|
Size: 4394
Comment:
|
Size: 6479
Comment: add matrix
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| Admin tasks to do when someone joins or leave FSFE. This can be volunteer core team members, interns, staff, or GA members. | ## page was renamed from TechDocs/TechnicalProcesses/UserCreationAndDeletion #pragma section-numbers 2 |
| Line 3: | Line 4: |
| = When someone joins = | = Processes for joining or leaving team members = |
| Line 5: | Line 6: |
| === Supporter account === | Admin tasks to do when someone joins or leaves the FSFE. This can be volunteer core team members, interns, staff, or GA members. |
| Line 7: | Line 8: |
| Go to this page [[https://wiki.fsfe.org/KnowHow/FSFELife/VolunteerAccountCreation|VolunteerAccountCreation]] and create him / her a new supporter account. | If the person leaves the FSFE or her employment ends, you have to revert most or all steps. |
| Line 9: | Line 10: |
| === Mailing lists === | == FSFE account == If the person doesn't have an FSFE account yet, ask her to create a new account by becoming [[https://fsfe.org/join|supporter]] or [[https://wiki.fsfe.org/KnowHow/FSFELife/VolunteerAccountCreation|volunteer]]. In the latter case, the account has to be manually activated. Ask them to write an email to contact@fsfe.org to make the account managers aware of it. They should then report back to you to allow you to execute the next steps. == Mailing Lists == |
| Line 15: | Line 22: |
| ''System Hackers'': system-hackers@<<BR>> | |
| Line 17: | Line 25: |
| On cavendish, you can run `/root/bin/scan-mlist-member user@fsfe.org` to check a person's membership of possibly sensible mailing lists. | On the server list1, you can run `find_member user@fsfe.org` to check a person's membership of possibly sensible mailing lists. |
| Line 19: | Line 27: |
| === Welcome message === | == LDAP team group == |
| Line 21: | Line 29: |
| Send the "welcome message" (see Services/Internal/UserManagement/welcome_template.txt in the technology SVN repository) to the new team member, replacing the `FILLME` placeholders with proper values. |
Add the new team member (being in the European core team, an intern or an employee) to the "team" group in the LDAP database |
| Line 26: | Line 31: |
| === LDAP team group === Add the new team member to the "team" group in the LDAP database Log into the LDAP server and run |
Log into the LDAP server (berzelius) and run |
| Line 36: | Line 37: |
| Look for the "team" entry and add a "member" attribute for the new member (if the person is also a GA member, also add him to the "ga" entry) |
For each CN, there is a separate section. Add the person to the appropriate sections. |
| Line 39: | Line 39: |
| More info about ldapvi at: SVN:/sysadmin/Documentation/Services/LDAP/ldap_admin.txt | ''Team'': team<<BR>> ''Intern/Employee'': team, staff<<BR>> ''System Hackers'': sysadm<<BR>> ''GA'': team, ga |
| Line 41: | Line 44: |
| === Access to the wiki internal pages === | More info about ldapvi in the [[https://git.fsfe.org/fsfe-system-hackers/documentation/src/branch/master/SERVICES/LDAP|syshackers documentation]]. |
| Line 43: | Line 46: |
| Add the new team member to the wiki page [[https://wiki.fsfe.org/Group/Team|Group/Team]]. For GA members, repeat the same with [[https://wiki.fsfe.org/Group/GA|Group/GA]]. Please note that usernames are case sensitive! |
== Access to the wiki internal pages == |
| Line 46: | Line 48: |
| This page defines a group of wiki users that have access to | In order to allow users to access restricted pages, you have to add them to Wiki groups by adding their FSFE accout name in a list. Please note that usernames are case sensitive! These pages define a group of wiki users that have access to |
| Line 51: | Line 55: |
| === Jabber: access to chitchat === | ''Team'': [[https://wiki.fsfe.org/Group/Team|Group/Team]]<<BR>> ''Intern/Employee'': [[https://wiki.fsfe.org/Group/Team|Group/Team]]<<BR>> ''GA'': [[https://wiki.fsfe.org/Group/Team|Group/Team]], [[https://wiki.fsfe.org/Group/GA|Group/GA]] |
| Line 53: | Line 59: |
| Add the jabberid to the access list of the chitchat room (can be done via jabber client) |
== XMPP/Jabber == |
| Line 56: | Line 61: |
| Employees have to and interested core team members can be member of the ''chitchat'' XMPP room. | |
| Line 57: | Line 63: |
| === OTRS === | Room moderators have to add the jabberid to the access list of the room. This can be done via XMPP clients. Please note that the Jabber account has to exist. ''Intern/Employee'' (mandatory): chitchat<<BR>> ''Team/GA'' (optional): chitchat<<BR>> == Matrix == Employees have to and interested core team members can be member of the ''#team:fsfe.org'' Matrix room. Room moderators have invite the new user's Matrix ID. Please note that the Matrix account has to exist. ''Intern/Employee'' (mandatory): #team:fsfe.org<<BR>> ''Team/GA'' (optional): #team:fsfe.org<<BR>> ''System Hackers'': #syshackers:fsfe.org == OTRS == |
| Line 62: | Line 83: |
| * For interns, add them to Shipping queue * For someone involved in the technical infrastructure, add him / her to the System Administration queue |
