Self-Service Guides

Philosophy

Empower the team to move fast without waiting for approvals. Most common tasks should be self-service with automated guardrails.

Quick Links

I need to...

• 🚀 Launch a new service
• 👤 Onboard a new team member
• 🔧 Perform common infrastructure tasks
• 🐛 Troubleshoot common issues

Self-Service vs. Approval Required

✅ Self-Service (No Approval Needed)

Access:

• Development environment access
• Staging environment access
• GitHub team membership (via Keycloak group)
• Netbird VPN for dev/staging
• Read-only production access

Infrastructure:

• Deploy to staging
• Run tests in CI/CD
• Create feature branches
• Provision development servers

Development:

• Create pull requests
• Merge PRs (after CI passes + peer review)
• Run database migrations in dev/staging
• Update documentation

⚠️ Approval Required

Access:

• Production write access (manager approval)
• Infrastructure admin (DevOps lead approval)
• Root/sudo on production (incident only)

Infrastructure:

• Deploy to production (manual trigger + approval)
• Modify production databases directly
• Change DNS or load balancer config
• Modify firewall rules

Costs:

• Provision new production servers (budget approval)
• Purchase new services (manager approval)
• Increase cloud resource limits

Common Self-Service Tasks

Deploy to Staging

# Automatic after merging to main
git checkout main
git pull
git push origin main

# GitHub Actions automatically deploys to staging
# Check #deployments channel in Rocket.Chat for status

Request Access

# In Rocket.Chat
/access request resource=production-read justification="On-call this week"

# Manager approves via 👍 emoji
# Access granted within 5 minutes

Provision Development Server

# 1. Add to inventory
vim infrastructure/inventory/development/hosts.yml

# 2. Run provisioning playbook
ansible-playbook playbooks/bootstrap.yml -i inventory/development -l new-dev-server

# 3. Apply role configuration
ansible-playbook playbooks/web_servers.yml -i inventory/development -l new-dev-server

Create New Repository

1. Create repo on GitHub
2. Add teams:
   • @all-engineering → Read
   • @<your-team> → Write
   • @devops-team → Admin
3. Set up branch protection on main
4. Add required CI workflows
5. Announce in #engineering channel

Detailed guide: New Service Checklist

Getting Help

Stuck on something?

1. Check this documentation first
2. Search Rocket.Chat history (#engineering, #devops)
3. Ask in appropriate channel:
   • Technical questions → #engineering
   • Infrastructure → #devops
   • Access issues → #it-support
   • Security concerns → #security
4. Tag relevant team: @backend-team, @devops, @security-team

Urgent issues?

• Production incident → #incidents channel, mention @oncall
• Security issue → #security channel, mention @security-team

Feedback

These guides not helpful? Help us improve:

1. Create issue in this docs repo
2. Suggest improvements in #engineering channel
3. Submit PR with your changes
4. Talk to DevOps lead

Goal: Make common tasks so easy that no one needs approval workflows.