You are browsing a read-only backup copy of Wikitech. The live site can be found at


From Wikitech-static
Revision as of 21:38, 5 October 2017 by imported>MusikAnimal (php5-intl)
Jump to navigation Jump to search
Toolforge tools
Crystal Clear app package utilities.png XTools
XTools logo.svg
Description Suite of tools to analyze user and page data on WMF wikis
Keywords xtools, statistics, analytics
Author(s) Matthewrbowker, MusikAnimal, Samwilson
adapted from older version by X! and Hedonil
Maintainer(s) Matthewrbowker, MusikAnimal, Samwilson (View all)
Source code GitHub (Mirrored on Phabricator as rXTR)
License GNU General Public License 3.0 or later
Issues Open tasks · Report a bug
Admin log Nova Resource:Tools.xtools/SAL
Nova Resource:Tools.xtools-dev/SAL

This page is for documentation relating to the WMF installations of XTools at (production) and (staging). For general installation, configuration, and development of the XTools software, please see

There are three instances currently configured, one for staging, one for the main production app server, and one for the API (view details in the Openstack browser). The prod instances relate to the Toolforge account xtools, and the staging instance relates to xtools-dev; these are where the matching database users come from, and where we send maintainers' emails.

Note to maintainers: we don't backup any server configuration, so please document everything here (until task T170514 is resolved).


The maintainers can be emailed at (note that this means that the maintainers of three separate things need to be kept in sync: the VPS account and the two Toolforge accounts).


Production XTools is hosted on on a Wikimedia VPS instance. To log into the server, make sure you've been added as a maintainer to the xtools project. Then set up SSH and connect via ssh xtools-prod01.xtools.eqiad.wmflabs and go to the /var/www directory. Not quite everything in this directory is in the Git repository.

Logs are written to /var/www/var/logs/prod.log, but only during a request where an error or high-priority log entry was made. This is why you'll see debug-level log entries in prod.log. You might also need to check /var/log/apache2/error.log for Apache-level errors.

Web access stats are available at

OAuth consumer: XTools 1.0

Database is s51187__xtools_prod on tools.labsdb, we're connecting as user s51187 (which is the same as the old XTools database user).

Web server configuration is all in /etc/apache2/sites-available/xtools.conf.

There's a /var/www/ script that runs every 10 minutes (from www-data's crontab) and if required updates to the latest release. The output of this is mailed to the maintainers.

There is also a dedicated API server, which lives at xtools-prod02.xtools.eqiad.wmflabs. All requests to go to this server.

Building a new instance

First create a new instance running on debian-jessie. Any production node should be at least a m1.medium with 4 GB of RAM, but for the main app server a m1.large is probably best.

Once the instance has been spawned, SSH in and follow these steps:

  1. Install PHP along with some dependencies (from
    sudo apt-get install php5-common libapache2-mod-php5 php5-cli
    sudo apt-get install php5-mysql php5-curl php5-intl
  2. Install Node and npm.
    sudo apt-get install nodejs
    sudo apt-get install npm
  3. Symlink nodejs to node, so the uglify-js plugin runs the right command.
    sudo ln -s /usr/bin/nodejs /usr/bin/node
  4. Install composer by following these instructions, but make sure to install to the /usr/local/bin directory and with the filename composer, e.g.:
    sudo php composer-setup.php --install-dir=/usr/local/bin --filename=composer
  5. Clone the repository, first removing the html directory created by Apache.
    cd /var/www && sudo rm -rf html
    sudo git clone .
  6. Run composer install and fill in the necessary parameters, using as a guide. For most options you can use the default.
  7. Create the deploy script at /var/www/ with the following:
    cd /var/www
    git fetch --quiet origin 2>&1
    ## Find the highest and current tags
    HIGHEST_TAG=$(git tag | sort --version-sort | tail --lines 1)
    CURRENT_TAG=$(git describe --tags)
    ## Exit and say nothing if we're already at the highest tag.
    if [[ $CURRENT_TAG == $HIGHEST_TAG ]]; then
        # The following line can be temporarily uncommented as-needed
        # to force www-data to clear the production cache:
        # ./bin/console cache:clear --env prod
        exit 0
    ## If there's an update, pull and install it.
    git checkout $HIGHEST_TAG
    export SYMFONY_ENV=prod
    /usr/local/bin/composer install --no-dev --optimize-autoloader
    ./bin/console cache:clear --env prod
    ./bin/console doctrine:migrations:migrate --env prod --no-interaction
    ./bin/console assetic:dump --env prod
  8. Make sure the deploy script is executable, and that all the files in the repo are owned by www-data.
    sudo chmod 744
    sudo chown -R www-data:www-data .
  9. Create the web server configuration file at /etc/apache2/sites-available/xtools.conf with the following:
    <VirtualHost *:80>
            DocumentRoot /var/www/web
            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined
            <Directory /var/www/web/>
                 Options Indexes FollowSymLinks
                 AllowOverride All
                 Require all granted
            # Deny access to known spiders.
            SetEnvIfNoCase User-Agent "(Baiduspider|CCBot|scrapy\.org|kinshoobot|YisouSpider|Sogou web spider|yandex\.com/bots|TweetmemeBot|SeznamBot|datasift\.com/bot|Googlebot|Yahoo! Slurp|Python-urllib|BehloolBot|MJ12bot)" bad_bot
            <Directory /var/www/>
                    Options Indexes FollowSymLinks
                    AllowOverride None
                    Require all granted
                    Deny from env=bad_bot
            Alias /awstatsclasses "/usr/share/awstats/lib/"
            Alias /awstats-icon/ "/usr/share/awstats/icon/"
            Alias /awstatscss "/usr/share/doc/awstats/examples/css"
            ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
            ScriptAlias /awstats/ /usr/lib/cgi-bin/
            <Directory /usr/lib/cgi-bin/>
                    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                    Require all granted
            SetEnvIf Request_URI "^/robots\.txt$" dontlog
            RewriteEngine On
            RewriteCond %{HTTP:X-Forwarded-Proto} !https
            RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
  10. Enable the mod-rewrite Apache module, and enable the web server configuration.
    sudo a2enmod rewrite
    sudo a2ensite xtools
    sudo service apache2 reload
  11. Setup the crontab to run the deploy script every 10 minutes. We'll do this under the www-data user.
    sudo su root
    sudo crontab -e -u www-data
    Then add this to the bottom of the crontab:
    */10 * * * * /var/www/
  12. Wait for the email indicating composer ran successfully, assets were dumped, etc. If all goes well, you need only to gracefully (re)start apache, which is how you should always restart apache on production:
    sudo apachectl -k graceful

