From Wikitech
Jump to navigation Jump to search

This page is intended to provide brief explanations of commonly used terminology used by Wikimedia Cloud Services.

This page is not exhaustive. Edits are always welcome!

Kinds of users

Account Holders
Any user with a Wikimedia developer account. Can be a member of a Cloud VPS or Toolforge project.
Any user that uses the product of any Cloud VPS or Toolforge project. For instance, a test reader or editor of the Beta Cluster.
Project Admin (projectadmin)
A projectadmin for a project is someone that can manage all resources within the project, such as instance creation/deletion, security group modification, floating IP address allocation, etc..
Operations Engineer (opsen)
A user with super user (root) rights on the underlying Cloud VPS or Toolforge platform.

See also Help:Cloud services user roles and rights.


Bastion host
An instance you use to access other instances. Most instances do not have floating IP addresses assigned, due to our shortage of public IPs. To access them, it's necessary to go through a bastion host as an intermediary. For example is accessible by every Cloud VPS account holder who has been added to the bastion project. There are other bastion hosts, e.g. to access Toolforge. See also Bastion.
Bastion instance
For security purposes most Cloud VPS instances cannot be directly accessed from the Internet. A bastion instance is used to gain ssh access to other instances. The Cloud VPS bastion ( is accessible by every Wikimedia developer account holder who is a member of a Cloud VPS project. Toolforge members are not automatically granted access to the shared Cloud VPS bastion as Toolforge has its own bastion servers (for example:
Floating IP
A public IP address that is associated to an instance via NAT. A floating IP address can be moved between instances at will. With a floating IP, you can add hostnames to the IP address to make public websites; without a floating IP, you need to use a proxy to access your web stuff.
A code review system that manages git repositories. Gerrit provides a simple framework for reviewing every commit before it is accepted into the code base. When a volunteer submits a patch it is reviewed using Gerrit by the project admins before it gets merged to the code base. Accounts in Cloud VPS are linked to Gerrit. See the Gerrit tutorial on for more information.
An instance is a virtual machine. Every instance belongs to a project. We are using EC2/OpenStack terminology here. When creating a new instance, the user can decide how much memory and storage space the virtual machine will have. See Help:Instances for more details.
(deprecated) On its own a terrible ambiguous term, always indicate which Labs labs labs you mean.
(obsolete) This wiki ( used to be known as
the OpenStack software component that powers the virtualisation cluster. "Nova Resource" is a general term for a bunch of things (including instances); one of those things happens to be projects.
PoP (Point of Presence, see Caching overview)
A datacenter that caches content as close to our users as possible.
A collection of resources, like instances, security groups, floating IPs, Puppet groups, etc. A project is a security concept. It's a group of users, a subset of which are given extra permissions as defined by the role: projectadmin. Cloud VPS and Toolforge projects are meant to reflect real-world endeavors, like "tools" or "bots".
A configuration management system. When instances are created, they build themselves according to a set of rules (manifests, template, and files) defined by puppet. (learn more about puppet)
Puppet groups
A collection of puppet variables and classes available for use with instances.
The physical data centers where an instance is. For example if an instance is in "eqiad", it is located on a virtual host server in Wikimedia's Eqiad data center in the Equinix data center near Washington Dulles International Airport (airport code IAD).
Security Group
A set of inbound firewall rules. Each group can have multiple rules, where each rule can be an individual rule (for example: allow tcp port 22 to the CIDR range), or a group rule (allow all traffic from the web group in the testlabs project).
Shell Access
Shell access to Wikimedia Cloud VPS gives you the ability to access the virtual machine instances. It depends on your accounts access rights and the projects you have been assigned. Only project admins are allowed to create and manage instances.
SSH Keys
A pair of authentication keys that allows you to log into Cloud VPS instances without the need of having to constantly type in a password to enter. The public key is uploaded to Cloud VPS and a private key is stored in your own computer. When logging in, the two keys must match before access to an instance is granted (don't worry, it's usually automatic).
Sudo policy
A set of rules to limit the usage of the sudo command within instances of a project. Can be used to specifically limit some users.


Proper name for a bot/webservice/job that runs in Toolforge. (Technical overview) (Simple explanation)
Common name used to the refer to the Toolforge environment where a Tool should run
A collaborative Platform as a Service environment. (Portal)