On 02/11/11 21:48, Ryan Lane wrote:
On Tue, Oct 25, 2011 at 1:43 PM, Platonides Platonides@gmail.com wrote:
Ryan Lane wrote:
https://labsconsole.wikimedia.org/wiki/Main_Page
Just a suggestion ;)
- Ryan
- This is the first time it is mentioned in this mailing list.
It isn't the first time labs has been. I was suggesting labs, not the console. I was replying to Chad, and he has seen the console, so he likely understood what I meant perfectly well.
As someone who tested http://nova-controller.tesla.usability.wikimedia.org/ it was quite a shock to find it out in this way.
1b) Not even mentioned in the Server Admin Log.
Meh. I don't log every single thing I do. It's in the git log for the puppet repo, at minimum.
Is this is the way we publish things now? As git logs? :)
- It has a funny concept of "you have an account"
In what way? I'm giving out accounts to people slowly, over time. It's in kind of closed beta mode right now. Basically, if you ask for an account, you get one.
If the user is not in Special:ListUsers, which kind of user is it? I guess it should have been developers "can get an account by poking Ryan"
- Public IPs are private
This is the way that OpenStack Nova works. If a public IP hasn't been assigned to the instance yet, then the private IP is also considered the public IP. bastion.wmflabs.org, for instance has a legitimate public IP, with a legitimate public DNS entry.
Last week, I didn't know there was such server (in fact, it seems to have been launched _after_ I sent that mail). *If* you have an account on labsconsole.wikimedia.org, *and* you go to https://labsconsole.wikimedia.org/wiki/Special:NovaAddress *and* you know what a bastion host is, then you may figure it out.
Note that my first attempt was to try creating a ssh tunnel through gerrit.wikimedia.org
- Instances don't seem to be on wmf dns, despite statements of "ssh
<nameofinstance>" and "adding wmflabs domain in DNS"
That is not true. I'm running powerdns on virt1.wikimedia.org with an LDAP backend.
All instances are in DNS when they are created, automatically. That is private DNS, though. Instance "test" would be "test.pmtpa.wmflabs". It's possible to SSH from a bastion host to all private hosts.
It turns out you registered wmflabs.org I had been trying things like foo.wmflabs.wikimedia.org or foo.wmflabs
- Reading the git instructions make me feel sick
Well, let's give you an account, and you can fix it.
By blanking the page? :)
- The RSA key (dc:e9:68:7b:99:1b:27:d0:f9:fd:ce:6a:2e:bf:92:e1?) is not
listed
RSA key for what? Why would it need to be listed anywhere? Maybe listing the RSA keys for hosts with public IPs is a good idea...
For gerrit, which is everything i could connect to. It is shown on https://gerrit.wikimedia.org/r/#settings,ssh-keys though, so you can take it out.
- Why is there a unicorn ?
Because this is the place for magic to happen.
- Ryan
/me waits for the magic to happen...
So far, it still doesn't seem useful.
Platonides, Ryan:
6) The RSA key (dc:e9:68:7b:99:1b:27:d0:f9:fd:ce:6a:2e:bf:92:e1?) is not listed
RSA key for what? Why would it need to be listed anywhere? Maybe listing the RSA keys for hosts with public IPs is a good idea...
Filed as https://bugzilla.wikimedia.org/show_bug.cgi?id=32163
As someone who tested http://nova-controller.tesla.usability.wikimedia.org/ it was quite a shock to find it out in this way.
Well, we released it at the hack-a-thon for early beta testing. It isn't ready for MediaWiki development, so I didn't publicize it to this list just yet.
Once I work out the current bugs, and get the MediaWiki portion of the infrastructure up I'll announce it properly.
1b) Not even mentioned in the Server Admin Log.
Meh. I don't log every single thing I do. It's in the git log for the puppet repo, at minimum.
Is this is the way we publish things now? As git logs? :)
There's some stuff related to this in the SAL. git logs for puppet are way better than the SAL for seeing what is actually going on, though.
- It has a funny concept of "you have an account"
In what way? I'm giving out accounts to people slowly, over time. It's in kind of closed beta mode right now. Basically, if you ask for an account, you get one.
If the user is not in Special:ListUsers, which kind of user is it? I guess it should have been developers "can get an account by poking Ryan"
I guess I'm still confused about what this question is. Either you have an account or you don't have an account. If you aren't listed in Special:UserList, then you don't have an account.
You can get an account by asking me for one. Other ops people can give you an account too, but they'll likely point you at me.
- Public IPs are private
This is the way that OpenStack Nova works. If a public IP hasn't been assigned to the instance yet, then the private IP is also considered the public IP. bastion.wmflabs.org, for instance has a legitimate public IP, with a legitimate public DNS entry.
Last week, I didn't know there was such server (in fact, it seems to have been launched _after_ I sent that mail). *If* you have an account on labsconsole.wikimedia.org, *and* you go to https://labsconsole.wikimedia.org/wiki/Special:NovaAddress *and* you know what a bastion host is, then you may figure it out.
bastion.wmflabs.org is fairly new. I made it during the hack-a-thon in New Orleans. In fact, every instance in the instance list was one I made at the hack-a-thon.
I know documentation needs to be written, but do you really expect a brand new service to be fully documented while it is still mostly being built? The supporting architecture is relatively well documented [1].
I've been writing blog posts as I've been making changes [2] [3]. I'll follow up with proper documentation as well.
Note that my first attempt was to try creating a ssh tunnel through gerrit.wikimedia.org
Gerrit is for managing git. It allows you to make changes to our puppet repository, which is what configures all of the instances in labs and all of the hardware in production.
You can always ask me how stuff works in labs currently, rather than grasping around blindly ;). You can even help me write documentation about how it works to help others (and help me).
It turns out you registered wmflabs.org I had been trying things like foo.wmflabs.wikimedia.org or foo.wmflabs
Heh. This actually *is* in the SAL. Anyway, again, this is documentation related.
- Reading the git instructions make me feel sick
Well, let's give you an account, and you can fix it.
By blanking the page? :)
What's wrong with the documentation? I can't fix it if I don't know what's wrong with it. I'm more than happy to take suggestions if you aren't willing to make the changes yourself.
- The RSA key (dc:e9:68:7b:99:1b:27:d0:f9:fd:ce:6a:2e:bf:92:e1?) is not
listed
RSA key for what? Why would it need to be listed anywhere? Maybe listing the RSA keys for hosts with public IPs is a good idea...
For gerrit, which is everything i could connect to. It is shown on https://gerrit.wikimedia.org/r/#settings,ssh-keys though, so you can take it out.
This is the public RSA key of the server. It's there to add to your known-hosts file. I'm not sure what the problem with this is.
- Why is there a unicorn ?
Because this is the place for magic to happen.
/me waits for the magic to happen...
So far, it still doesn't seem useful.
This launched like two weeks ago. It's already useful for doing devops related things. It isn't useful for MediaWiki development yet, but hopefully will be soon.
You are asking for a unicorn, and I'm providing a place to build that unicorn. You want the magic to happen? Come help us make it happen.
- Ryan
[1] http://wikitech.wikimedia.org/view/OpenStack http://www.mediawiki.org/wiki/Extension:OpenStackManager [2] http://ryandlane.com/blog/2011/11/01/sharing-home-directories-to-instances-w... [3] http://ryandlane.com/blog/2011/11/02/a-process-for-puppetization-of-a-servic...
wikitech-l@lists.wikimedia.org