Closed Bug 745061 Opened 12 years ago Closed 12 years ago

new VMs for persona.org alpha/beta deployment

Categories

(Infrastructure & Operations Graveyard :: WebOps: Labs, task)

Product:
Infrastructure & Operations Graveyard
Component:
WebOps: Labs
Type:
task
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: benadida, Assigned: gozer)

References

Details

We need new VMs for persona.org deployment:

- 2 VMs (dev and production) for https://persona.org

- 2 VMs (dev and production) for https://apps.persona.org

Ideally these run the latest stable Ubuntu.

These are needed as part of the Identity/Apps integration, where the user's personal dashboard of apps lives at https://persona.org.

People who need access: Jennifer Fong, Lloyd Hilaiel, Ben Adida.
and also we need SSL certs for those two. Feel free to do the keygen and plop the secret keys in some appropriate location on those boxes. We can do the nginx setup and what not.
(In reply to Ben Adida [:benadida] from comment #0)
> We need new VMs for persona.org deployment:
> 
> - 2 VMs (dev and production) for https://persona.org

https://persona-dev.mozillalabs.com/ for dev ?

> - 2 VMs (dev and production) for https://apps.persona.org

https://persona-apps-dev.mozillalabs.com/ for dev ?

> Ideally these run the latest stable Ubuntu.

Ubuntu is possible, but keep in mind that production services runs on RedHat. So
picking Ubuntu can translate to more work moving to production later.

> These are needed as part of the Identity/Apps integration, where the user's
> personal dashboard of apps lives at https://persona.org.
> 
> People who need access: Jennifer Fong, Lloyd Hilaiel, Ben Adida.
>
> and also we need SSL certs for those two. Feel free to do the keygen and plop the secret > keys in some appropriate location on those boxes. We can do the nginx setup and what not.

SSL is normally terminated on the load-balancers, so your apps don't need to worry about SSL at all. I'll file separate bugs to get the required certificates.
Assignee: server-ops-labs → gozer
Severity: critical → normal
Status: NEW → ASSIGNED
OS: Mac OS X → All
Hardware: x86 → All
on the Ubuntu note: I'd like to understand how painful switching devs to use RH/Centos would be _for those projects which have production in their sights_, ben, so if you have input on that, it'd be really useful.
(In reply to Philippe M. Chiasson (:gozer) from comment #2)
> https://persona-dev.mozillalabs.com/ for dev ?

Sure.

> https://persona-apps-dev.mozillalabs.com/ for dev ?

Sure.

> Ubuntu is possible, but keep in mind that production services runs on
> RedHat.

That's ok, let's make dev easier for now. We'll need a production transition path anyways.

> SSL is normally terminated on the load-balancers, so your apps don't need to
> worry about SSL at all. I'll file separate bugs to get the required
> certificates.

Great.
any update on this?
Severity: normal → critical
OS: All → Mac OS X
Hardware: All → x86
4 Ubuntu VMs were provisionned. They are behind the firewall, so accessible via VPN/Office with LDAP credentials.

persona-dev1.vm1.labs.sjc1.mozilla.com.
persona-prod1.vm1.labs.sjc1.mozilla.com.
persona-apps-dev1.vm1.labs.sjc1.mozilla.com.
persona-apps-prod1.vm1.labs.sjc1.mozilla.com.

sudo granted to :benadida, feel free to assign more sudo privileges to others.

Public access will be enabled next.
OS: Mac OS X → All
Hardware: x86 → All
(In reply to Philippe M. Chiasson (:gozer) from comment #6)
> 4 Ubuntu VMs were provisionned. They are behind the firewall, so accessible
> via VPN/Office with LDAP credentials.

Awesome. Thanks.

One thing I don't quite understand about the way accounts work on these machines: do you need a public key from folks? Somehow mine was already registered so I got in. Does Jen need to send it to you? I don't think I set this up as a normal Linux account, right?
(In reply to Ben Adida [:benadida] from comment #7)
> (In reply to Philippe M. Chiasson (:gozer) from comment #6)
> > 4 Ubuntu VMs were provisionned. They are behind the firewall, so accessible
> > via VPN/Office with LDAP credentials.
> 
> Awesome. Thanks.
> 
> One thing I don't quite understand about the way accounts work on these
> machines:

Mozilla LDAP

> do you need a public key from folks? Somehow mine was already
> registered so I got in. Does Jen need to send it to you? I don't think I set
> this up as a normal Linux account, right?

Correct. Anybody with a mozilla LDAP account and a SSH key on file can get into the VM. You have sudo privileges in there and can use that to grant sudo access to more people if you wish.
great, so how do folks get you their SSH key? Email? bug?
(In reply to Ben Adida [:benadida] from comment #9)
> great, so how do folks get you their SSH key? Email? bug?

Again, no need to do that directly. This is Mozilla LDAP, so their LDAP passwords will also work. If you have folks with LDAP accounts and *no* ssh keys on file with Mozilla, they can just use the mozilla.org / Account Request bugzilla component to request to have a ssh key added to their existing account.
Should we be able to connect to the URL 
https://persona-dev.mozillalabs.com/ now? I can only connect via IP, i.e. http://10.110.4.131
Depends on: 747076
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Product: mozilla.org → Infrastructure & Operations
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.