You are browsing a read-only backup copy of Wikitech. The live site can be found at

Portal:Cloud VPS/Admin/Testing deployment

From Wikitech-static
< Portal:Cloud VPS‎ | Admin
Revision as of 15:44, 6 April 2022 by imported>Arturo Borrero Gonzalez (→‎How to join this deployment for the first time: typo creation)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

This page describes the testing deployment for Cloud VPS, which consists in an OpenStack deployment currently called codfw1dev.


See Portal:Cloud_VPS/Admin/Deployments for server allocations

Specific links:

How to join this deployment for the first time

Account creation is disabled in labtestwikitech by default, to prevent random people playing in the wiki. To briefly enable account creation, change the boolean permission in the settings. The change will be live with just writing to the file, no need to restart any service. Make sure the permission is true for as short time as possible.

root@cloudweb2001-dev:~# nano /srv/mediawiki/wmf-config/CommonSettings.php
        if ( $wgDBname === 'labtestwiki' ) {
                # We don't want random strangers playing on this wiki
                $wgGroupPermissions['*']['createaccount'] = false;
  • Enable 2FA
  • Get your account added to some random project. Otherwise horizon won't let you pass the login page.

SSH access

Something like this is needed in your personal ssh config:

Host *
    User mycodfw1devuser
    IdentityFile ~/.ssh/wmf_cloud_user_codfw1dev
    IdentitiesOnly yes
    ForwardAgent no
    IdentityAgent /run/user/1000/ssh-wmf-cloud-codfw1dev.socket
    AddKeysToAgent yes

Match user root host *
    User root
    IdentityFile ~/.ssh/wmf_cloud_root_codfw1dev
    IdentitiesOnly yes
    ForwardAgent no
    IdentityAgent /run/user/1000/ssh-wmf-cloud-codfw1dev-root.socket
    AddKeysToAgent yes

Host *
    User mycodfw1devuser
    IdentityFile ~/.ssh/wmf_cloud_user_codfw1dev
    IdentitiesOnly yes
    ForwardAgent no
    IdentityAgent /run/user/1000/ssh-wmf-cloud-codfw1dev.socket
    AddKeysToAgent yes
Host *
    ProxyCommand ssh -a -W %h:%p

The config uses IdentityAgent to avoid typing the key password over and over again.

If you have your SSH keys correctly set in the your account (in LDAP/labtestwikitech), then you can use ssh like in eqiad1:

user@laptop:~$ ssh
[.. works ..]
user@laptop:~$ ssh
[.. works ..]


The LDAP server for codfw1dev is in (as of 2021-09-27).

Raw interactions with the LDAP tree are a bit different than described at SRE/LDAP because most of the wrappers and pre-made configs aren't there.

For reference, here is an example of a raw search:

root@cloudservices2002-dev:~# ldapsearch -x uid=manila-srv
dn: uid=manila-srv,ou=people,dc=wikimedia,dc=org
uid: manila-srv
sn: Manila
cn: Manila
objectClass: inetOrgPerson
objectClass: person
objectClass: ldapPublicKey
objectClass: posixAccount
objectClass: shadowAccount
uidNumber: 14023
gidNumber: 500
homeDirectory: /home/manila
loginShell: /bin/bash

Example of renaming an entry. First get the admin password in a control server (or a puppetmaster private repo):

root@cloudcontrol2001-dev:~# grep OS_PASSWORD /etc/novaadmin.yaml 
OS_PASSWORD: "password"

Then use it when prompted like this:

root@cloudservices2002-dev:~# cat file.ldif 
dn: uid=manila,ou=people,dc=wikimedia,dc=org
changetype: modrdn
newrdn: uid=manila-srv
deleteoldrdn: 1

root@cloudservices2002-dev:~# ldapmodify -x -D 'uid=novaadmin,ou=people,dc=wikimedia,dc=org' -W -f file.ldif 
Enter LDAP Password: 
modifying rdn of entry "uid=manila,ou=people,dc=wikimedia,dc=org"

More information about raw operations can be found online.