Auth systems/Testing
Testing system Labs
[edit]- Should emulate the major features of production
- Ex:CentralAuth with SUL
- Shared memcache
- Master-slave db's (nice to have)
Updates
[edit]2013-03-29:
- Databases and apaches set up. memcached seems to be working too
- Three wikis set up: http://w1-oauth.wikipedia.wmflabs.org/w/, http://w2-oauth.wiktionary.wmflabs.org/w/, and http://login-oauth.mediawiki.wmflabs.org/w/.
- CentralAuth extension is installed, seems to function at a basic level.
2013-04-08:
- To make testing easier, I've setup the login-oauth wiki to also use http://catest.ii0.co/ (personal domain) for dns. That will let us test cross domain access. Updated /home/wikipedia/common/multiversion/MWMultiVersion.php ($lang/$site detection) and wmf-config/InitialiseSettings-labs.php (wgServer/wgCanonicalServer for loginwiki)
TODO
[edit]- Create user accounts
- Either get a second IP (needs a labs root to up the quota) or set up a simple squid to alternate between the two apaches.
Server setup
[edit]Dumping some notes here so I can remember how I did this. Someday this sort of thing should be puppetized somehow so it's easier.
SQL servers
[edit]- Create the instances, with the "sql" security group
- Add "role::labs-mysql-server"
- Create /etc/mysql/conf.d/local.cnf with the following contents:
[mysqld] read-only # Remove this on the master server-id = 1 # Set this different on each host bind_address = 0.0.0.0 log-bin sync_binlog = 1 binlog_format = statement log_slave_updates log_slow_queries long_query_time = 0.45
- Create replication user:
- CREATE USER 'repl'@'10.4.%.%' IDENTIFIED BY 'password';
- GRANT REPLICATION SLAVE ON *.* TO 'repl'@'10.4.%.%';
- Restart mysql
- Do steps 4, 5, and 8 at https://dev.mysql.com/doc/refman/5.5/en/replication-howto-newservers.html
- Restart mysql on the slave. Then "SHOW SLAVE STATUS" to see if it's working
Apache servers
[edit]- Create the instances, with the "web" security group
- Add "misc::deployment::scripts", "webserver::php5", "webserver::php5-mysql", "memcached"
- If memcached is only listening on localhost, restart it
- sudo apt-get install imagemagick php-apc
- sudo mkdir /usr/local/apache
- sudo ln -s /home/wikipedia/common/ /usr/local/apache/common-local
- sudo ln -s /usr/local/apache /apache
- sudo ln -s /usr/local/apache/common-local /usr/local/apache/common
- sudo mkdir -p /srv/deployment/mediawiki
- sudo ln -s /home/wikipedia/common/ /srv/deployment/mediawiki/common
- Copy something resembling puppet's modules/mediawiki_singlenode/templates/simplewiki.wmflabs.org into /etc/apache2/sites-available/wiki, and symlink it from /etc/apache2/sites-enabled/
- Probably wouldn't hurt to restart apache now
- Set umask in /etc/bash.bashrc
Wikis
[edit]- On oauth-sql01:
- sudo mysql
- CREATE DATABASE $WIKI;
- GRANT ALL PRIVILEGES ON $WIKI.* TO 'mw'@'10.4.%.%';
- sudo mysql
- On oauth-apache01:
- Edit all-labs.dblist and wikiversions-labs.dblist
- Run multiversion/refreshWikiversionsCDB
- sudo mwscript eval.php --wiki $WIKI
- $dbw = wfGetDB( DB_MASTER ); $dbw->sourceFile( '/home/wikipedia/common/php-master/maintenance/tables.sql' );
- sudo mwscript update.php --wiki $WIKI --quick
- Go to wikitech:Special:NovaAddress and add the hostname for the new wiki.