
|
||||
|
||||
=== "Mail Lists"
|
||||
|
||||
**URL**: [https://lists.resf.org](https://lists.resf.org)
|
||||
|
||||
**Purpose**: Users can subscribe and interact with various mail lists for the Rocky ecosystem
|
||||
|
||||
**Technology**: Mailman 3 + Hyper Kitty
|
||||
|
||||
**Contact**: `~Infrastructure` in Mattermost and `#rockylinux-infra` in Libera IRC
|
||||
|
||||
=== "Contacts"
|
||||
|
||||
| Name | Email | Mattermost Name | IRC Name |
|
||||
|---------------------------------|-------------------------|-------------------|--------------------|
|
||||
| Neil Hanlon | neil@resf.org | @neil | neil |
|
||||
| Taylor Goodwill | tg@resf.org | @tgo | tg |
|
||||
| Louis Abel | label@rockylinux.org | @nazunalika | Sokel/label/Sombra |
|
||||
|
@ -1,4 +1,4 @@
|
||||
# REPLACEME Wiki
|
||||
# Infrastructure Wiki
|
||||
|
||||
## Links
|
||||
|
||||
@ -8,9 +8,10 @@
|
||||
|
||||
## Members
|
||||
|
||||
## Project layout
|
||||
|
||||
mkdocs.yml # The configuration file.
|
||||
docs/
|
||||
index.md # The documentation homepage.
|
||||
... # Other markdown pages, images and other files.
|
||||
| Role | Name | Email | Mattermost Name | IRC Name |
|
||||
|-------------------------------------------|---------------------------------|-------------------------|-------------------|------------------------|
|
||||
| Infrastructure Lead | Neil Hanlon | neil@resf.org | @neil | neil |
|
||||
| Infrastructure Lead | Taylor Goodwill | tg@resf.org | @tgo | tg |
|
||||
| Infrastructure, IdM & Release Engineering | Louis Abel | label@rockylinux.org | @nazunalika | Sokel/label/Sombra |
|
||||
| Infrastructure | Randolph | | @meltro | N/A |
|
||||
| Infrastructure | Patrick Roberts | | @preachermanx | N/A |
|
||||
|
5
docs/sop/.pages
Normal file
5
docs/sop/.pages
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
nav:
|
||||
- ... | index.md
|
||||
- 'SOP: Personal Data Request - Deletion': 'idm_sop_gdpr.md'
|
||||
- 'SOP: Mattermost and RAS Group Sync': 'idm_sop_mm_ras.md'
|
44
docs/sop/idm_sop_gdpr.md
Normal file
44
docs/sop/idm_sop_gdpr.md
Normal file
@ -0,0 +1,44 @@
|
||||
---
|
||||
title: 'SOP: Personal Data Request - Deletion'
|
||||
---
|
||||
|
||||
This SOP covers how the Rocky Enterprise Software Foundation (RESF) and Rocky Linux Infrastructure Team handles GDRP (General Data Protection Regulation) data delete requests. It contains information about how System Administrators will use Ansible and other tooling to respond to delete requests.
|
||||
|
||||
## Contact Information
|
||||
| | |
|
||||
| - | - |
|
||||
| **Owner** | Infrastructure Team & Identity Management Team |
|
||||
| **Email Contact** | infrastructure@rockylinux.org |
|
||||
| **Email Contact** | identitymanagement@rockylinux.org |
|
||||
| **Mattermost Contacts** | `@label` |
|
||||
| **Mattermost Channels** | `~Infrastructure` |
|
||||
|
||||
## Responding to a Deletion Request
|
||||
|
||||
This section covers how a system administrator will use our `adhoc-ipauser-disable-pdr.yml` playbook to respond to a delete request.
|
||||
|
||||
If a request has been received via email, perform the following steps:
|
||||
|
||||
0. If request was received by email: Open a ticket at the [bug tracker](https://bugs.rockylinux.org) under the `Account Services` product (Click the drop down in the top right corner, click "Account Services", select "Report Issue")
|
||||
|
||||
* Set category to `Account Requests - Personal Data Request`
|
||||
* Assign to yourself if possible
|
||||
* Summary should be set: `PDR - Email Delete Request for <USER/EMAIL>`
|
||||
* Description should be set to the snippet `PDR Request - Remove Personal Information` or copied directly from the email if the template was followed.
|
||||
* Use the ID for the ansible playbook
|
||||
|
||||
1. On the ansible host, run the necessary ansible playbook: `ansible-playbook -i inventories/production/hosts.ini playbooks/adhoc-ipauser-disable-pdr.yml --extra-vars='ipa_user=<USER> ticket_id=BT<TICKET>'`
|
||||
2. Leave a comment on the issue that the disable request was performed.
|
||||
3. Email the affected user:
|
||||
|
||||
```
|
||||
Hello. We have reviewed your account request and have performed the requested
|
||||
changes. The ticket <ID> has been closed and set to private.