''Team'': depends on individual interests and positions<<BR>> ''Intern'': Shipping<<BR>> ''Employee'': depending on work areas<<BR>> ''System Hackers'': System Administrators<<BR>> ''GA'': depends on individual interests and positions |
| Line 69: | Line 93: |
| If a person leaves, please make sure to transfer ownership of the remaining open tickets to someone else. | |
| Line 70: | Line 95: |
| == Git / Gitea teams == | |
| Line 71: | Line 97: |
| Since some of our files and knowledge resides on git.fsfe.org, new people have to be added to some teams in order to access their repositories. Please note that you can only add users who logged in to Gitea at least once. | |
| Line 72: | Line 99: |
| === SVN repositories === | ''Team'': [[https://git.fsfe.org/org/FSFE/teams/team|FSFE/team]]<<BR>> ''Intern/Employee'': [[https://git.fsfe.org/org/FSFE/teams/team|FSFE/team]], [[https://git.fsfe.org/org/FSFE/teams/staff|FSFE/staff]]<<BR>> ''System Hackers'': [[https://git.fsfe.org/org/fsfe-system-hackers/teams/systemhackers|fsfe-system-hackers/systemhackers]]<<BR>> ''GA'': [[https://git.fsfe.org/org/FSFE/teams/team|FSFE/team]], [[https://git.fsfe.org/org/fsfe-ga/teams/members|FSFE-GA/members]] |
| Line 74: | Line 104: |
| Add the new member to the "fsfe-team" list in the file auer:/etc/apache2/svn/svnaccess. Please note that usernames are case sensitive! | == Wekan == |
| Line 76: | Line 106: |
| Internal SVN repository: point the person to the usage instructions at [[https://wiki.fsfe.org/Internal/SVN]]. |
Some groups use Kanboard extensively. |
| Line 79: | Line 108: |
| === Git repository === | ''Intern/Employee'': [[https://kan.fsfe.org/b/6dQHBrQhnmfcwKNd6/weekly-planing|Weekly Staff Planning]], [[https://kan.fsfe.org/b/WkomntMjpnkBebXoR/retrospective-2017-10-19|Retrospective]]<<BR>> ''System Hackers'': [[https://kan.fsfe.org/b/M5seFnLuKnGQ6Qwa7/syshackers|System Hackers]] |
| Line 81: | Line 111: |
| Team members shall be added to [[https://git.fsfe.org/org/FSFE/teams/team|FSFE/team]]. GA members are additionally to be added to [[https://git.fsfe.org/org/fsfe-ga/teams/members|FSFE-GA/members]], employees to [[https://git.fsfe.org/org/FSFE/teams/staff|FSFE/staff]]. | Please note that when removing a person from a huge board with many (also archived) cards, the process might take quite long. Do not close the board immediately but wait for Wekan going through all cards and removing the person from them. == Nextcloud == Some groups use our Nextcloud installation. Most groups are synced with LDAP, so no need for you to do anything here. == Passbolt == Select teams have access to our Passbolt installation which is independent of LDAP or other services. New users can be invited from within the web interface, and afterwards added to their respective fine-grained groups. Removed users can just be deleted altogether. It might make sense to rotate the preceding HTTP Basic Auth Password once in a while. == Welcome message == Send the [[TechDocs/TechnicalProcesses/NewPeople/WelcomeMail|Welcome Message]] to the new team member, replacing the `FILLME` placeholders with proper values. |
| Line 85: | Line 131: |
| === Mailing lists === | Please do the opposite for all the things explained above. |
| Line 87: | Line 133: |
| Remove the person from team@, staff@ mailing lists, and possibly ga@ as well for leaving GA members. | System Hackers coordinators and the FSFE Council can review [[https://git.fsfe.org/fsfe-system-hackers/accesses|this repository]] to see access reports. |
| Line 89: | Line 135: |
| === LDAP team group === Remove the former team member of the "team" group in the LDAP database Log into the LDAP server and run {{{ ldapvi -D 'cn=admin,dc=fsfe,dc=org' -b 'ou=groups,dc=fsfe,dc=org' }}} Look for the "team" entry and remove the person from the "member" attribute (if the person is also a GA member, do the same for the "ga" entry) More info about ldapvi at: SVN:/sysadmin/Documentation/Services/LDAP/ldap_admin.txt === Git repository === For GA members, remove the person from the [[https://git.fsfe.org/org/fsfe-ga/teams/members|ga group]]. === Server access and other servies === Go to [[https://git.fsfe.org/fsfe-system-hackers/accesses|this repository]] (or ask someone to do it for you) and check if the leaving person has any remaining access. === SVN repositories === Remove the member from the "fsfe-team" list in the file auer:/etc/apache2/svn/svnaccess. === Jabber: access to chitchat === Remove the jabberid from the access list of the chitchat room (can be done via jabber client) === Wiki: access to internal pages === Remove the new member from the wiki page https://wiki.fsfe.org/TeamGroup |
Also, when people are leaving the organization, they sometime want to keep working for FSFE as volunteers. Please ask the person if he / she wants to keep some user account to keep doing things as a volunteer. |
Processes for joining or leaving team members
Admin tasks to do when someone joins or leaves the FSFE. This can be volunteer core team members, interns, staff, or GA members.
