Closed Bug 768290 Opened 13 years ago Closed 13 years ago

Setup helpdesk.mozilla.com

Categories

(Infrastructure & Operations Graveyard :: WebOps: Other, task)

Product:
Infrastructure & Operations Graveyard
Component:
WebOps: Other
Platform:
x86_64
All
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: dumitru, Assigned: nmaul)

Details

(Whiteboard: [triaged 20120824])

This is a Desktop FAQ page: https://mana.mozilla.org/wiki/display/websites/Desktop+FAQ Security review and other significant details are in bug 736218. Initially, I set this up in a rush (it was a Desktop Q1 goal) on a VM in Mountain View and added DNS entries for all the offices and VPN. You can check it at "http://desktop.mv.mozilla.com/". Now, it's time to fix this and setup the website in the right place: in a datacenter, with the Apache and MySQL split across our existing clusters. Per Desktop request and feedback from employees, this website should: - be called helpdesk.mozilla.com - have Apache basic auth (LDAP) Code and database are all on the VM mentioned in the Confluence link above. Please ask me or Clarissa for any additional information needed.
(In reply to Dumitru Gherman [:dumitru] from comment #0) > - be called helpdesk.mozilla.com ...and be accessible even outside VPN.
Assignee: server-ops → server-ops-webops
We also need to be able to capture statistics from the site: Number of people accessing the site. The search data that they are entering into the, "What do you need help with?" box. And a ranking of the search data based on how often a subject is looked for. We need to track numbers for running reports on how the site is being used.
Are we sure this should be helpdesk.mozilla.com and not .org? The trend for the past year has been to move as much as possible to .org.
I spoke with MRZ & Tim. MRZ suggested that we keep helpdesk.mozilla.com because the customer base for this site will be Mozilla paid employees and not for the open community. Thank you for the suggestion!
Any idea when this may get looked at?
Clarissa, Any Idea how you want to collect the data from comment 2? I don't think we have anything in place to do that at the moment and I think that is holding us up. If you have an idea how you want to collect and parse the data that might help to move this forward. Otherwise we will discuss this during our next triage and attempt to devise a solution. In the mean time we can probably get this deployed on the generic cluster (also to be discussed at our next triage).
Whiteboard: [pending triage]
Group: infra
(In reply to Jason Crowe [:jd] from comment #6) I was thinking something like Google Analytics, but I'm not sure if that is the best way to go. I was hoping to lean on your teams expertise to find out what good and free options are out there. It really doesn't need to be anything too heavy, just track the top searches and see how much traffic is happening on the site. Basic data so that we can improve the site. Statistics that are easy to access and easy to read. Let me know what you think.
We'll do the main site setup, and the question about how to do analytics is something for Metrics to answer. That probably ought to be a separate bug after the fact. :)
Priority: -- → P3
Whiteboard: [pending triage] → [triaged 20120824]
(In reply to Jake Maul [:jakem] from comment #8) > We'll do the main site setup, and the question about how to do analytics is > something for Metrics to answer. That probably ought to be a separate bug > after the fact. :) Awesome! That sounds good to me. Thank you!
Renormalizing priority levels... P4 is "normal" now.
Priority: P3 → P4
> Now, it's time to fix this and setup the website in the right place: in a > datacenter, with the Apache and MySQL split across our existing clusters. You now require a security review. We compromised and avoided anything complicated by hosting it internally only. > Per Desktop request and feedback from employees, this website should: > - have Apache basic auth (LDAP) The essence of this site was to be an FAQ for users to self-medicate. One of the examples was "my password isn't working". By requiring basic auth, you've negated that use case. That might not be relevant anymore, but that's why it wasn't behind any auth (also the target audience was local paid-staff vs. remote).
Do you know when this will get worked on? I would appreciate any ETA on forward progress please.
Do we have a sec-review? We could set this up as planned but behind LDAP auth *until* sec-review is passed... at which point I still think it might be useful to have this (or something like this) available to remoties as well as local folks. We can accomplish that easily if it's a normal public IP. I don't imagine there's much sensitive information in here, but if there is we can re-evaluate potentially password-protecting certain parts of it.
