Auth systems/Testing

Testing system Labs

 * Should emulate the major features of production
 * Ex:CentralAuth with SUL
 * Shared memcache
 * Master-slave db's (nice to have)

Updates
2013-03-29:
 * Databases and apaches set up. memcached seems to be working too
 * Three wikis set up: http://w1-oauth.wikipedia.wmflabs.org/w/, http://w2-oauth.wiktionary.wmflabs.org/w/, and http://login-oauth.mediawiki.wmflabs.org/w/.
 * CentralAuth extension is installed, seems to function at a basic level.

TODO

 * Create user accounts
 * Either get a second IP (needs a labs root to up the quota) or set up a simple squid to alternate between the two apaches.

Server setup
Dumping some notes here so I can remember how I did this. Someday this sort of thing should be puppetized somehow so it's easier.

SQL servers
 [mysqld] read-only    # Remove this on the master server-id = 1 # Set this different on each host
 * Create the instances, with the "sql" security group
 * Add "role::labs-mysql-server"
 * Create /etc/mysql/conf.d/local.cnf with the following contents:

bind_address = 0.0.0.0 log-bin sync_binlog = 1 binlog_format = statement log_slave_updates log_slow_queries long_query_time = 0.45
 * Create replication user:
 * CREATE USER 'repl'@'10.4.%.%' IDENTIFIED BY 'password';
 * GRANT REPLICATION SLAVE ON *.* TO 'repl'@'10.4.%.%';
 * Restart mysql
 * Do steps 4, 5, and 8 at https://dev.mysql.com/doc/refman/5.5/en/replication-howto-newservers.html
 * Restart mysql on the slave. Then "SHOW SLAVE STATUS" to see if it's working

Apache servers

 * Create the instances, with the "web" security group
 * Add "misc::deployment::scripts", "webserver::php5", "webserver::php5-mysql", "memcached"
 * If memcached is only listening on localhost, restart it
 * sudo apt-get install imagemagick php-apc
 * sudo mkdir /usr/local/apache
 * sudo ln -s /home/wikipedia/common/ /usr/local/apache/common-local
 * sudo ln -s /usr/local/apache /apache
 * sudo ln -s /usr/local/apache/common-local /usr/local/apache/common
 * sudo mkdir -p /srv/deployment/mediawiki
 * sudo ln -s /home/wikipedia/common/ /srv/deployment/mediawiki/common
 * Copy something resembling puppet's modules/mediawiki_singlenode/templates/simplewiki.wmflabs.org into /etc/apache2/sites-available/wiki, and symlink it from /etc/apache2/sites-enabled/
 * Probably wouldn't hurt to restart apache now
 * Set umask in /etc/bash.bashrc

Wikis

 * On oauth-sql01:
 * sudo mysql
 * CREATE DATABASE $WIKI;
 * GRANT ALL PRIVILEGES ON $WIKI.* TO 'mw'@'10.4.%.%';
 * On oauth-apache01:
 * Edit all-labs.dblist and wikiversions-labs.dblist
 * Run multiversion/refreshWikiversionsCDB
 * sudo mwscript eval.php --wiki $WIKI
 * $dbw = wfGetDB( DB_MASTER ); $dbw->sourceFile( '/home/wikipedia/common/php-master/maintenance/tables.sql' );
 * sudo mwscript update.php --wiki $WIKI --quick
 * Go to wikitech:Special:NovaAddress and add the hostname for the new wiki.