We
already started working on a new virtual cluster known as labs
(
wmflabs.org) which purpose is to allow people develop stuff and later
move it to some production, some time ago. I believe it would be nice
to have exactly same environment (probably we could just extend
wmflabs for that) running probably on same platform (virtual cluster
managed through some site, using nova extension) which would have
exactly same possibilities but it would be supposed to run final
products (not a testing environment as labs, but "production" where
the stable version would live)
Why do we need this?
Wikimedia labs will offer cloned db of production in future which
would allow it to run community managed tools like
http://toolserver.org/~quentinv57/tools/sulinfo.php and similar. I
think it would be best if such tools were developed using labs as a
testing platform and stable version pushed to this "production" which
should only run the stable code. In fact it doesn't even need to be
physically another cluster, just another set of virtual instances
isolated from testing environment on labs. The environment would have
restrictions which we don't have on labs. People would need to use
puppet and gerrit mostly for everything, and root would not be given
to everyone in this environment (some projects might be restricted to
wmf ops only), so that we could even move all stable bots, we
currently host on wmflabs there, without being afraid of leaking the
bot credentials and such (that's a reason why bots project is
restricted atm). Also the applications which ask for wikimedia
credentials could be allowed there, since the code living on this
"production" would be subject of review, and such projects which could
mean security risk could be managed by wmf ops only (the changes could
be done by volunteers but would need to be submitted to gerrit).
We could also move some parts of current production to this "community
managed" environment. I talked to Roan Kattouw in past regarding
moving the configuration of wikimedia sites to some git repository so
that volunteers could submit some patches to gerrit or handle bugzilla
reports without needing shell access. Changes to production config
would be merged by operation enginners, so that it would be completely
secure.
In a nutshell:
This environment could be set up on same platform as wmf labs (no
extra costs, just hard work :)), stable products (bots, user scripts)
would be living there, while labs would serve only for development and
nothing else.
The production version would live on another domain, like
wikimedia-tools.org or
wmtools.org
Thanks for your comments and responses
I don't see the need for a different domain name.
should suffice.
Also, this can be accomplished by having multiple projects.
- Ryan
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org