Flags: sec-review?
Priority: P4 → P3
Or LDAP + allizom.org? :)
If there have been no changes to the wordpress theme then it is good to go; otherwise we can ask dchan to refresh the review.
No OpSec review needed.
Flags: sec-review? → sec-review?(dchan+bugzilla)
I'll do a quick review of the theme tomorrow. Will the site be accessible over HTTP? The above link mentions http:// which isn't secure with basic auth.
Need a few things from here: 1) Base app is wordpress, already approved 2) Waiting :dchan's input for the security review on the theme 3) Need the actual theme's source control repo so we can deploy it 4) Don't see a point to SSL for this- the prod app doesn't need authentication, as I read it. If it does, we'll have to revise. We can throw this up on a dev site with auth+SSL, if that helps with secreview.
Flags: needinfo?(dchan+bugzilla)
Whiteboard: [triaged 20120824] → [triaged 20120824][waiting][appsec]
5) Any WP plugins needed for this?
(In reply to Jake Maul [:jakem] from comment #18) > 4) Don't see a point to SSL for this- the prod app doesn't need > authentication, as I read it. If it does, we'll have to revise. We can throw > this up on a dev site with auth+SSL, if that helps with secreview. I brought up SSL since LDAP over basic-auth was mentioned, but it looks like I misread the comment. Given that this site will be public and contain static data, there shouldn't be a need for logins. If that is the case, you can ignore the SSL advice. Aside from that, the app is good to go.
Flags: sec-review?(dchan+bugzilla)
Flags: sec-review+
Flags: needinfo?(dchan+bugzilla)
I should clarify that the wp-admin section of the site should follow best practices and use SSL.
Okay, I've got a basic Apache config added, as well as the base Wordpress app, and have added 'helpdesk.mozilla.com' to DNS. It should resolve in a few minutes. The app isn't going to work just yet, however... I still need to know the SVN / git repo that contains the actual theme, arranged in a proper "wp-content" layout. Something like this: http://svn.mozilla.org/projects/blog.mozilla.com/trunk/ or http://svn.mozilla.org/projects/hacks.mozilla.org/trunk/ If all you have is the actual skin in a tarball, we can start with that and build a proper wp-content repo around it. Once that's all done we can finish off configuring Wordpress in the usual way and hand it over to you. Thanks!
Flags: needinfo?
Priority: P3 → --
Whiteboard: [triaged 20120824][waiting][appsec] → [triaged 20120824]
There's no repo. The third-party deployed the code directly on an external VM and then I put it on desktop1.webapp.mtv1.mozilla.com. You can find there the database as well.
Flags: needinfo?
Thanks! I've got a tarball of it now. @Clarissa: do we have permission to make this theme publicly available (on svn.mozilla.org, most likely)? Or are we required to keep it private?
Flags: needinfo?(csorenson)
(In reply to Jake Maul [:jakem] from comment #24) I'm not sure. Let me look into it.
Flags: needinfo?(csorenson)
Keep it private as most of the information only applies to people with employee or foundation LDAP accounts.
I thought I replied to this, but I must not have hit submit. :( @timf: I'm talking about the WP theme itself. Historically Mozilla always makes these freely available, but this one was not developed in-house so I need to know under what license terms we acquired the theme, or if we own it outright. The site itself must be publicly accessible in order to satisfy the issues in comment 11 (for example, an article about how to reset your password is of no value if it requires a password to access). It's easier for us to keep it public anyway. @Clarissa, please let me know about the ownership/licensing of this theme. I don't want to launch this without making sure the theme is properly under revision control, and I can't do that (in good conscience) until I know that it's okay to do so. Thanks!
@tfairfield - we own the theme, right?
(In reply to Jake Maul [:jakem] from comment #27) I spoke with Tim and I checked the SOW from Zemoga (they designed the Word Press theme) and the theme was a deliverable that we paid for. We own it.
Great news! With this we have completed the site. You should be able to view it now... though of course there is no content in place. https://helpdesk.mozilla.com/ Clarissa and Tim, you should both have emails with login credentials. You're both admins, and can freely create login accounts for anyone else you need to have access for content maintenance. I'm going to resolve this bug, but if you have any trouble getting started with this, please let us know. Glad to finally get this off the ground! :)
Assignee: server-ops-webops → nmaul
Status: NEW → RESOLVED
Closed: 13 years ago
QA Contact: cshields → nmaul
Resolution: --- → FIXED
Thank you Jake!!
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.