Obsolete:Projects/mediawiki Labs project
Currently we create a project for every MediaWiki development idea, but this has resulted in a number of projects with single instances that are being used by a single user. This project aims to create a single project where MediaWiki development can be done by simply requesting a wiki and pushing code into a git branch.
- Bastion server
- Used to manage private repos necessary for secrets in a private repo, and to call maintenance scripts
- App servers
- Used to run MediaWiki
- Yuviproxy server
- Used to proxy access from domain names to the app servers. We may be able to use the global Yuviproxy for this.
- Deployment server
- A git deploy server that maintains the git repositories, and runs services necessary for deployment, like Yuvi's gerrit stream watching bot.
- Redis server
- A shared service, used for MediaWiki caching. A hash prefix will be used to provide multi-tenancy.
- User creates a service group via wikitech, with the name of their wiki
- Hostname is created
- Proxy configuration is added
- A remote branch is created in mediawiki/core on Gerrit
- Yuvi's gerrit stream bot sees a new branch creation
- Trigger a salt peer-runner call for deployment
- Create a configuration repo in the service group's home directory (/data/project/<service-group>)
- User makes a change locally and pushes it into the branch
- Yuvi's gerrit stream bot sees a merge and triggers a deployment via the salt peer runner
- User wants to make a configuration change
- User becomes the service group (become service_group)
- User commits a configuration change to the repo
App server configuration
- Reference git repo
- MediaWiki clone for the service group. References /srv/deployment/mediawiki/common
- A virtualhost using mpm-itx will point here, running as the uid/gid of the service group
- /srv/deployment/servicegroup/<service_group>/LocalSettings.php -> /data/project/<service_group>/config/LocalSettings.php
- Redis, with an autogenerated prefix + same config as toollabs to restrict users from meddling with others' keys
- Possibly squid / varnish, if it is not too hard to replicate the setup that production is in.