Closed
Bug 941851
Opened 11 years ago
Closed 11 years ago
Need server for Firefox OS CRB website
Categories
(Infrastructure & Operations Graveyard :: WebOps: Engagement, task)
Infrastructure & Operations Graveyard
WebOps: Engagement
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: cmore, Assigned: cturra)
References
(Blocks 1 open bug)
Details
Per bug 941699, we need to quickly standup a website for an external business relation / product marketing initiative that is called the Firefox OS Certification Review Board. This site needs to launch on 2013-12-03 and that means we have very little time to build and deploy the website. The 2013-12-03 website is going to be a static HTML/CSS 5-page website with very little traffic. There will be no application framework for this release and thus the server doesn't need to be extremely powerful. What we need a server with credential that we can provide to our private contractors to push HTML updates to the website. A Ubuntu server on AWS or another provide should be suffice. The domain openwebdevice.org will need to be pointed to this server for launch. I will file another bug to have DNS changed for the domain.
|
Reporter | |
Comment 1•11 years ago
|
||
I talked to jakem and he said PaaS is ready for production and these static pages should be fine. We can create community ldap accounts for Caktus to get access to the server. Ben: any issues with moving forward now with PaaS?
Flags: needinfo?(booboobenny+bugzilla)
|
||
Comment 2•11 years ago
|
||
Talked to :cmore in IRC about this. There's 2 obvious ways forward, and a couple other possibilities outside of that. 1) Stackato. We can host static content (takes a magic line in the stackato.yml file, but I've done it... it works). Private contractors will need community LDAP accounts, which is something I don't know that we've tested heavily in Stackato... should work, but just need to verify the LDAP search string is usable. :cmore will be opening bugs to have these LDAP accounts created. Barring any unforeseen problems here, this is what we're going to aim for. 2) If that falls through somehow, another option might be to have the contractors commit the code to a git or svn repo somewhere, which we would then auto-deploy on one of our clusters (generic or static) every few minutes. Pretty straightforward, but no direct server access. 3) As a final option, we could look at spinning up a dedicated VM (or maybe simpler, an EC2 instance) and simply hand over the keys. It's more like what you're asking for, but has the downside that IT wouldn't really manage it very much. It'd be your own personal snowflake... to have and to hold, in sickness and in health, etc. We don't have a good model for co-managing stuff like this yet. PaaS is production now, but IaaS isn't yet.
|
||
Comment 3•11 years ago
|
||
#1 looks ideal to me and I agree - let's move forward with that plan. If there are any issues with community ldap accounts, one of us can push this content live. For R1 it's static html.
Flags: needinfo?(booboobenny+bugzilla)
|
|
Reporter | |
Comment 4•11 years ago
|
||
I filed bug 943453 for the community ldap accounts. jakem, let me know if that is the right component. As for the #1 Stackato option, that is all self-service, right and there is nothing more you would need to do outside of the community ldap accounts? Thanks, Chris
|
|
Reporter | |
Updated•11 years ago
|
Flags: needinfo?(nmaul)
|
Assignee | |
Comment 5•11 years ago
|
||
there would be a little involvement from us (webops) to setup the correct DNS records to point to the production paas. this website/application should also get a quick security review. since the site sounds mostly static, i would expect that could be turned around promptly.
|
||
Updated•11 years ago
|
Flags: sec-review?
|
|
||
Comment 6•11 years ago
|
||
For the secreview, is there a dev/staging site we can already poke at?
|
|
Reporter | |
Comment 7•11 years ago
|
||
(In reply to Chris Turra [:cturra] from comment #5) > there would be a little involvement from us (webops) to setup the correct > DNS records to point to the production paas. this website/application should > also get a quick security review. since the site sounds mostly static, i > would expect that could be turned around promptly. What's the deal with -dev? If it is not available now, we will have to find another option like a S3 server.
|
|
Reporter | |
Comment 8•11 years ago
|
||
We may do a server on rackspace if PaaS is not available.
|
|
Assignee | |
Comment 9•11 years ago
|
||
(In reply to Chris More [:cmore] from comment #8) > We may do a server on rackspace if PaaS is not available. the current stackato dev cluster is available, but running into resource constraints due to active usage. rather than upgrading the existing cluster, since it's many versions behind, i am actively building a new dev cluster. this new dev cluster is being built in the same way and with the same version of stackato as production. you can follow the ongoing work there in bug 942253.
