people.wikimedia.org
people.wikimedia.org hosts some of the user public files, in the form of people.wikimedia.org/~username
.
Connecting
- You need shell access in production before you can use
people.wikimedia.org
.
You can lookup what the DNS name peopleweb.discovery.wmnet points to to check which is the currently active server that you should use.
Connect to people.wikimedia.org over ssh by proxying through a bastion (e.g. bast1003.wikimedia.org
). As with other hosts, ensure you have ProxyJump
configured in .ssh/config
(see Production shell access). Then connect as follows:
user@laptop:~$ ssh people.eqiad.wmnet
Connect to people.wikimedia.org over ssh by proxying through a bastion (e.g. bast1003.wikimedia.org
). As with other hosts, ensure you have ProxyJump
configured in .ssh/config
(see Production shell access). Then connect as follows:
user@laptop:~$ ssh people.codfw.wmnet
Service
The web server runs on people2002 with people1003 as the fail-over. It previously ran on people1002, people1001, and rutherfordium.
How to upload files
Once you have production SSH configured with ProxyJump, you can use scp
to copy files from your workstation (via a bastion) to your home directory on people.codfw.wmnet
(which is a CNAME, aliased to people2002.codfw.wmnet currently).
Put files into a directory called "public_html". If that doesn't exist yet, create it with mkdir
.
How To add SSO Authentication
sites on people.wikimedia.org can be configuered to use the SSO service to authenticate users to their site via .htaccess files. for example
allow any authenticated users
AuthType CAS
Require valid-user
Allow all members of the NDA group
AuthType CAS
Require cas-attribute memberOf:cn=nda,ou=groups,dc=wikimedia,dc=org
Allow only a specific user
AuthType CAS
Require user jbond
Allow only users who have authenticated with u2f
AuthType CAS
Require cas-attribute successfulAuthenticationHandlers:U2FAuthenticationHandler
Who has access
If you are a member of any admin group that gets shell access, you also have a user on people1003. Access is automatically granted to the "all users" group. You can also ssh to the CNAME people.eqiad.wmnet to avoid having to remember a number that might change in the future.
How to test changes
If you want to test a change on a people.wm.org URL you can SSH to the current deployment server and use httpbb.
This example requires manually writing a test file from scratch or copying one to the deployment host. See the newer example below on how to use the already installed test file coming from a repository.
Example:
rzl@deploy1001:~$ cat people.yaml
https://people.wikimedia.org:
- path: /~rzl/
assert_status: 200
assert_body_contains: "👋"
rzl@deploy1001:~$ httpbb /home/rzl/people.yaml --hosts people1002.eqiad.wmnet
Sending to people.wikimedia.org...
PASS: 1 request sent to people.wikimedia.org. All assertions passed.
Nowadays (2021) we also have a test suite file for people for httpbb in the repository.
See `modules/profile/files/httpbb/people/test_people.yaml` in the `operations/puppet` repository if you would like to add or edit tests.
Example:
dzahn@deploy1002:~$ httpbb --hosts people1003.eqiad.wmnet,people2002.codfw.wmnet /srv/deployment/httpbb-tests/people/test_people.yaml
Sending to 2 hosts...
PASS: 5 requests sent to each of 2 hosts. All assertions passed.
History
Backend switch-over February 2023
On February 24, 2023 the backend switched from people1003 to people2002 in codfw as part of the data center switch over. The new place to upload to is people2002 and you can use peopleweb.discovery.wmnet to look up which is the currently active one. public_html directories have been rsynced over, files outside of public_html dirs have not been touched. You still have shell access to both but only the active one is serving HTTPS traffic.
Backend upgrade November 2018
On November 29, 2018 the backend switched from rutherfordium on Debian jessie to a new machine people1001 on Debian stretch. The DNS CNAME people.eqiad.wmnet can be used as before and has been switched over. Just expect the new fingerprints.
All files in home directories were rsynced over to the new host.
Backend upgrade May 2020
On May 21, 2020 the backend switched from people1001 on Debian stretch to a new machine people1002 on Debian buster. The DNS CNAME people.eqiad.wmnet can be used as before and has been switched over. Just expect the new fingerprints.
All files in home directories have been rsynced over to the new host.
Backend upgrade May 2021
On May 11, 2021 the backend switched from people1002 on Debian buster to a new machine people1003 on Debian bullseye. The DNS CNAME people.eqiad.wmnet can be used as before and has been switched over. Just expect the new fingerprints.
All files in home directories have been rsynced over to the new host.