You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

Portal:Toolforge/Admin/Toolsbeta

From Wikitech-static
Jump to navigation Jump to search

This page contains specific information about Toolsbeta, which is the Toolforge mirror deployment for staging/testing/development.

Is a Cloud VPS project with basically the same components as in tools, barring some differences, which are described in this page.

Access

Some notes on accessing toolsbeta.

ssh

SSH access to Toolsbeta VMs is like for any other Cloud VPS project.

web

Access to Toolsbeta webservices (tools webservices) needs to use a special URL, a mirror of toolforge.org. This URL is toolsbeta.wmflabs.org which is a FQDN that points to a front-proxy VM internal IPv4 address.

You can run this kind of queries from inside the cloud virtual network:

aborrero@toolsbeta-sgebastion-11:~$ curl -I https://test.toolsbeta.wmflabs.org
HTTP/2 200
server: nginx/1.14.2
date: Tue, 15 Feb 2022 11:29:26 GMT
content-type: text/html; charset=utf-8
content-length: 2432

Operational notes

Some operational notes.

tool accounts in toolsbeta

There are several pre-defined tool account in toolsbeta, most of them set up for testing purposes, examples:

root@toolsbeta-sgebastion-05:~# become test
toolsbeta.test@toolsbeta-sgebastion-05:~$ qstat
toolsbeta.test@toolsbeta-sgebastion-05:~$ kubectl get all
No resources found in tool-test namespace.

A quick way to detect such accounts is:

root@toolsbeta-sgebastion-05:~# ls /data/project
admin  fourohfour  grafana  herald  paws  pvs  test  test2  test3  test4  test6  test7  test8  toolschecker

create a tool account in toolsbeta

Should you need to create another account, follow these steps.

First, create a LDAP file with content:

dn: cn=toolsbeta.mytool,ou=servicegroups,dc=wikimedia,dc=org
objectClass: top
objectClass: posixGroup
objectClass: groupOfNames
gidNumber: YYYYY
cn: toolsbeta.mytool
member: uid=aborrero,ou=people,dc=wikimedia,dc=org
member: uid=andrew,ou=people,dc=wikimedia,dc=org
member: uid=bd808,ou=people,dc=wikimedia,dc=org
member: uid=dcaro,ou=people,dc=wikimedia,dc=org
member: uid=mdipietro,ou=people,dc=wikimedia,dc=org

dn: uid=toolsbeta.mytool,ou=people,ou=servicegroups,dc=wikimedia,dc=org
objectClass: shadowAccount
objectClass: posixAccount
objectClass: person
objectClass: top
cn: toolsbeta.mytool
uidNumber: XXXXX
gidNumber: YYYYY
homeDirectory: /data/project/mytool
loginShell: /bin/bash
sn: toolsbeta.mytool
uid: toolsbeta.mytool

Where uidNumber and gidNumber have values that you will need to figure out on your own, some non-perfect method is:

root@toolsbeta-sgebastion-05:~# id -g 54870
54870
root@toolsbeta-sgebastion-05:~# id -g 54871
54871
root@toolsbeta-sgebastion-05:~# id -g 54872
id: ‘54872’: no such user

That means 54872 is empty, and you should be fine to use it in your LDIF file. Update the file and then load it:

root@mwmaint1002:~# ldapadd -x -h serpens.wikimedia.org -p 389  -D "cn=admin,dc=wikimedia,dc=org" -W -f myfile.ldif
Enter LDAP Password:
adding new entry "cn=toolsbeta.mytool,ou=servicegroups,dc=wikimedia,dc=org"
adding new entry "uid=toolsbeta.mytool,ou=people,ou=servicegroups,dc=wikimedia,dc=org"

The prompted password is openldap-labs from Pwstore.

You can check that everything worked with:

root@toolsbeta-sgebastion-05:~# id toolsbeta.mytool
uid=54872(toolsbeta.mytool) gid=54872 groups=54872
root@toolsbeta-sgebastion-05:~# id myuser
uid=18194(aborrero) gid=500(wikidev) groups=500(wikidev),700(ops),50062(project-bastion),50610(project-toolsbeta),53280(toolsbeta.mytool),[..]
                                                                                                                        ^^^^^^^^^^^^^^^^

TODO: https://github.com/toolforge/toolsctl

See also

TODO.