Flags: needinfo?(nmaul)
|
|
Reporter | |
Comment 10•11 years ago
|
||
Cturra/jakem: ok, let's go with option 2 from comment 2. Here is the code on github: https://github.com/caktus/mozilla-flask-crb Pull the master branch and set the documentroot to the "build" directory. Can we possibly get a server up and a cron job to pull the code to the server once an hour by Dec. 3rd? This is static content and no functionality. If this can't be done in this timeline, we will go external and purchase a server, but I would rather work internal.
Flags: needinfo?(nmaul)
|
|
Assignee | |
Comment 11•11 years ago
|
||
(In reply to Julien Vehent [:ulfr] from comment #6) > For the secreview, is there a dev/staging site we can already poke at? since you can find the code at https://github.com/caktus/mozilla-flask-crb, i wonder if we could do the review with just that? then, we can still go the route of the production paas. in theory, we can "stage" the code there for review and not open it up externally. what that would look like is pushing to the prod paas, then adding a hosts entry to the APP_NAME.paas.mozilla.org for testing. what are your thoughts about this approach? ideally, i want to see this go paas.
Flags: needinfo?(nmaul) → needinfo?(jvehent)
|
|
Reporter | |
Comment 12•11 years ago
|
||
The flask app is not the website. The python-based flask app is just help aid the creation of the static html files from a local perspective. The flask app will publish html files into the build directory. There will be 5 html pages with no input fields and just text with bullets. About the most simple website for now and then in Q1, we will have a real system on better infrastructure and all internal parties will be involved. This whole setup will be deleted in Q1 once we start building the Django CMS-based system. Whatever we need to do to get this bug resolved by Dec 3rd and the DNS adjusted for bug 941853. Thanks!
|
|
||
Comment 13•11 years ago
|
||
Looks good to me. That's a perfect use case for PaaS. Probably close to zero risk since there will be no inputs.
Flags: needinfo?(jvehent)
|
||
Comment 14•11 years ago
|
||
Assuming there is no user data or integrations with 3rd party services, and no server side code, then there is no need to do an AppSec review. Cheers, Yvan
|
|
||
Updated•11 years ago
|
Flags: sec-review? → sec-review-
|
|
Assignee | |
Comment 15•11 years ago
|
||
excellent, thanks for the feedback :ulfr and :yvan. :cmore - lets move forward with this going on the prod paas. the environment is there and ready to use. with the stackato client, you simply need to: $ stackato target api.paas.mozilla.org $ stackato login once you have pushed your application, let me know and i can help you sort out DNS.
Flags: needinfo?(chrismore.bugzilla)
OS: Mac OS X → All
Hardware: x86 → All
|
|
Reporter | |
Comment 16•11 years ago
|
||
(In reply to Chris Turra [:cturra] from comment #15) > excellent, thanks for the feedback :ulfr and :yvan. > > :cmore - lets move forward with this going on the prod paas. the environment > is there and ready to use. with the stackato client, you simply need to: > > $ stackato target api.paas.mozilla.org > $ stackato login > > > once you have pushed your application, let me know and i can help you sort > out DNS. Can we set up stackato to pull from github on a regular basis or will I need to manually push with each release? The people who will be updating these pages are my contractors and I need to minimize being the middle man for this right R1 release.
Flags: needinfo?(chrismore.bugzilla) → needinfo?(cturra)
|
|
Assignee | |
Comment 17•11 years ago
|
||
(In reply to Chris More [:cmore] from comment #16) > > Can we set up stackato to pull from github on a regular basis or will I need > to manually push with each release? The people who will be updating these > pages are my contractors and I need to minimize being the middle man for > this right R1 release. you should be able to add that as a cron to your application in stackato. more about crons can be found at the following locations: http://docs.stackato.com/reference/stackatoyml.html#stackato-yml-cron http://docs.stackato.com/deploy/index.html#deploy-crontab
Flags: needinfo?(cturra)
|
||
Comment 18•11 years ago
|
||
I've pushed the owb-crb app to the prod paas env with using https://github.com/jgmize/owb-crb/blob/master/stackato.yml -- I verified as best I could using "curl -v localhost:3000" in a stackato ssh session, and the cron jobs appear to be running, so I think we're ready for the DNS mapping.