|
||||
|
||||
Please note that some public content such as mailing lists cannot be deleted
|
||||
since some information is meant to serve the RESF legitimate business
|
||||
interests, the public interest, and the interest of the open source community.
|
||||
|
||||
Thank you, please let us know if you have any further questions.
|
||||
```
|
||||
4. Set ticket to `RESOLVED`
|
33
docs/sop/idm_sop_mm_ras.md
Normal file
33
docs/sop/idm_sop_mm_ras.md
Normal file
@ -0,0 +1,33 @@
|
||||
---
|
||||
title: 'SOP: Mattermost and RAS Group Sync'
|
||||
---
|
||||
|
||||
This SOP covers how the Rocky Enterprise Software Foundation (RESF) and Rocky Linux Infrastructure handles group syncing between the Rocky Account Services and Mattermost Channels. It contains information about how System Administrators will create groups, the templates, and how to setup syncing within Mattermost.
|
||||
|
||||
Note: This assumes the user is logging in with their RAS credentials to Mattermost.
|
||||
|
||||
## Contact Information
|
||||
| | |
|
||||
| - | - |
|
||||
| **Owner** | Infrastructure Team & Identity Management Team |
|
||||
| **Email Contact** | infrastructure@rockylinux.org |
|
||||
| **Email Contact** | identitymanagement@rockylinux.org |
|
||||
| **Mattermost Contacts** | `@label` |
|
||||
| **Mattermost Contacts** | `@neil` |
|
||||
| **Mattermost Channels** | `~Infrastructure` |
|
||||
|
||||
## Creating the necessary group
|
||||
|
||||
This section covers how a system administrator will create a group Rocky Account Services using ansible. The playbook utilized will be `adhoc-ipagroup.yml`.
|
||||
|
||||
1. First, determine where and how the group will be utilized. The starting template will be `mm_X_name`. `mm` is for mattermost, `X` will be for the designated part of Mattermost (e.g., resf, rl, and so on), and `name` will be the name of the group in question.
|
||||
2. On the ansible host, run the necessary ansible playbook: `ansible-playbook -i inventories/production/hosts.ini ansible-ipa-management/adhoc-ipagroup.yml --extra-vars='ipa_group=<GROUP> ipa_description="<DESC>" ipa_nonposix=false ipa_fas=true ipa_group_manager_user=<OWNER>'`
|
||||
|
||||
* Ensure that the description is set in a way that it explains what it is for
|
||||
* It is unlikely the group will need to have a GID assigned. Assigning the group as nonposix should be sufficient.
|
||||
* Setting the group with `ipa_fas=true` ensures that the group will appear in Rocky Account Services and can be managed there.
|
||||
* Setting `ipa_group_manager_user` will set a user in RAS that can manage the group without requesting for an administrator to do so.
|
||||
|
||||
## Syncing in Mattermost
|
||||
|
||||
Within mattermost's administration console, apply the group to the channel as necessary.
|
8
docs/sop/index.md
Normal file
8
docs/sop/index.md
Normal file
@ -0,0 +1,8 @@
|
||||
---
|
||||
title: SOP (Standard Operationg Procedures)
|
||||
---
|
||||
|
||||
This section goes over the various SOP's for the Infrastructure Team. Please use the menu items
|
||||
to find the various pages of interest.
|
||||
|
||||
{% include "resources_bottom.md" %}
|
12
mkdocs.yml
12
mkdocs.yml
@ -1,13 +1,13 @@
|
||||
---
|
||||
# Project information
|
||||
site_name: REPLACEME Wiki
|
||||
site_url: https://REPLACEME.rocky.page
|
||||
site_name: Infrastructure Wiki
|
||||
site_url: https://infra.rocky.page
|
||||
site_description: >-
|
||||
REPLACEME
|
||||
Infrastructure Wiki and Documentation
|
||||
|
||||
# Repository
|
||||
repo_url: https://git.resf.org/REPLACEME/wiki
|
||||
repo_name: REPLACEME/wiki
|
||||
repo_url: https://git.resf.org/infrastructure/wiki
|
||||
repo_name: infrastructure/wiki
|
||||
edit_uri: _edit/main/docs/
|
||||
|
||||
# Copyright
|
||||
@ -58,6 +58,8 @@ plugins:
|
||||
- git-revision-date-localized:
|
||||
type: date
|
||||
- search
|
||||
- macros:
|
||||
include_dir: docs/include
|
||||
|
||||
# Extensions
|
||||
markdown_extensions:
|
||||
|
Loading…
Reference in New Issue
Block a user