Server needed for Summit Phonebook app

RESOLVED FIXED

Status

mozilla.org Graveyard
Server Operations
--
major
RESOLVED FIXED
8 years ago
3 years ago

People

(Reporter: atul, Assigned: oremj)

Tracking

Details

(Reporter)

Description

8 years ago
I need a server for the summit phonebook, which is described in bug 574200.

This is the kind of setup I'd like, courtesy of :laura from bug 574200 comment 51:

> I would probably suggest asking for staging + prod servers, just so you have
> somewhere to test stuff.  Typical setup is staging autosyncing from your repo,
> but production changes only on a release.

Thanks!
(Reporter)

Comment 1

8 years ago
The README for the app is here:

  http://hg.toolness.com/summit-idp/file/tip/README.md

As it notes, the server(s) will need Python 2.6 on them and some kind of infrastructure that allows wsgi apps to be deployed, as well as static files. Static files, located in the 'static-files' dir, should be served from the root directory of the server, and the wsgi app needs to be served from the '/api' directory.

I've never deployed a server on Mozilla IT infrastructure, so let me know what else you need.
Severity: normal → major
OS: Mac OS X → All
Hardware: x86 → All

Updated

8 years ago
Assignee: server-ops → jeremy.orem+bugs
(Assignee)

Comment 2

8 years ago
Can you stick this in github?
(Assignee)

Comment 3

8 years ago
Jeff can add you to the mozilla organization.
The organization stuff doesn't affect deployment or hosting, it's just fun to play with at this point.
(Assignee)

Comment 5

8 years ago
I'll also take hg.mozilla.org or svn.mozilla.org.
Atul is traveling, but I've looked at the app some so in his absence I should be able to answer questions/make code changes/etc.
(Assignee)

Comment 8

8 years ago
Can we make this app run under mod_wsgi or at least write a server that already supports sending mail? I'm out after today until the start of the summit, so if this doesn't happen tonight we'll have to reassign or set it up at the summit.
Here is a file that will work as a .wsgi file: http://hg.mozilla.org/users/ibicking_mozilla.com/summit-idp/file/5cb3f060fc57/silver-runner.py

Or, maybe more specifically this code (a couple variables need settings):

import os
import smtplib
from summitidp.easy import make_wsgi_app

storage_dir = '<some writable path to put files in>'
smtp_host = 'localhost'
hostname = 'summit-idp.something.com'

def send_email(email, token):
    message = """\
To: %s
Subject: Authenticate with MozSummit

To login to the service (as %s) please visit the URL:

  http://%s/#verify=%s
""" % (email, email, hostname, token)
    server = smtplib.SMTP(smtp_host)
    server.sendmail(
        'bot@%s' % hostname,
        [email],
        message)
    server.close()

application = make_wsgi_app(storage_dir, send_email)



----

Another detail, in storage_dir/attendees.json there needs to be a JSON list of email addresses.  We don't have that list now, but we should be able to get it, we'll just need to upload it later.  You can just put in ["oremj@mozilla.com", "avarma@mozilla.com", "ibicking@mozilla.com"] for testing purposes.
(Reporter)

Comment 10

8 years ago
Awesome, thanks Ian! (On a plane at O'Hare, about to take off.)
(Assignee)

Comment 11

8 years ago
The app is pretty much set up. I just need the full attendees json now.
(Reporter)

Comment 12

8 years ago
Thanks Jeremy, just sent you the JSON over email (didn't attach it to this bug since the list is confidential and this bug isn't).
(Assignee)

Comment 13

8 years ago
It's set up @ http://summitbook.mozilla.org/ with the full attendees.json.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
(Reporter)

Comment 14

8 years ago
Nice!!

Um, so the only thing now is that it'd be optimal to deliver this via https, or else we potentially compromise our hard-won efforts at protecting our users' sensitive data. :)  It's up to you, though.
Agreed on that point (comment 14). HTTPS please. HTTP can redirect to HTTPS
(Reporter)

Comment 16

8 years ago
Also, if you could re-pull from this repo:

   http://hg.mozilla.org/users/avarma_mozilla.com/summit-idp/

it should fix a bug that occurs on wsgi configs that use separate processes, which yours appears to do.
(Assignee)

Comment 17

8 years ago
I've updated the app.
We'll need to set this up for HTTPS only before we can completely mark this as complete.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
(Reporter)

Comment 19

8 years ago
Ugh, actually, there appears to be a bit more logic in my app that assumes a single process multithreaded model.

