Novem Linguae and Roy – thank you both for your insights. Yes, app-level logging/monitoring could be much better, for sure. And Toolforge is far from intuitive for the average user. We are currently working on new features that will ultimately make Toolforge easier to use, similar to other PaaS offerings out there like Heroku, where users basically just have to point to a repo hosted on GitHub or other VCS, maybe add some config. Hearing which specific things irk people is useful.
-- Slavina Stefanova (she/her) Software Engineer - Technical Engagement Wikimedia Foundation On Wed, Sep 7, 2022 at 11:16 PM Roy Smith <[email protected]> wrote: > On Sep 7, 2022, at 4:50 PM, [email protected] wrote: > > > - FTP programs that aren't WinSCP with "environment -> SFTP -> server -> > sudo -u tools.novem-bot /usr/lib/sftp-server" configured appear to the user > to work, but create some hard-to-track-down bugs because files have the > wrong owner. For example I tried using FileZilla Client before I found the > tutorial. > > > My take on this is that Toolforge is unabashedly a linux environment. If > there's some incompatibility with a Windows app, that's not toolforge's > problem. I log into toolforge with this alias: > > alias spi-tools-dev='ssh -t dev.toolforge.org tmux new -A -s > spi-tools-dev become spi-tools-dev' > > > As needed, I set up port tunnels with things like: > > alias tunnel='ssh -t dev.toolforge.org -L 23002:localhost:23002 become > spi-experiments' > > > And likewise I can move files in and out with scp. I agree that there's a > learning curve to all this ssh stuff (including the associated key > management), but hiding that beneath a cPanel veneer just makes it all the > more mysterious because you're never really sure what's going on. If > you're going to develop in a linux environment, invest the time to learn > the linux tools. > > Suggested fix: give a separate login for each tool folder, so that you > don't have to sudo > > > Logging in as a person. then gaining some specific additional set of > rights with sudo (the "become" utility is really just a thin wrapper around > sudo) maintains the appropriate distinction between authentication (who you > are) and authorization (what you're allowed to do). If each tool had its > own login, then how would multiple people maintain the tool? They'd have > to share the password to the account. That's not a good plan. > > > _______________________________________________ > Wikitech-l mailing list -- [email protected] > To unsubscribe send an email to [email protected] > https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
_______________________________________________ Wikitech-l mailing list -- [email protected] To unsubscribe send an email to [email protected] https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
