people.wikimedia.org

From Wikitech
Jump to navigation Jump to search

people.wikimedia.org hosts some of the user public files, in the form of people.wikimedia.org/~username. The server runs on people1002 which has replaced the previous servers people1001 and rutherfordium.

NOTE: First you need shell access in production to get to the server that hosts people.wikimedia.org. Do that first.

How to upload files

Use scp and ProxyCommand in to copy files via a bastion host to your home directory on people.eqiad.wmnet. (people.eqiad.wmnet is a CNAME for currently people1002.eqiad.wmnet and previously rutherfordium.eqiad.wmnet).

Put files into a directory called "public_html". If that doesn't exist yet, create it with mkdir.

How To add SSO Authentication

sites on people.wikimedia.org can be configuered to use the SSO service to authenticate users to there site via .htaccess files. for example

allow any authenticated users

AuthType CAS
Require valid-user

Allow all members of the NDA group

AuthType CAS
Require cas-attribute memberOf:cn=nda,ou=groups,dc=wikimedia,dc=org

Allow only a specific user

AuthType CAS
Require user jbond

Allow only users who have authenticated with u2f

AuthType CAS 
Require cas-attribute successfulAuthenticationHandlers:U2FAuthenticationHandler

Who has access

If you are a member of any admin group that gets shell access, you also have a user on people1002. Access is automatically granted to the "all users" group. You can also ssh to the CNAME people.eqiad.wmnet to avoid having to remember a number that might change in the future.

How to test changes

If you want to test a change on a people.wm.org URL you can SSH to the current deployment server and use httpbb.

Example: 

rzl@deploy1001:~$ cat people.yaml 
https://people.wikimedia.org:
- path: /~rzl/
  assert_status: 200
  assert_body_contains: "👋"

rzl@deploy1001:~$ httpbb /home/rzl/people.yaml --hosts people1002.eqiad.wmnet
Sending to people.wikimedia.org...
PASS: 1 request sent to people.wikimedia.org. All assertions passed.

History

Backend upgrade November 2018

Tracked in Phabricator
Task T210036 Resolved

On November 29, 2018 the backend switched from rutherfordium on Debian jessie to a new machine people1001 on Debian stretch. The DNS CNAME people.eqiad.wmnet can be used as before and has been switched over. Just expect the new fingerprints.

All files in home directories were rsynced over to the new host.

Backend upgrade May 2020

Tracked in Phabricator
Task T247649 Resolved

On May 21, 2020 the backend switched from people1001 on Debian stretch to a new machine people1002 on Debian buster. The DNS CNAME people.eqiad.wmnet can be used as before and has been switched over. Just expect the new fingerprints.

All files in home directories were rsynced over to the new host.

External links

Retrieved from "https://wikitech.wikimedia.org/w/index.php?title=People.wikimedia.org&oldid=1866967"