Portal:Cloud VPS/Admin/Testing deployment

This page describes the testing deployment for Cloud VPS, which consists in an OpenStack deployment currently called codfw1dev.

See Portal:Cloud_VPS/Admin/Deployments for server allocations

Specific links:

• Horizon (testing deployment): https://labtesthorizon.wikimedia.org/

If you do not feel like re-configuring the MediaWiki installation, or already have a user and can't remember your password, it is also possible to use the LDAP terminal UI installed on cloudweb2002-dev.wikimedia.org.

$ ssh cloudweb2002-dev.wikimedia.org
user@cloudweb2002-dev:~$ sudo ldaptui

To create a user hit "ctrl+n" (New) and fill in the fields: CommonName (CN), uid and email. Note that CN must start with a capital letter, this will be the username for all web facing applications, while uid is your Unix account username.

Click save and then return to the user search page by hitting ctrl+l (List) and locate your newly created user. Press "p" to set a password. Your account is now ready to use.

Something like this is needed in your personal ssh config:

Host *.wmcloud.org
    User mycodfw1devuser
    IdentityFile ~/.ssh/wmf_cloud_user_codfw1dev
    IdentitiesOnly yes
    ForwardAgent no
    IdentityAgent /run/user/1000/ssh-wmf-cloud-codfw1dev.socket
    AddKeysToAgent yes

Match user root host *.wikimedia.cloud
    User root
    IdentityFile ~/.ssh/wmf_cloud_root_codfw1dev
    IdentitiesOnly yes
    ForwardAgent no
    IdentityAgent /run/user/1000/ssh-wmf-cloud-codfw1dev-root.socket
    AddKeysToAgent yes

Host *.wikimedia.cloud
    User mycodfw1devuser
    IdentityFile ~/.ssh/wmf_cloud_user_codfw1dev
    IdentitiesOnly yes
    ForwardAgent no
    IdentityAgent /run/user/1000/ssh-wmf-cloud-codfw1dev.socket
    AddKeysToAgent yes
    
Host *.codfw1dev.wikimedia.cloud
    ProxyCommand ssh -a -W %h:%p mycodfw1devuser@bastion.bastioninfra-codfw1dev.codfw1dev.wmcloud.org

The config uses IdentityAgent to avoid typing the key password over and over again.

If you have your SSH keys correctly set in the your account (in LDAP/labtestwikitech), then you can use ssh like in eqiad1:

user@laptop:~$ ssh root@cloudinfra-internal-puppetmaster-01.cloudinfra-codfw1dev.codfw1dev.wikimedia.cloud
[.. works ..]
user@laptop:~$ ssh cloudinfra-internal-puppetmaster-01.cloudinfra-codfw1dev.codfw1dev.wikimedia.cloud
[.. works ..]

The LDAP server for codfw1dev is in cloudservices2002-dev.wikimedia.org (as of 2021-09-27).

Raw interactions with the LDAP tree are a bit different than described at SRE/LDAP because most of the wrappers and pre-made configs aren't there.

For reference, here is an example of a raw search:

root@cloudservices2002-dev:~# ldapsearch -x uid=manila-srv
dn: uid=manila-srv,ou=people,dc=wikimedia,dc=org
uid: manila-srv
sn: Manila
cn: Manila
objectClass: inetOrgPerson
objectClass: person
objectClass: ldapPublicKey
objectClass: posixAccount
objectClass: shadowAccount
uidNumber: 14023
gidNumber: 500
homeDirectory: /home/manila
loginShell: /bin/bash
mail: root@wmcloud.org

Example of renaming an entry. First get the admin password in a control server (or a puppetmaster private repo):

root@cloudcontrol2001-dev:~# grep OS_PASSWORD /etc/novaadmin.yaml 
OS_PASSWORD: "password"

Then use it when prompted like this:

root@cloudservices2002-dev:~# cat file.ldif 
dn: uid=manila,ou=people,dc=wikimedia,dc=org
changetype: modrdn
newrdn: uid=manila-srv
deleteoldrdn: 1

root@cloudservices2002-dev:~# ldapmodify -x -D 'uid=novaadmin,ou=people,dc=wikimedia,dc=org' -W -f file.ldif 
Enter LDAP Password: 
modifying rdn of entry "uid=manila,ou=people,dc=wikimedia,dc=org"

More information about raw operations can be found online.