Novem Linguae and Roy – thank you both for your insights. 

Yes, app-level logging/monitoring could be much better, for sure. And Toolforge is far from intuitive for the average user. We are currently working on new features that will ultimately make Toolforge easier to use, similar to other PaaS offerings out there like Heroku, where users basically just have to point to a repo hosted on GitHub or other VCS, maybe add some config. Hearing which specific things irk people is useful. 

--
Slavina Stefanova (she/her)
Software Engineer - Technical Engagement

Wikimedia Foundation


On Wed, Sep 7, 2022 at 11:16 PM Roy Smith <roy@panix.com> wrote:
On Sep 7, 2022, at 4:50 PM, novemlinguae@gmail.com wrote:

- FTP programs that aren't WinSCP with "environment -> SFTP -> server -> sudo -u tools.novem-bot /usr/lib/sftp-server" configured appear to the user to work, but create some hard-to-track-down bugs because files have the wrong owner. For example I tried using FileZilla Client before I found the tutorial.

My take on this is that Toolforge is unabashedly a linux environment.  If there's some incompatibility with a Windows app, that's not toolforge's problem.  I log into toolforge with this alias:

alias spi-tools-dev='ssh -t dev.toolforge.org tmux new -A -s spi-tools-dev become spi-tools-dev'

As needed, I set up port tunnels with things like:

alias tunnel='ssh -t dev.toolforge.org  -L 23002:localhost:23002 become spi-experiments'

And likewise I can move files in and out with scp.  I agree that there's a learning curve to all this ssh stuff (including the associated key management), but hiding that beneath a cPanel veneer just makes it all the more mysterious because you're never really sure what's going on.  If you're going to develop in a linux environment, invest the time to learn the linux tools.

 Suggested fix: give a separate login for each tool folder, so that you don't have to sudo

Logging in as a person. then gaining some specific additional set of rights with sudo (the "become" utility is really just a thin wrapper around sudo) maintains the appropriate distinction between authentication (who you are) and authorization (what you're allowed to do).  If each tool had its own login, then how would multiple people maintain the tool?  They'd have to share the password to the account.  That's not a good plan.


_______________________________________________
Wikitech-l mailing list -- wikitech-l@lists.wikimedia.org
To unsubscribe send an email to wikitech-l-leave@lists.wikimedia.org
https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/