people.wikimedia.org

From Wikitech
Jump to navigation Jump to search

people.wikimedia.org hosts some of the user public files, in the form of people.wikimedia.org/~username.

Connecting

You need shell access in production before you can use people.wikimedia.org.

Connect to people.wikimedia.org over ssh by proxying through a bastion (e.g. bast1002.wikimedia.org). As with other hosts, ensure you have ProxyCommand configured in .ssh/config (see Production shell access). Then connect as follows: 

user@laptop$ ssh people.eqiad.wmnet

Service

The web server runs on people1002. It previously ran on people1001, and rutherfordium.

How to upload files

Once you have production SSH configured with ProxyCommand, you can use scp to copy files from your workstation (via a bastion) to your home directory on people.eqiad.wmnet (which is a CNAME, aliased to people1002.eqiad.wmnet currently).

Put files into a directory called "public_html". If that doesn't exist yet, create it with mkdir.

How To add SSO Authentication

sites on people.wikimedia.org can be configuered to use the SSO service to authenticate users to there site via .htaccess files. for example

allow any authenticated users

AuthType CAS
Require valid-user

Allow all members of the NDA group

AuthType CAS
Require cas-attribute memberOf:cn=nda,ou=groups,dc=wikimedia,dc=org

Allow only a specific user

AuthType CAS
Require user jbond

Allow only users who have authenticated with u2f

AuthType CAS 
Require cas-attribute successfulAuthenticationHandlers:U2FAuthenticationHandler

Who has access

If you are a member of any admin group that gets shell access, you also have a user on people1002. Access is automatically granted to the "all users" group. You can also ssh to the CNAME people.eqiad.wmnet to avoid having to remember a number that might change in the future.

How to test changes

If you want to test a change on a people.wm.org URL you can SSH to the current deployment server and use httpbb.

Example: 

rzl@deploy1001:~$ cat people.yaml 
https://people.wikimedia.org:
- path: /~rzl/
  assert_status: 200
  assert_body_contains: "👋"

rzl@deploy1001:~$ httpbb /home/rzl/people.yaml --hosts people1002.eqiad.wmnet
Sending to people.wikimedia.org...
PASS: 1 request sent to people.wikimedia.org. All assertions passed.

History

Backend upgrade November 2018

Tracked in Phabricator
Task T210036 Resolved

On November 29, 2018 the backend switched from rutherfordium on Debian jessie to a new machine people1001 on Debian stretch. The DNS CNAME people.eqiad.wmnet can be used as before and has been switched over. Just expect the new fingerprints.

All files in home directories were rsynced over to the new host.

Backend upgrade May 2020

Tracked in Phabricator
Task T247649 Resolved

On May 21, 2020 the backend switched from people1001 on Debian stretch to a new machine people1002 on Debian buster. The DNS CNAME people.eqiad.wmnet can be used as before and has been switched over. Just expect the new fingerprints.

All files in home directories were rsynced over to the new host.

External links

Retrieved from "https://wikitech.wikimedia.org/w/index.php?title=People.wikimedia.org&oldid=1873448"