Can you change the mod_wsgi config to support this?

here's the instructions:

  http://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIDaemonProcess
(Assignee)

Comment 20

8 years ago
The vhost now looks like this:

> <VirtualHost *:80>
>     ServerName summitbook.mozilla.org
> 
>     DocumentRoot /var/sites/summitbook.mozilla.org/static-files/
> 
> 
>     WSGIScriptAlias /api /var/sites/summitbook.mozilla.org/summitidp/summitbook.py
>     WSGIDaemonProcess summitbook display-name=sbook
>     WSGIProcessGroup summitbook
> 
> 
> 	ErrorLog /var/log/apache2/summitbook.mozilla.org.error.log
> 	CustomLog /var/log/apache2/summitbook.mozilla.org.access.log combined
> </VirtualHost>
(Assignee)

Comment 21

8 years ago
Mrz is out of town and I'm trying to track down someone else who can order certs. Will a self-signed cert do?
No, we won't be able to use a self signed cert in this situation. We'll need a valid certificate.
(Assignee)

Comment 23

8 years ago
Justin is buying the cert.
Assignee: jeremy.orem+bugs → justin
(In reply to comment #22)
> No, we won't be able to use a self signed cert in this situation. We'll need a
> valid certificate.

I'm curious - why not?  We have a number of apps using the Mozilla Root certificate.  There's an obvious cost to a commercial SSL cert for a relatively short-lived website.

Who took point on generating the CSR?
Assignee: justin → mrz
(Reporter)

Comment 25

8 years ago
Using the Mozilla root cert would significantly reduce the usability of the site, as it would require users to go through whatever process is required to install or bypass a cert on their particular browser.

Using StartSSL I was able to get a cert for moz10.org for free in a few hours.
> I'm curious - why not?  We have a number of apps using the Mozilla Root
> certificate.  There's an obvious cost to a commercial SSL cert for a relatively
> short-lived website.
> 
> Who took point on generating the CSR?

At the summit we will likely have a large number of community users who don't already have the root certificate installed. This could lead to confusion and lots of invalid cert messages. A valid cert would allow attendees to immediately use the site during the summit.
(Assignee)

Comment 27

8 years ago
(In reply to comment #24)
> (In reply to comment #22)
> > No, we won't be able to use a self signed cert in this situation. We'll need a
> > valid certificate.
> 
> I'm curious - why not?  We have a number of apps using the Mozilla Root
> certificate.  There's an obvious cost to a commercial SSL cert for a relatively
> short-lived website.
> 
> Who took point on generating the CSR?

I generated the CSR and sent it to Justin.
(Assignee)

Updated

8 years ago
Assignee: mrz → jeremy.orem+bugs
(Assignee)

Comment 28

8 years ago
Site is now delivered over SSL.
Status: REOPENED → RESOLVED
Last Resolved: 8 years ago8 years ago
Resolution: --- → FIXED
(Reporter)

Comment 29

8 years ago
Thanks Jeremy!

Unfortunately, though, we need to change a few things on the server-side.

The most urgent need is that we need to replace the "http:" URL in the email that's being sent out with "https:". Although we're redirecting to https, some browsers aren't redirecting the hash part of the URL which contains the verify token.

We'd also like to change the main text of the email, in particular to reflect the renaming of the app to "Mozilla SummitBook", so send_email should now be something like this:

def send_email(email, token):
    message = """\
To: %s
Subject: Sign Up for Mozilla SummitBook!

Atul Varma has put together a little application that can only be seen by
Mozilla Summit attendees which lets you share information about who you are,
and what you do within the Mozilla community. It's secure, and completely
optional, but if you'd like to tell your fellow Summiteers about yourself,
please click on the link below to log-in to the service (as %s) and fill out whatever details you want:

  https://%s/#verify=%s
""" % (email, email, hostname, token)
    server = smtplib.SMTP(smtp_host)
    server.sendmail(
        'bot@%s' % hostname,
        [email],
        message)
    server.close()
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
(Assignee)

Updated

8 years ago
Status: REOPENED → RESOLVED
Last Resolved: 8 years ago8 years ago
Resolution: --- → FIXED
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.