people.wikimedia.org

people.wikimedia.org hosts some of the user public files, in the form of people.wikimedia.org/~username.

You need shell access in production before you can use people.wikimedia.org.

You can lookup what the DNS name peopleweb.discovery.wmnet points to to check which is the currently active server that you should use.

Connect to people.wikimedia.org over ssh by proxying through a bastion (e.g. bast1003.wikimedia.org). As with other hosts, ensure you have ProxyJump configured in .ssh/config (see Production shell access). Then connect as follows:

user@laptop:~$ ssh people.eqiad.wmnet

Connect to people.wikimedia.org over ssh by proxying through a bastion (e.g. bast1003.wikimedia.org). As with other hosts, ensure you have ProxyJump configured in .ssh/config (see Production shell access). Then connect as follows:

user@laptop:~$ ssh people.codfw.wmnet

The web server runs on people2002 with people1003 as the fail-over. It previously ran on people1002, people1001, and rutherfordium.

Once you have production SSH configured with ProxyJump, you can use scp to copy files from your workstation (via a bastion) to your home directory on people.codfw.wmnet (which is a CNAME, aliased to people2002.codfw.wmnet currently).

Put files into a directory called "public_html". If that doesn't exist yet, create it with mkdir.

sites on people.wikimedia.org can be configuered to use the SSO service to authenticate users to their site via .htaccess files. for example

allow any authenticated users

AuthType CAS
Require valid-user

Allow all members of the NDA group

AuthType CAS
Require cas-attribute memberOf:cn=nda,ou=groups,dc=wikimedia,dc=org

Allow only a specific user

AuthType CAS
Require user jbond

Allow only users who have authenticated with u2f

AuthType CAS
Require cas-attribute successfulAuthenticationHandlers:U2FAuthenticationHandler

If you are a member of any admin group that gets shell access, you also have a user on people1003. Access is automatically granted to the "all users" group. You can also ssh to the CNAME people.eqiad.wmnet to avoid having to remember a number that might change in the future.

If you want to test a change on a people.wm.org URL you can SSH to the current deployment server and use httpbb.

This example requires manually writing a test file from scratch or copying one to the deployment host. See the newer example below on how to use the already installed test file coming from a repository.

Example:

rzl@deploy1001:~$ cat people.yaml
https://people.wikimedia.org:
- path: /~rzl/
  assert_status: 200
  assert_body_contains: "👋"

rzl@deploy1001:~$ httpbb /home/rzl/people.yaml --hosts people1002.eqiad.wmnet
Sending to people.wikimedia.org...
PASS: 1 request sent to people.wikimedia.org. All assertions passed.

Nowadays (2021) we also have a test suite file for people for httpbb in the repository.

See `modules/profile/files/httpbb/people/test_people.yaml` in the `operations/puppet` repository if you would like to add or edit tests.

Example:

dzahn@deploy1002:~$ httpbb --hosts people1003.eqiad.wmnet,people2002.codfw.wmnet /srv/deployment/httpbb-tests/people/test_people.yaml 
Sending to 2 hosts...
PASS: 5 requests sent to each of 2 hosts. All assertions passed.

Backend switch-over February 2023

On February 24, 2023 the backend switched from people1003 to people2002 in codfw as part of the data center switch over. The new place to upload to is people2002 and you can use peopleweb.discovery.wmnet to look up which is the currently active one. public_html directories have been rsynced over, files outside of public_html dirs have not been touched. You still have shell access to both but only the active one is serving HTTPS traffic.

Backend upgrade November 2018

On November 29, 2018 the backend switched from rutherfordium on Debian jessie to a new machine people1001 on Debian stretch. The DNS CNAME people.eqiad.wmnet can be used as before and has been switched over. Just expect the new fingerprints.

All files in home directories were rsynced over to the new host.

Backend upgrade May 2020

On May 21, 2020 the backend switched from people1001 on Debian stretch to a new machine people1002 on Debian buster. The DNS CNAME people.eqiad.wmnet can be used as before and has been switched over. Just expect the new fingerprints.

All files in home directories have been rsynced over to the new host.

Backend upgrade May 2021

On May 11, 2021 the backend switched from people1002 on Debian buster to a new machine people1003 on Debian bullseye. The DNS CNAME people.eqiad.wmnet can be used as before and has been switched over. Just expect the new fingerprints.

All files in home directories have been rsynced over to the new host.

• https://people.wikimedia.org