If the person leaves the FSFE or her employment ends, you have to revert most or all steps.
1. FSFE account
If the person doesn't have an FSFE account yet, ask her to create a new account by becoming supporter or volunteer.
In the latter case, the account has to be manually activated. Ask them to write an email to contact@fsfe.org to make the account managers aware of it. They should then report back to you to allow you to execute the next steps.
2. Mailing Lists
Add the person to important mailing lists, depending on her position:
Team: team@
Intern/Employee: team@, staff@
System Hackers: system-hackers@
GA: team@, ga@
On the server list1, you can run find_member user@fsfe.org to check a person's membership of possibly sensible mailing lists.
3. LDAP team group
Add the new team member (being in the European core team, an intern or an employee) to the "team" group in the LDAP database
Log into the LDAP server (berzelius) and run
ldapvi -D 'cn=admin,dc=fsfe,dc=org' -b 'ou=groups,dc=fsfe,dc=org'
For each CN, there is a separate section. Add the person to the appropriate sections.
Team: team
Intern/Employee: team, staff
System Hackers: sysadm
GA: team, ga
More info about ldapvi in the syshackers documentation.
4. Access to the wiki internal pages
In order to allow users to access restricted pages, you have to add them to Wiki groups by adding their FSFE accout name in a list. Please note that usernames are case sensitive!
These pages define a group of wiki users that have access to some restricted pages (usually dealing with internal team matters). See this page for further instructions.
Team: Group/Team
Intern/Employee: Group/Team
GA: Group/Team, Group/GA
5. XMPP/Jabber
Employees have to and interested core team members can be member of the chitchat XMPP room.
Room moderators have to add the jabberid to the access list of the room. This can be done via XMPP clients. Please note that the Jabber account has to exist.
Intern/Employee (mandatory): chitchat
Team/GA (optional): chitchat
6. Matrix
Employees have to and interested core team members can be member of the #team:fsfe.org Matrix room.
Room moderators have invite the new user's Matrix ID. Please note that the Matrix account has to exist.
Intern/Employee (mandatory): #team:fsfe.org
Team/GA (optional): #team:fsfe.org
System Hackers: #syshackers:fsfe.org
7. OTRS
OTRS is our ticket system. Please add the person to the relevant queues.
Team: depends on individual interests and positions
Intern: Shipping
Employee: depending on work areas
System Hackers: System Administrators
GA: depends on individual interests and positions
Please follow this procedure and this one.
If a person leaves, please make sure to transfer ownership of the remaining open tickets to someone else.
8. Git / Gitea teams
Since some of our files and knowledge resides on git.fsfe.org, new people have to be added to some teams in order to access their repositories. Please note that you can only add users who logged in to Gitea at least once.
Team: FSFE/team
Intern/Employee: FSFE/team, FSFE/staff
System Hackers: fsfe-system-hackers/systemhackers
GA: FSFE/team, FSFE-GA/members
9. Wekan
Some groups use Kanboard extensively.
Intern/Employee: Weekly Staff Planning, Retrospective
System Hackers: System Hackers
Please note that when removing a person from a huge board with many (also archived) cards, the process might take quite long. Do not close the board immediately but wait for Wekan going through all cards and removing the person from them.
10. Nextcloud
Some groups use our Nextcloud installation. Most groups are synced with LDAP, so no need for you to do anything here.
11. Passbolt
Select teams have access to our Passbolt installation which is independent of LDAP or other services.
New users can be invited from within the web interface, and afterwards added to their respective fine-grained groups. Removed users can just be deleted altogether.
It might make sense to rotate the preceding HTTP Basic Auth Password once in a while.
12. Welcome message
Send the Welcome Message to the new team member, replacing the FILLME placeholders with proper values.
When someone leaves
Please do the opposite for all the things explained above.
System Hackers coordinators and the FSFE Council can review this repository to see access reports.
Also, when people are leaving the organization, they sometime want to keep working for FSFE as volunteers. Please ask the person if he / she wants to keep some user account to keep doing things as a volunteer.