Setting up an API server

The API server itself can be built the same as the app server, except you'll need to update the ServerName in xtools.conf with the correct domain. Beyond that, we just need to configure proxy settings on the main app server so that all requests to /api go to the API server. You can this by following these steps:

  1. Install libapache2-mod-proxy-html and libxml2-dev
    sudo apt-get install libapache2-mod-proxy-html libxml2-dev
  2. Enable the necessary modules (if some are already enabled it will simply make sure they are active):
    sudo a2enmod proxy
    sudo a2enmod proxy_http
    sudo a2enmod proxy_ajp
    sudo a2enmod rewrite
    sudo a2enmod deflate
    sudo a2enmod headers
    sudo a2enmod proxy_balancer
    sudo a2enmod proxy_connect
    sudo a2enmod proxy_html
    sudo a2enmod xml2enc
  3. And in /etc/apache2/sites-available/xtools.conf, within the <VirtualHost> block, add this to the bottom:
    ProxyPreserveHost On
    ProxyPass /api http://X.X.X.X:80/app.php/api
    ProxyPassReverse /api http://X.X.X.X:80/app.php/api
    ...replacing X.X.X.X with the IP of the API server.
  4. Finally, restart apache with sudo apachectl -k graceful


SSH to xtools-dev02.xtools.eqiad.wmflabs (see notes above in #Production about getting access).

Database is s53003__xtools_dev on tools.labsdb, we're connecting as user s53003.

OAuth consumer: xtools-dev 1.0

The code on the staging server is kept up to date with the master branch with the following /var/www/ script (run every 10 minutes from www-data's crontab):


export SYMFONY_ENV=prod
cd /var/www

## See if there's any update.
GITFETCH=$(git fetch && git diff origin/api-key 2>&1)
if [ -z "$GITFETCH" ]; then
        exit 0

## If there's an update, pull and install it.
git checkout master
git pull origin master
/usr/local/bin/composer install --no-dev --optimize-autoloader
./bin/console cache:clear --env prod
./bin/console doctrine:migrations:migrate --env prod --no-interaction
./bin/console assetic:dump --env prod

Setting up the staging server is the same as production, except you would use a smaller box (m1.small), and use the above deploy script instead of the one that goes off of tags. You also need to update the ServerName in xtools.conf accordingly.

Killing slow queries

Both servers run slow-query killing scripts for their respective database users.

Slow queries are killed with pt-kill by this daemon (see /var/www/

/usr/local/bin/pt-kill --user=xxxx --password=xxxx --host=enwiki.labsdb \
    --busy-time=90 \
    --log /var/www/web/killed_slow_queries.txt \
    --match-info "^(select|SELECT|Select)" \
    --kill --print --daemonize --verbose

The daemon can be stopped at any time by creating /tmp/pt-kill-sentinel.

The killed queries are publicly logged for both production and staging.

These logs are kept to a maximum of 2 1 kb files via /etc/logrotate.d/xtools:

/var/www/web/killed_slow_queries.txt {
    size 1k
    rotate 2

Note also that pt-kill is installed manually (it's just a single Perl file),

and that it requires libdbi-perl and libdbd-mysql-perl.

Installation on Toolforge

Old XTools is still installed on Toolforge at and new XTools was previously installed at — the instructions here are for the latter.

To create a XTools project on Toolforge:

  • git clone
  • composer install
  • You will be asked a series of questions. See for documentation. For Toolforge:
    • wiki_url – leave blank
    • app.is_labs = 1
    • app.single_wiki = 0
    • app.load_stylesheets_from_cdn = 0
    • app.replag_threshold = 30
    • Enable the tool that you are setting up, and set the rest to 0
  • You can use the app/config/table_map.yml file to force the app to use certain tables in place of the defaults. For instance on Toolforge, you'll want to map revision to revision_userindex since it will be faster.
  • Set the .lighttpd.conf file to:
    url.rewrite-if-not-file += (
      "(.*)" => "/xtools-dev/app.php/$0",
      "^/$" => "$0"
  • Start the webservice with webservice --backend=kubernetes start

See also