Nova Resource:Account-creation-assistance

From Wikitech
Project Name account-creation-assistance
Details,
admins/members 		openstack-browser
Monitoring

Account Creation Assistance tool

Description

A test environment for the Account Creation Assistance project on the English Wikipedia

Purpose

To aid new users to create accounts (adding a human eye to the process when AntiSpoof or TitleBlacklist is hit so we can override if necessary). See WP:ACC for more information.

Anticipated traffic level

approx 5000 web hits per day

Anticipated time span

indefinite

Project status

currently running

Contact address

accounts-enwiki-l@lists.wikimedia.org

Willing to take contributors or not

We're happy to take contributors, but nobody should be added to this project on Wikitech. Send them our way instead.

Subject area narrow or broad

narrow

Live server is accounts-appserver6. Database server is accounts-db6.

Setup

Legacy information, probably no longer relevant
The following content has been placed in a collapsed box for improved usability.

accounts-db4

This is a new stretch instance. As much as possible, I'm trying to avoid touching the default configuration files. 

sudo apt-get install mariadb-server percona-toolkit

As such, customised mariadb configuration is in /etc/mysql/mariadb.conf.d/60-acc-config.cnf 

 [mysqld]
 # Network
 bind-address            = 0.0.0.0 

 # Replication
 server_id               = 4
 log_bin                 = /var/log/mysql/mysql-bin.log
 
 # Query logging
 slow_query_log_file     = /var/log/mysql/mysql-slow.log
 slow_query_log          = 1
 long_query_time         = 2
 log_queries_not_using_indexes
 
 # InnoDB tuning
 innodb_buffer_pool_size = 1536M
 innodb_log_file_size    = 512M
 
 # Tablespace tuning
 innodb_file_per_table   = on

MySQL configuration

Drop anonymous accounts
DROP USER ''@localhost;
DROP USER ''@'accounts-db2';
Assign passwords to the root accounts
SET PASSWORD FOR 'root'@'::1' = PASSWORD('****');
SET PASSWORD FOR 'root'@'127.0.0.1' = PASSWORD('****');
SET PASSWORD FOR 'root'@'accounts-db2' = PASSWORD('****');
SET PASSWORD FOR 'root'@'localhost' = PASSWORD('****');
Create user accounts for users
CREATE USER 'stwalkerster'@'%' IDENTIFIED BY '****';
CREATE USER 'fastlizard4'@'%' IDENTIFIED BY '****';
CREATE USER 'deltaquad'@'%' IDENTIFIED BY '****';
Setup permissions for users
GRANT ALL ON *.* TO 'stwalkerster'@'%' WITH GRANT OPTION;
GRANT ALL ON *.* TO 'fastlizard4'@'%' WITH GRANT OPTION;
GRANT ALL ON *.* TO 'deltaquad'@'%' WITH GRANT OPTION;
Create database, user, and grants for production use
CREATE DATABASE production;
CREATE USER 'production'@'%' IDENTIFIED BY '****';
GRANT SELECT, UPDATE, INSERT, DELETE, SHOW VIEW ON production.* TO 'production'@'%';
Create database, user, and grants for development use
CREATE DATABASE sandbox;
CREATE USER 'dev'@'%' IDENTIFIED BY '****';
GRANT ALL ON `sandbox%`.* TO 'dev'@'%';


DB server migration

On source server
mysqldump -A --dump-slave=1 > dbdata.sql
bzip2 dbdata.sql
scp dbdata.sql.bz2 accounts-db2.eqiad.wmflabs:dbdata.sql.bz2
On destination server
bunzip2 dbdata.sql.bz2
mysql -u root < dbdata.sql

sudo service mysql restart
The above content has been placed in a collapsed box for improved usability.

SSH instructions

Since the development system (accounts-application) is not public-facing, you must use SSH port forwarding to access it. Note that the instructions below assume that you've already loaded your private key for WMFLabs into ssh-agent or Pageant.

From Linux/Unix(-like) systems
  • ssh -AL 8080:accounts-application:80 yourusername@bastion.wmflabs.org
  • Then from within Bastion:
    • ssh -A accounts-application
    • Remember to use the -A flag here, too, so you can git push directly from your development area into the GitHub repository.
From Windows using PuTTY
  1. Open PuTTY. Enter yourusername@bastion.wmflabs.org as the host name to connect to, port 22, connection type SSH.
  2. In the list on the left, open Connection > SSH > Auth
  3. Check Allow agent forwarding
  4. In the list on the left, now open Connection > SSH > Tunnels
  5. Under Add a new forwarded port, enter the following:
    • Source port: 8080
    • Destination: accounts-application:80
    • Select the radio buttons Local and IPv4
  6. Click the Add button, then Open to start the connection
  7. At the bastion bash prompt, type ssh -A accounts-application to SSH into the application server.

Following the directions above, you can now enter localhost:8080 into your browser to access the accounts-application server.

Server admin log

2021-01-07

  • 11:16 dcaro: removing custom mx hosts, as the global names are now resolvable again (T271322)

2021-01-06

  • 14:53 dcaro: manually configured mx servers to use wikimedia.cloud domain on project hiera (T271322)

2019-06-19

  • 20:35 Izhidez: apache2 restarted
  • 20:33 Izhidez: apache2 shutdown to deal with spam (742 line DB change)

2019-01-31

  • 12:05 arturo: VM instances accounts-appserver5, were stopped briefly due to issue in hypervisor (T215012)
  • 12:04 arturo: VM instances accounts-appserver5, were ... (more)



Retrieved from "https://wikitech.wikimedia.org/w/index.php?title=Nova_Resource:Account-creation-assistance&oldid=92294"