new VMs for persona.org alpha/beta deployment

RESOLVED FIXED

Status

--
critical
RESOLVED FIXED
7 years ago
2 years ago

People

(Reporter: benadida, Assigned: gozer)

Tracking

Details

(Reporter)

Description

7 years ago
We need new VMs for persona.org deployment:

- 2 VMs (dev and production) for https://persona.org

- 2 VMs (dev and production) for https://apps.persona.org

Ideally these run the latest stable Ubuntu.

These are needed as part of the Identity/Apps integration, where the user's personal dashboard of apps lives at https://persona.org.

People who need access: Jennifer Fong, Lloyd Hilaiel, Ben Adida.
(Reporter)

Comment 1

7 years ago
and also we need SSL certs for those two. Feel free to do the keygen and plop the secret keys in some appropriate location on those boxes. We can do the nginx setup and what not.
(Assignee)

Comment 2

7 years ago
(In reply to Ben Adida [:benadida] from comment #0)
> We need new VMs for persona.org deployment:
> 
> - 2 VMs (dev and production) for https://persona.org

https://persona-dev.mozillalabs.com/ for dev ?

> - 2 VMs (dev and production) for https://apps.persona.org

https://persona-apps-dev.mozillalabs.com/ for dev ?

> Ideally these run the latest stable Ubuntu.

Ubuntu is possible, but keep in mind that production services runs on RedHat. So
picking Ubuntu can translate to more work moving to production later.

> These are needed as part of the Identity/Apps integration, where the user's
> personal dashboard of apps lives at https://persona.org.
> 
> People who need access: Jennifer Fong, Lloyd Hilaiel, Ben Adida.
>
> and also we need SSL certs for those two. Feel free to do the keygen and plop the secret > keys in some appropriate location on those boxes. We can do the nginx setup and what not.

SSL is normally terminated on the load-balancers, so your apps don't need to worry about SSL at all. I'll file separate bugs to get the required certificates.
Assignee: server-ops-labs → gozer
Severity: critical → normal
Status: NEW → ASSIGNED
OS: Mac OS X → All
Hardware: x86 → All
on the Ubuntu note: I'd like to understand how painful switching devs to use RH/Centos would be _for those projects which have production in their sights_, ben, so if you have input on that, it'd be really useful.
(Reporter)

Comment 4

7 years ago
(In reply to Philippe M. Chiasson (:gozer) from comment #2)
> https://persona-dev.mozillalabs.com/ for dev ?

Sure.

> https://persona-apps-dev.mozillalabs.com/ for dev ?

Sure.

> Ubuntu is possible, but keep in mind that production services runs on
> RedHat.

That's ok, let's make dev easier for now. We'll need a production transition path anyways.

> SSL is normally terminated on the load-balancers, so your apps don't need to
> worry about SSL at all. I'll file separate bugs to get the required
> certificates.

Great.
(Reporter)

Comment 5

7 years ago
any update on this?
Severity: normal → critical
OS: All → Mac OS X
Hardware: All → x86
(Assignee)

Comment 6

7 years ago
4 Ubuntu VMs were provisionned. They are behind the firewall, so accessible via VPN/Office with LDAP credentials.

persona-dev1.vm1.labs.sjc1.mozilla.com.
persona-prod1.vm1.labs.sjc1.mozilla.com.
persona-apps-dev1.vm1.labs.sjc1.mozilla.com.
persona-apps-prod1.vm1.labs.sjc1.mozilla.com.

sudo granted to :benadida, feel free to assign more sudo privileges to others.

Public access will be enabled next.
OS: Mac OS X → All
Hardware: x86 → All
(Reporter)

Comment 7

7 years ago
(In reply to Philippe M. Chiasson (:gozer) from comment #6)
> 4 Ubuntu VMs were provisionned. They are behind the firewall, so accessible
> via VPN/Office with LDAP credentials.

Awesome. Thanks.

One thing I don't quite understand about the way accounts work on these machines: do you need a public key from folks? Somehow mine was already registered so I got in. Does Jen need to send it to you? I don't think I set this up as a normal Linux account, right?
(Assignee)

Comment 8

7 years ago
(In reply to Ben Adida [:benadida] from comment #7)
> (In reply to Philippe M. Chiasson (:gozer) from comment #6)
> > 4 Ubuntu VMs were provisionned. They are behind the firewall, so accessible
> > via VPN/Office with LDAP credentials.
> 
> Awesome. Thanks.
> 
> One thing I don't quite understand about the way accounts work on these
> machines:

Mozilla LDAP

> do you need a public key from folks? Somehow mine was already
> registered so I got in. Does Jen need to send it to you? I don't think I set
> this up as a normal Linux account, right?

Correct. Anybody with a mozilla LDAP account and a SSH key on file can get into the VM. You have sudo privileges in there and can use that to grant sudo access to more people if you wish.
(Reporter)

Comment 9

7 years ago
great, so how do folks get you their SSH key? Email? bug?
(Assignee)

Comment 10

7 years ago
(In reply to Ben Adida [:benadida] from comment #9)
> great, so how do folks get you their SSH key? Email? bug?

Again, no need to do that directly. This is Mozilla LDAP, so their LDAP passwords will also work. If you have folks with LDAP accounts and *no* ssh keys on file with Mozilla, they can just use the mozilla.org / Account Request bugzilla component to request to have a ssh key added to their existing account.
Should we be able to connect to the URL 
https://persona-dev.mozillalabs.com/ now? I can only connect via IP, i.e. http://10.110.4.131
(Assignee)

Updated

7 years ago
Depends on: 747076
(Assignee)

Updated

7 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Product: mozilla.org → Infrastructure & Operations
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.