people.wikimedia.org

From Wikitech
Jump to navigation Jump to search

people.wikimedia.org hosts some of the user public files, in the form of people.wikimedia.org/~username. The server runs on people1001 which has replaced the previous server rutherfordium.

NOTE: First you need shell access in production to get to the server that hosts people.wikimedia.org. Do that first.

How to upload files

Use scp and ProxyCommand in to copy files via a bastion host to your home directory on people.eqiad.wmnet. (people.eqiad.wmnet is a CNAME for currently people1001.eqiad.wmnet and previously rutherfordium.eqiad.wmnet).

Put files into a directory called "public_html". If that doesn't exist yet, create it with mkdir.

How To add SSO Authentication

sites on people.wikimedia.org can be configuered to use the SSO service to authenticate users to there site via .htaccess files. for example

allow any authenticated users

AuthType CAS
Require valid-user

Allow all members of the NDA group

AuthType CAS
Require cas-attribute memberOf:cn=nda,ou=groups,dc=wikimedia,dc=org

Allow only a specific user

AuthType CAS
Require user jbond

Allow only users who have authenticated with u2f

AuthType CAS 
Require cas-attribute successfulAuthenticationHandlers:U2FAuthenticationHandler

Who has access

If you are a member of any admin group that gets shell access, you also have a user on people1001. Access is automatically granted to the "all users" group. You can also ssh to the CNAME people.eqiad.wmnet to avoid having to remember a number that might change in the future.

Backend upgrade November 2018

On November 29, 2018 the backend switched from rutherfordium on Debian jessie to a new machine people1001 on Debian stretch. The DNS CNAME people.eqiad.wmnet can be used as before and has been switched over. Just expect the new fingerprints.

All files in home directories have been rsynced over.

Phabricator Ticket - upgrade people.wm.org (rutherfordium) to stretch

How to test changes

If you want to test a change on a people.wm.org URL you can SSH to the current deployment server and use httpbb.

Example: 

rzl@deploy1001:~$ cat people.yaml 
https://people.wikimedia.org:
- path: /~rzl/
  assert_status: 200
  assert_body_contains: "👋"

rzl@deploy1001:~$ httpbb /home/rzl/people.yaml --hosts people1001.eqiad.wmnet
Sending to people.wikimedia.org...
PASS: 1 request sent to people.wikimedia.org. All assertions passed.

External links

Retrieved from "https://wikitech.wikimedia.org/w/index.php?title=People.wikimedia.org&oldid=1860455"