Portal:Toolforge/Tool Accounts

Overview

If you want to create a tool or collaborate with others to create and maintain tools, you'll need to create a Tool Account.

This page will help you understand what a Tool Account is, the first steps to create a Tool Account/tool, and how to add and remove maintainers.

See Toolforge quickstart to set up and get started with Toolforge!

What is a Tool Account?

The Tool Account is a group account associated with a tool. The Tool Account can have one or more maintainers. You'll create a separate Tool Account for each new tool you develop on Toolforge, and you'll join an existing Tool Account when you're invited to work on or maintain the tool. A note about terms: Tool Accounts and tools are sometimes used interchangeably throughout Toolforge documentation.

Each Tool Account includes:

A home directory on shared storage: /data/project/<TOOL NAME>
The ability to run a Web service which is visible at https://<TOOL NAME>.toolforge.org/
Database access credentials: $HOME/replica.my.cnf, which provide access to the production database replicas as well as to project-local databases
Access to the continuous and task queues of the compute grid
Credentials and a namespace for running containers on the Kubernetes cluster

Maintainers

People who have access to a Tool Account are called maintainers. Maintainers have access to the Tool Account's code and data.

Maintainers can:

Create Tool Accounts/tools
Join existing Tool Accounts/tools
Leave Tool Accounts/tools in the care of others
Sudo to the Tool Account/tools

Join an existing Tool Account

All Tool Accounts hosted in Toolforge are listed on the tools list.

Contact the maintainer to join an existing Tool Account.

Add or remove maintainers

To add or remove maintainers, use the 'manage maintainers' link found beneath the tool name on the Toolforge home page.

Note that users being added must already have applied to join the 'Toolforge' project, before their names will appear in the autocompletion list.

Create tools with Tool Accounts

Members of the ‘tools’ project can create tool accounts using toolsadmin:

Go to https://toolsadmin.wikimedia.org/tools/
Click on the "Tools" tab
Click the "Create new tool" link at the bottom of the "Your tools" sidebar
Follow the instructions in the Tool Account creation form
Once the Tool Account is created, log off, then back in before you can access the new tool account

Name a Tool Account/tool

The Tool Account and tool will have the same name. This name will be included in the URL for the final Web service. Make sure the name is appropriate and is spelled correctly.

Note: Do not prefix the tool name with tools.. This will cause problems during account creation.

Rename a Tool Account/tool

Tools can't be renamed. You can create a new tool with a new name and copy the code over from the old tool.

Switch to / become a Tool Account

maintainer@tools-login:~$ become <TOOL NAME>
tools.toolname@tools-login:~$

Manage files in Toolforge

Transfer files

You can use scp (or PuTTY) to copy files from your computer to Toolforge. To make files available to a tool account, copy or move them from your home directory to the tool's home directly:

yourshellaccountname@tools-login:~$ cp somefile ~tools.toolaccount/

Note that the tool account will have to take ownership of the file before it can use it, see below.

Take ownership of files

The take command allows you to change ownership of the file(s) and directories to the calling tool user.

The permissions of the file(s) before take is run must include the tool user as either the owner or group. This prevents take from being abused to take over arbitrary files.

To take ownership of files as your tool account:

1. become your Tool Account:

yourshellaccountname@tools-login:~$ become toolaccount
tools.toolaccount@tools-login:~$

2. As your Tool Account, take ownership of the files:

tools.toolaccount@tools-login:~$ take FILE

Mount your tools home directory onto your local machine

Modifying files on Toolforge servers may be difficult; after all, you are restricted to terminal-based editors. If you prefer to use modern IDEs such as Visual Studio Code, Eclipse, etc. you can mount the home directory of your tool onto your local Linux machine or virtual machine (VM).

First, create an empty directory on which you would mount the Toolforge remote directory. In the code examples below, it is assumed that you have created a local directory at ~/remote for this purpose.

To mount, use a command like this:

sshfs -o allow_other -o workaround=rename login.toolforge.org:/data/project/toolname ~/remote

The allow_other option helps avoid permission issues, and the workaround=rename option helps avoid issues with overwriting existing files.

You may receive a notice said: fusermount3: option allow_other only allowed if 'user_allow_other' is set in /etc/fuse.conf; in such case, just uncomment line user_allow_other in your /etc/fuse.conf.

Remember to specify your Toolforge username if it's different from the one you have locally, i.e. ... toolforge-username@login.toolforge.org:/.... If it's wrong it will cause the generic error message:

read: Connection reset by peer

To unmount, use this command:

umount ~/remote

In certain situations, the above command may fail to work (e.g. network issues); if you need to forcefully unmount the network file system, you can use this command:

fusermount -zu ~/remote

Add a description to your Tool Account/Tool

Each tool can provide a description by creating a toolinfo record using https://toolsadmin.wikimedia.org/tools/.

The legacy $HOME/.description system is deprecated and will stop providing any benefit at some point in the future.

Delete a Tool Account

Tracked in Phabricator
Task T170355 Resolved

Maintainers can mark their tools for deletion using the "Disable tool" button on the tool's detail page on https://toolsadmin.wikimedia.org/. Disabling a tool will immediately stop any running jobs including webservices and prevent maintainers from logging in as the tool. Disabled tools are archived and deleted after 40 days. Disabled tools can be re-enabled at any time prior to being archived and deleted.

Troubleshoot a Tool Account

$ become <TOOL NAME>
become: no such tool '<TOOL NAME>'

Wait a few minutes for the Tool Account creation to complete.
Check that the spelling of the tool name is correct.

$ become <TOOL NAME>
You are not a member of the group tools.<TOOL NAME>.
Any existing member of the tool's group can add you to that.

If you are already logged in via SSH when you create a new tool, log out, and log in again to activate your new permissions.

Backup Toolforge data

There are no user-accessible backups in Toolforge.

You should use a source or version control tool to preserve your code and make regular backups of data. Learn more.

Communication and support

Support and administration of the WMCS resources is provided by the Wikimedia Foundation Cloud Services team and Wikimedia Movement volunteers. Please reach out with questions and join the conversation:

Discuss and receive general support

Chat in real time in the IRC channel #wikimedia-cloud ^connect, the bridged Telegram group, or the bridged Mattermost channel
Discuss via email after you subscribed to the cloud@ mailing list

Receive mail announcements about critical changes

Subscribe to the cloud-announce@ mailing list (all messages are also mirrored to the cloud@ list)

Track work tasks and report bugs

Use a subproject of the #Cloud-Services Phabricator project to track confirmed bug reports and feature requests about the Cloud Services infrastructure itself

Learn about major near-term plans

Read the News wiki page

Read news and stories about Wikimedia Cloud Services

Read the Cloud Services Blog (for the broader Wikimedia movement, see the Wikimedia Technical Blog)