From Wikitech
Jump to navigation Jump to search

Kinds of users

Labs Account Holders
Any user with an account on wikitech. Can be a member of a Labs project.
Labs End-Users
Any user that uses the product of any Labs project. For instance, a test reader or editor of the beta cluster.
Project Admin (projectadmin)
A projectadmin for a project is someone that can manage all resources within the project, such as instance creation/deletion, security group modification, floating IP address allocation, etc..

See also Help:Access#Rights.

Technical terms

Bastion host
An instance you use to access other instances. Most instances do not have floating IP addresses assigned, due to our shortage of public IPs. To access them, it's necessary to go through a bastion host an intermediary. For example is accessible by every Wikimedia Labs account holder who has been added to the bastion project. There are other bastion hosts, e.g. to access Tool Labs and the Beta cluster.
Floating IP
A public IP address that is associated to an instance via NAT. A floating IP address can be moved between instances at will. With a floating IP, you can add hostnames to the IP address to make public websites; without a floating IP, you need to use a proxy to access your web stuff.
A code review system that manages git repositories. Accounts in Labs are linked to Gerrit.
An instance is a virtual machine. We are using EC2/OpenStack terminology here. When creating a new instance, the user can decide how much memory and storage space the virtual machine will have. See Help:instances for more details.
(deprecated) On its own a terrible ambiguous term, always indicate which Labs labs labs you mean.
(obsolete) The wiki used to be known as the labsconsole.
the OpenStack software component that powers the virtualisation cluster. "Nova Resource" is a general term for a bunch of things (including instances); one of those things happens to be projects.
A collection of resources, like instances, security groups, floating IPs, Puppet groups, etc. A project is a security concept. It's a group of users, a subset of which are given extra permissions as defined by the role: projectadmin. Labs projects are meant to reflect real-world endeavors, like "tools" or "bots".
A configuration management system. When instances are created, they build themselves according to a set of rules (manifests, template, and files) defined by puppet.
Puppet groups
A collection of puppet variables and classes available for use with instances.
The place an instance is located in. For example if an instance is in "eqiad" it means that the instance is located on a virtual host server that is physically located at Wikimedia's Eqiad cluster in the Equinix data center near Washing Dulles International Airport (airport code IAD).
We'll be using saltstack for deployment soon, which works like fabric but more flexibly.
Security Group
A set of inbound firewall rules. Each group can have multiple rules, where each rule can be an individual rule (for example: allow tcp port 22 to the CIDR range), or a group rule (allow all traffic from the web group in the testlabs project).
SSH Keys
A pair of authentication keys that allows you to log into Wikimedia Labs instances without the need of having to constantly type in a password to enter. The public key is uploaded to Wikimedia Labs and a private key is stored in your own computer. When logging in, the two keys must match before access to an instance is granted (don't worry, it's usually automatic).
Sudo policy
A set of rules to limit the usage of the sudo command within instances of a project. Can be used to specifically limit some users.


Q: Why eqiad and pmtpa ?

A: Equinix IAD (Dulles Airport, Virginia) and Hostway/PowerMedium TPA (Tampa, Florida). Host names tend to be qualified by two letters for the hosting provider followed by the three-letter IATA code for the nearest airport.


  1. learn more about puppet