Portal:Cloud VPS/Admin/Testing deployment
This page describes the testing deployment for Cloud VPS, which consists in an OpenStack deployment currently called codfw1dev.
Infrastructure
See Portal:Cloud_VPS/Admin/Deployments for server allocations
Specific links:
- Wikitech (testing deployment): https://labtestwikitech.wikimedia.org/
- Horizon (testing deployment): https://labtesthorizon.wikimedia.org/
How to join this deployment for the first time
- Create a labtestwikitech account:
Account creation is disabled in labtestwikitech by default, to prevent random people playing in the wiki. To briefly enable account creation, change the boolean permission in the settings. The change will be live with just writing to the file, no need to restart any service. Make sure the permission is true for as short time as possible.
root@cloudweb2002-dev:~# nano /srv/mediawiki/wmf-config/CommonSettings.php
[..]
if ( $wgDBname === 'labtestwiki' ) {
# We don't want random strangers playing on this wiki
$wgGroupPermissions['*']['createaccount'] = false;
}
[..]
- Enable 2FA
- Get your account added to some random project. Otherwise horizon won't let you pass the login page.
2FA Reset
If you need to reset your 2FA, try this:
user@cloudweb2002-dev:~$ mwscript extensions/OATHAuth/maintenance/disableOATHAuthForUser.php --wiki=labtestwiki SomeUser
OATHAuth disabled for SomeUser.
SSH access
Something like this is needed in your personal ssh config:
Host *.wmcloud.org
User mycodfw1devuser
IdentityFile ~/.ssh/wmf_cloud_user_codfw1dev
IdentitiesOnly yes
ForwardAgent no
IdentityAgent /run/user/1000/ssh-wmf-cloud-codfw1dev.socket
AddKeysToAgent yes
Match user root host *.wikimedia.cloud
User root
IdentityFile ~/.ssh/wmf_cloud_root_codfw1dev
IdentitiesOnly yes
ForwardAgent no
IdentityAgent /run/user/1000/ssh-wmf-cloud-codfw1dev-root.socket
AddKeysToAgent yes
Host *.wikimedia.cloud
User mycodfw1devuser
IdentityFile ~/.ssh/wmf_cloud_user_codfw1dev
IdentitiesOnly yes
ForwardAgent no
IdentityAgent /run/user/1000/ssh-wmf-cloud-codfw1dev.socket
AddKeysToAgent yes
Host *.codfw1dev.wikimedia.cloud
ProxyCommand ssh -a -W %h:%p mycodfw1devuser@bastion.bastioninfra-codfw1dev.codfw1dev.wmcloud.org
The config uses IdentityAgent to avoid typing the key password over and over again.
If you have your SSH keys correctly set in the your account (in LDAP/labtestwikitech), then you can use ssh like in eqiad1:
user@laptop:~$ ssh root@cloudinfra-internal-puppetmaster-01.cloudinfra-codfw1dev.codfw1dev.wikimedia.cloud
[.. works ..]
user@laptop:~$ ssh cloudinfra-internal-puppetmaster-01.cloudinfra-codfw1dev.codfw1dev.wikimedia.cloud
[.. works ..]
LDAP
The LDAP server for codfw1dev is in cloudservices2002-dev.wikimedia.org (as of 2021-09-27).
Raw interactions with the LDAP tree are a bit different than described at SRE/LDAP because most of the wrappers and pre-made configs aren't there.
For reference, here is an example of a raw search:
root@cloudservices2002-dev:~# ldapsearch -x uid=manila-srv
dn: uid=manila-srv,ou=people,dc=wikimedia,dc=org
uid: manila-srv
sn: Manila
cn: Manila
objectClass: inetOrgPerson
objectClass: person
objectClass: ldapPublicKey
objectClass: posixAccount
objectClass: shadowAccount
uidNumber: 14023
gidNumber: 500
homeDirectory: /home/manila
loginShell: /bin/bash
mail: root@wmcloud.org
Example of renaming an entry. First get the admin password in a control server (or a puppetmaster private repo):
root@cloudcontrol2001-dev:~# grep OS_PASSWORD /etc/novaadmin.yaml
OS_PASSWORD: "password"
Then use it when prompted like this:
root@cloudservices2002-dev:~# cat file.ldif
dn: uid=manila,ou=people,dc=wikimedia,dc=org
changetype: modrdn
newrdn: uid=manila-srv
deleteoldrdn: 1
root@cloudservices2002-dev:~# ldapmodify -x -D 'uid=novaadmin,ou=people,dc=wikimedia,dc=org' -W -f file.ldif
Enter LDAP Password:
modifying rdn of entry "uid=manila,ou=people,dc=wikimedia,dc=org"
More information about raw operations can be found online.