Closed Bug 576128 Opened 15 years ago Closed 15 years ago

Server needed for Summit Phonebook app

Categories

(mozilla.org Graveyard :: Server Operations, task)

Product:
mozilla.org Graveyard
Component:
Server Operations
Type:
task
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: avarma, Assigned: oremj)

Details

I need a server for the summit phonebook, which is described in bug 574200. This is the kind of setup I'd like, courtesy of :laura from bug 574200 comment 51: > I would probably suggest asking for staging + prod servers, just so you have > somewhere to test stuff. Typical setup is staging autosyncing from your repo, > but production changes only on a release. Thanks!
The README for the app is here: http://hg.toolness.com/summit-idp/file/tip/README.md As it notes, the server(s) will need Python 2.6 on them and some kind of infrastructure that allows wsgi apps to be deployed, as well as static files. Static files, located in the 'static-files' dir, should be served from the root directory of the server, and the wsgi app needs to be served from the '/api' directory. I've never deployed a server on Mozilla IT infrastructure, so let me know what else you need.
Severity: normal → major
OS: Mac OS X → All
Hardware: x86 → All
Assignee: server-ops → jeremy.orem+bugs
Can you stick this in github?
Jeff can add you to the mozilla organization.
The organization stuff doesn't affect deployment or hosting, it's just fun to play with at this point.
I'll also take hg.mozilla.org or svn.mozilla.org.
Atul is traveling, but I've looked at the app some so in his absence I should be able to answer questions/make code changes/etc.
Can we make this app run under mod_wsgi or at least write a server that already supports sending mail? I'm out after today until the start of the summit, so if this doesn't happen tonight we'll have to reassign or set it up at the summit.
Here is a file that will work as a .wsgi file: http://hg.mozilla.org/users/ibicking_mozilla.com/summit-idp/file/5cb3f060fc57/silver-runner.py Or, maybe more specifically this code (a couple variables need settings): import os import smtplib from summitidp.easy import make_wsgi_app storage_dir = '<some writable path to put files in>' smtp_host = 'localhost' hostname = 'summit-idp.something.com' def send_email(email, token): message = """\ To: %s Subject: Authenticate with MozSummit To login to the service (as %s) please visit the URL: http://%s/#verify=%s """ % (email, email, hostname, token) server = smtplib.SMTP(smtp_host) server.sendmail( 'bot@%s' % hostname, [email], message) server.close() application = make_wsgi_app(storage_dir, send_email) ---- Another detail, in storage_dir/attendees.json there needs to be a JSON list of email addresses. We don't have that list now, but we should be able to get it, we'll just need to upload it later. You can just put in ["oremj@mozilla.com", "avarma@mozilla.com", "ibicking@mozilla.com"] for testing purposes.
Awesome, thanks Ian! (On a plane at O'Hare, about to take off.)
The app is pretty much set up. I just need the full attendees json now.
Thanks Jeremy, just sent you the JSON over email (didn't attach it to this bug since the list is confidential and this bug isn't).
It's set up @ http://summitbook.mozilla.org/ with the full attendees.json.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Nice!! Um, so the only thing now is that it'd be optimal to deliver this via https, or else we potentially compromise our hard-won efforts at protecting our users' sensitive data. :) It's up to you, though.
Agreed on that point (comment 14). HTTPS please. HTTP can redirect to HTTPS
Also, if you could re-pull from this repo: http://hg.mozilla.org/users/avarma_mozilla.com/summit-idp/ it should fix a bug that occurs on wsgi configs that use separate processes, which yours appears to do.
I've updated the app.
We'll need to set this up for HTTPS only before we can completely mark this as complete.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Ugh, actually, there appears to be a bit more logic in my app that assumes a single process multithreaded model. Can you change the mod_wsgi config to support this? here's the instructions: http://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIDaemonProcess
The vhost now looks like this: > <VirtualHost *:80> > ServerName summitbook.mozilla.org > > DocumentRoot /var/sites/summitbook.mozilla.org/static-files/ > > > WSGIScriptAlias /api /var/sites/summitbook.mozilla.org/summitidp/summitbook.py > WSGIDaemonProcess summitbook display-name=sbook > WSGIProcessGroup summitbook > > > ErrorLog /var/log/apache2/summitbook.mozilla.org.error.log > CustomLog /var/log/apache2/summitbook.mozilla.org.access.log combined > </VirtualHost>
Mrz is out of town and I'm trying to track down someone else who can order certs. Will a self-signed cert do?
No, we won't be able to use a self signed cert in this situation. We'll need a valid certificate.
Justin is buying the cert.
Assignee: jeremy.orem+bugs → justin
(In reply to comment #22) > No, we won't be able to use a self signed cert in this situation. We'll need a > valid certificate. I'm curious - why not? We have a number of apps using the Mozilla Root certificate. There's an obvious cost to a commercial SSL cert for a relatively short-lived website. Who took point on generating the CSR?
Assignee: justin → mrz
Using the Mozilla root cert would significantly reduce the usability of the site, as it would require users to go through whatever process is required to install or bypass a cert on their particular browser. Using StartSSL I was able to get a cert for moz10.org for free in a few hours.
> I'm curious - why not? We have a number of apps using the Mozilla Root > certificate. There's an obvious cost to a commercial SSL cert for a relatively > short-lived website. > > Who took point on generating the CSR? At the summit we will likely have a large number of community users who don't already have the root certificate installed. This could lead to confusion and lots of invalid cert messages. A valid cert would allow attendees to immediately use the site during the summit.
(In reply to comment #24) > (In reply to comment #22) > > No, we won't be able to use a self signed cert in this situation. We'll need a > > valid certificate. > > I'm curious - why not? We have a number of apps using the Mozilla Root > certificate. There's an obvious cost to a commercial SSL cert for a relatively > short-lived website. > > Who took point on generating the CSR? I generated the CSR and sent it to Justin.
Assignee: mrz → jeremy.orem+bugs
Site is now delivered over SSL.
Status: REOPENED → RESOLVED
Closed: 15 years ago15 years ago
Resolution: --- → FIXED
Thanks Jeremy! Unfortunately, though, we need to change a few things on the server-side. The most urgent need is that we need to replace the "http:" URL in the email that's being sent out with "https:". Although we're redirecting to https, some browsers aren't redirecting the hash part of the URL which contains the verify token. We'd also like to change the main text of the email, in particular to reflect the renaming of the app to "Mozilla SummitBook", so send_email should now be something like this: def send_email(email, token): message = """\ To: %s Subject: Sign Up for Mozilla SummitBook! Atul Varma has put together a little application that can only be seen by Mozilla Summit attendees which lets you share information about who you are, and what you do within the Mozilla community. It's secure, and completely optional, but if you'd like to tell your fellow Summiteers about yourself, please click on the link below to log-in to the service (as %s) and fill out whatever details you want: https://%s/#verify=%s """ % (email, email, hostname, token) server = smtplib.SMTP(smtp_host) server.sendmail( 'bot@%s' % hostname, [email], message) server.close()
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Status: REOPENED → RESOLVED
Closed: 15 years ago15 years ago
Resolution: --- → FIXED
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.