From Wikitech
(Redirected from Help:Terminology)
Jump to navigation Jump to search
This page requires regular review to add new terms and phrases and remove ones no longer in use:

Bastion host
An instance you use to access other instances. Most instances do not have floating IP addresses assigned, due to our shortage of public IPs. To access them, it's necessary to go through a bastion host as an intermediary. For example is accessible by every Cloud VPS account holder who has been added to the bastion project. There are other bastion hosts, e.g. to access Toolforge. See also Bastion.
Bastion instance
For security purposes most Cloud VPS instances cannot be directly accessed from the Internet. A bastion instance is used to gain ssh access to other instances. The Cloud VPS bastion ( is accessible by every Wikimedia developer account holder who is a member of a Cloud VPS project. Toolforge members are not automatically granted access to the shared Cloud VPS bastion as Toolforge has its own bastion servers (for example:
Floating IP
A public IP address that is associated to an instance via NAT. A floating IP address can be moved between instances at will. With a floating IP, you can add hostnames to the IP address to make public websites; without a floating IP, you need to use a proxy to access your web stuff.
An instance is a virtual machine. Every instance belongs to a project. We are using EC2/OpenStack terminology here. When creating a new instance, the user can decide how much memory and storage space the virtual machine will have. See Help:Instances for more details.
the OpenStack software component that powers the virtualisation cluster. "Nova Resource" is a general term for a bunch of things (including instances); one of those things happens to be projects.
PoP (Point of Presence, see Caching overview)
A datacenter that caches content as close to our users as possible.
A collection of resources, like instances, security groups, floating IPs, Puppet groups, etc. A project is a security concept. It's a group of users, a subset of which are given extra permissions as defined by the role: projectadmin. Cloud VPS and Toolforge projects are meant to reflect real-world endeavors, like "tools" or "bots".
A configuration management system. When instances are created, they build themselves according to a set of rules (manifests, template, and files) defined by puppet. (learn more about puppet)
Puppet groups
A collection of puppet variables and classes available for use with instances.
The physical data centers where an instance is. For example if an instance is in "eqiad", it is located on a virtual host server in Wikimedia's Eqiad data center in the Equinix data center near Washington Dulles International Airport (airport code IAD).
Security Group
A set of inbound firewall rules. Each group can have multiple rules, where each rule can be an individual rule (for example: allow tcp port 22 to the CIDR range), or a group rule (allow all traffic from the web group in the testlabs project).
Shell Access
Shell access to Wikimedia Cloud VPS gives you the ability to access the virtual machine instances. It depends on your accounts access rights and the projects you have been assigned. Only project admins are allowed to create and manage instances.
Sudo policy
A set of rules to limit the usage of the sudo command within instances of a project. Can be used to specifically limit some users.