Obsolete:Projects/mediawiki Labs project

From Wikitech
Jump to navigation Jump to search

Currently we create a project for every MediaWiki development idea, but this has resulted in a number of projects with single instances that are being used by a single user. This project aims to create a single project where MediaWiki development can be done by simply requesting a wiki and pushing code into a git branch.

Design

Infrastructure

Bastion server
Used to manage private repos necessary for secrets in a private repo, and to call maintenance scripts
App servers
Used to run MediaWiki
Yuviproxy server
Used to proxy access from domain names to the app servers. We may be able to use the global Yuviproxy for this.
Deployment server
A git deploy server that maintains the git repositories, and runs services necessary for deployment, like Yuvi's gerrit stream watching bot.
Redis server
A shared service, used for MediaWiki caching. A hash prefix will be used to provide multi-tenancy.

Workflow

  1. User creates a service group via wikitech, with the name of their wiki
    1. Hostname is created
    2. Proxy configuration is added
    3. A remote branch is created in mediawiki/core on Gerrit
    4. Yuvi's gerrit stream bot sees a new branch creation
      1. Trigger a salt peer-runner call for deployment
      2. Create a configuration repo in the service group's home directory (/data/project/<service-group>)
  2. User makes a change locally and pushes it into the branch
    1. Yuvi's gerrit stream bot sees a merge and triggers a deployment via the salt peer runner
  3. User wants to make a configuration change
    1. User becomes the service group (become service_group)
    2. User commits a configuration change to the repo

App server configuration

  • MediaWiki
    • /srv/deployment/mediawiki/common
      • Reference git repo
    • /srv/deployment/servicegroup/<service_group>
      • MediaWiki clone for the service group. References /srv/deployment/mediawiki/common
      • A virtualhost using mpm-itx will point here, running as the uid/gid of the service group
    • /data/project/<service_group>/config
      • /srv/deployment/servicegroup/<service_group>/LocalSettings.php -> /data/project/<service_group>/config/LocalSettings.php

Cache configuration

  • Redis, with an autogenerated prefix + same config as toollabs to restrict users from meddling with others' keys
  • Possibly squid / varnish, if it is not too hard to replicate the setup that production is in.