Flags: needinfo?(cturra)
|
|
Assignee | |
Updated•11 years ago
|
Assignee: server-ops-webops → cturra
Flags: needinfo?(cturra)
|
|
Assignee | |
Comment 19•11 years ago
|
||
i just submitted a pull request to update your stackato.yml file to include the domain URLs. https://github.com/jgmize/owb-crb/pull/1
|
|
||
Comment 20•11 years ago
|
||
Thanks :cturra, I've merged your PR and pushed the new version to the owd-crb app on the prod paas.
|
|
Assignee | |
Comment 21•11 years ago
|
||
DNS now pointing to the prod paas zlb and everything looks good :) $ dig +short openwebdevice.org 63.245.215.94 $ dig +short www.openwebdevice.org paas-prod-zlb.vips.scl3.mozilla.com. 63.245.215.94 $ curl -I openwebdevice.org HTTP/1.1 200 OK server: SimpleHTTP/0.6 Python/2.7.2 date: Mon, 02 Dec 2013 19:01:46 GMT content-type: text/html content-length: 4525 last-modified: Mon, 02 Dec 2013 18:21:18 GMT connection: keep-alive $ curl -I www.openwebdevice.org HTTP/1.1 200 OK server: SimpleHTTP/0.6 Python/2.7.2 date: Mon, 02 Dec 2013 19:01:42 GMT content-type: text/html content-length: 4525 last-modified: Mon, 02 Dec 2013 18:21:18 GMT connection: keep-alive
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Comment 22•11 years ago
|
||
(In reply to Chris Turra [:cturra] from comment #21) > DNS now pointing to the prod paas zlb and everything looks good :) > > $ dig +short openwebdevice.org > 63.245.215.94 > > $ dig +short www.openwebdevice.org > paas-prod-zlb.vips.scl3.mozilla.com. > 63.245.215.94 > > $ curl -I openwebdevice.org > HTTP/1.1 200 OK > server: SimpleHTTP/0.6 Python/2.7.2 > date: Mon, 02 Dec 2013 19:01:46 GMT > content-type: text/html > content-length: 4525 > last-modified: Mon, 02 Dec 2013 18:21:18 GMT > connection: keep-alive > > $ curl -I www.openwebdevice.org > HTTP/1.1 200 OK > server: SimpleHTTP/0.6 Python/2.7.2 > date: Mon, 02 Dec 2013 19:01:42 GMT > content-type: text/html > content-length: 4525 > last-modified: Mon, 02 Dec 2013 18:21:18 GMT > connection: keep-alive Can you make www.openwebdevice.org 301 redirect to openwebdevice.org so that there is only a single 200ok domain?
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
Assignee | |
Comment 23•11 years ago
|
||
(In reply to Chris More [:cmore] from comment #22) > > Can you make www.openwebdevice.org 301 redirect to openwebdevice.org so that > there is only a single 200ok domain? that should be done within the app. i simply put in place the DNS records to point the domain to the production paas. :jgmize - do you want to grab this action item?
Flags: needinfo?(jmize)
|
|
Reporter | |
Comment 24•11 years ago
|
||
(In reply to Chris Turra [:cturra] from comment #23) > (In reply to Chris More [:cmore] from comment #22) > > > > Can you make www.openwebdevice.org 301 redirect to openwebdevice.org so that > > there is only a single 200ok domain? > > that should be done within the app. i simply put in place the DNS records to > point the domain to the production paas. :jgmize - do you want to grab this > action item? Ok, cool. What about adding a hashed password for the site until it is ready so that the press doesn't pick it up right now? Is that your side or the app side?
|
|
Assignee | |
Comment 25•11 years ago
|
||
(In reply to Chris More [:cmore] from comment #24) > > Ok, cool. What about adding a hashed password for the site until it is ready > so that the press doesn't pick it up right now? Is that your side or the app > side? now that DNS is in place, all action items can be done directly through the app. with the paas, you guys now have full control :)
|
|
Reporter | |
Comment 26•11 years ago
|
||
Thanks! jgmize: can you get a password setup on the website and www. redirect to openwebdevice.org? thx!
|
|
Assignee | |
Comment 28•11 years ago
|
||
i am going to close this bug off again since i believe :jgmize has everything under control with the app and the paas environment is functioning as expected for this project :)
Status: REOPENED → RESOLVED
Closed: 11 years ago → 11 years ago
Resolution: --- → FIXED
Blocks: 1143923
|
||
Updated•8 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•