Novem Linguae and Roy – thank you both for your insights.
Yes, app-level logging/monitoring could be much better, for sure.
And Toolforge is far from intuitive for the average user. We are currently
working on new features that will ultimately make Toolforge easier to use,
similar to other PaaS offerings out there like Heroku, where users
basically just have to point to a repo hosted on GitHub or other VCS, maybe
add some config. Hearing which specific things irk people is useful.
--
Slavina Stefanova (she/her)
Software Engineer - Technical Engagement
Wikimedia Foundation
On Wed, Sep 7, 2022 at 11:16 PM Roy Smith <roy(a)panix.com> wrote:
On Sep 7, 2022, at 4:50 PM, novemlinguae(a)gmail.com
wrote:
- FTP programs that aren't WinSCP with "environment -> SFTP -> server
->
sudo -u tools.novem-bot /usr/lib/sftp-server" configured appear to the user
to work, but create some hard-to-track-down bugs because files have the
wrong owner. For example I tried using FileZilla Client before I found the
tutorial.
My take on this is that Toolforge is unabashedly a linux environment. If
there's some incompatibility with a Windows app, that's not toolforge's
problem. I log into toolforge with this alias:
alias spi-tools-dev='ssh -t
dev.toolforge.org tmux new -A -s
spi-tools-dev become spi-tools-dev'
As needed, I set up port tunnels with things like:
alias tunnel='ssh -t
dev.toolforge.org -L 23002:localhost:23002 become
spi-experiments'
And likewise I can move files in and out with scp. I agree that there's a
learning curve to all this ssh stuff (including the associated key
management), but hiding that beneath a cPanel veneer just makes it all the
more mysterious because you're never really sure what's going on. If
you're going to develop in a linux environment, invest the time to learn
the linux tools.
Suggested fix: give a separate login for each tool folder, so that you
don't have to sudo
Logging in as a person. then gaining some specific additional set of
rights with sudo (the "become" utility is really just a thin wrapper around
sudo) maintains the appropriate distinction between authentication (who you
are) and authorization (what you're allowed to do). If each tool had its
own login, then how would multiple people maintain the tool? They'd have
to share the password to the account. That's not a good plan.
_______________________________________________
Wikitech-l mailing list -- wikitech-l(a)lists.wikimedia.org
To unsubscribe send an email to wikitech-l-leave(a)lists.wikimedia.org
https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/