SRE onboarding is mostly handled by an issue template that is assigned to the SRE when they start. This will guide them through different areas of the system, starting off with some simple tasks and help both the SRE and the SRE manager through various access issues.
Terraform configuration is currently divided into three environment:
There is shared terraform config for both staging and production to keep topology parity between these environments. Instance sizing, fleet sizes and other environment specific configuration is set in variable files for staging, production and ops.
The state for terraform is maintained in object storage, the master branch should always represent the current state of infrastructure. Changes should be applied after they are merged. There is ongoing work to improve terraform config management including automation using GitLab CICD. For more information about this see https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/5079.
Chef is a critical part of SRE infrastructure management. Currently it is used for OS patching, applying system level configuration and installing the omnibus package for releases. Here are a few notable cookbooks which will be a good starting-point for new SREs:
gitlab.rbon every server that has GitLab installed. This config file is used by the omnibus package.
Releases candidates are deployed to GitLab.com until the official release on the 22nd. For information about how releases at GitLab.com read the release process documentation.
For information about GitLab.com deployments and patches see the following release docs:
The following repositories are used for GitLab.com infrastructure management. These repository locations are the remotes that the SRE team uses for pushes, issues and MRs. Mirrors are setup in case that GitLab.com is unavailable. Repositories that are necessary for assets, configuration, infrastructure, releases and patch management use https://ops.GitLab.net as a remote.
chef: This repository contains all role and node attributes for GitLab.com infrastructure. It also has the environment configurations for production, staging and ops for cookbook version pinning. There is a repository mirror on GitLab.com.
runbooks: This repository contains runbooks, howtos and alert definitions for GitLab.com. Alerts defined in this repository are automatically applied to the monitoring infrastructure when merged to master. For more information see the alert manual. There is a repository mirror on ops.GitLab.net.
It is useful to have the following dashboards bookmarked and easily accessible
It is useful to have the following issue trackers bookmarked and easily accessible
SREs should be using a YubiKey and should not have keys on their laptop.
Follow the yubikey runbook to set up
The following is intended to be a comprehensive list of credentials and access that need to be set up, which are not covered above or elsewhere in the handbook. The list may not be up to date. If something is missing, please add it.
Every SRE should register for a “Light Agent” account in ZenDesk. Often times incidents are generated from customer reports, and it’s useful to see their submission and the back and forth with support. You can also leave internal notes for support engineers so that they can gather more information for troubleshooting purposes. See 'Light Agent' Zendesk accounts available for all GitLab staff
We use PTO Ninja to notify and delegate for planned timeoff. When setting up your integrations with Slack,
be sure to run the
/ninja settings command and add the team's shared Google Calendar
firstname.lastname@example.org) as an "Additional Calendar".
As production engineers we are allowed to utilize a linux workstation. The list below is mostly comprised of OSX tools. You'll need to find the linux equivalent to match the linux distro of your choice.
In addition to the standard tools for interacting with the rest of GitLab, the following tools help when working on production issues.
brew install kubernetes-cli)
Nice to have
brew cask install iterm2) or kitty (
brew cask install kitty) (bear in mind that kitty requires more configuration to get it up and running so it's targeted at more advanced users)
brew install bash-completionand enable it:
echo "[ -f /usr/local/etc/bash_completion ] && . /usr/local/etc/bash_completion" >> ~/.bashrc"
brew install fzf+
echo "[ -f ~/.fzf.bash ] && source ~/.fzf.bash" >> ~/.bashrc")
export HISTFILESIZE=2000000 export HISTSIZE=1000000 export HISTTIMEFORMAT="%d/%m/%y %T "
brew install kubernetes-helm)
brew cask install minikube) and virtualbox (
brew install doctl)
brew install azure-cli)
pip3 install awscli --upgrade)
brew install watch)
brew install tmux tmate)
brew cask install macdown)
brew install pinentry-mac). To tell your gpg agent to use it:
echo 'pinentry-program /usr/local/bin/pinentry-mac' >> ~/.gnupg/gpg-agent.conf
There are sample brew files in the Infrastructure Project
List of relevant reference material that an engineer may need to brush up on