DaqWikiManagement: Difference between revisions
Jump to navigation
Jump to search
m (→Install (el7)) |
|||
(45 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
* https://www.mediawiki.org/wiki/MediaWiki | * https://www.mediawiki.org/wiki/MediaWiki | ||
* https://www.mediawiki.org/wiki/Version_lifecycle | |||
* https://en.wikipedia.org/wiki/MediaWiki_version_history | |||
* https://www.mediawiki.org/wiki/Manual:Backing_up_a_wiki | |||
* https://www.mediawiki.org/wiki/Manual:Installation_guide | |||
* https://www.mediawiki.org/wiki/Manual:$wgPasswordPolicy | |||
== Increase max file upload size == | |||
<pre> | |||
per https://www.mediawiki.org/wiki/Manual:Configuring_file_uploads | |||
edit /etc/php/8.1/apache2/php.ini | |||
set "upload_max_filesize" from "2M" to "20M" | |||
set "post_max_size" from "8M" to "80M" | |||
systemctl restart apache2 | |||
</pre> | |||
== Allow SVG files created by draw.io == | |||
<pre> | |||
add "http://www.w3.org/1999/xhtml" to permitted XML namespaces: | |||
edit includes/upload/UploadBase.php add it to $validNamespaces in function checkSvgScriptCallback | |||
</pre> | |||
read more here: https://phabricator.wikimedia.org/T138783 | |||
== Mitigate account request spam == | |||
after updating to mediawiki 1.39 I see account request spam on all our mediawiki instances. | |||
to mitigate: | |||
* disable email notification | |||
* set rejected and unapproved account expiration and purge time to 0. | |||
* systemctl restart apache2 | |||
* go and reject the first account request as spam, observe that all account requests have been erased/purged | |||
<pre> | |||
wfLoadExtension( 'ConfirmAccount' ); | |||
$wgGroupPermissions['*']['createaccount'] = false; // REQUIRED to enforce account requests via this extension | |||
$wgGroupPermissions['bureaucrat']['createaccount'] = true; // optional to allow account creation by this trusted user group | |||
# $wgGroupPermissions['bureaucrat']['confirmaccount-notify'] = true; // send email to all bureaucrats | |||
$wgConfirmAccountRequestFormItems['Biography']['enabled'] = false; | |||
$wgConfirmAccountRequestFormItems['CV']['enabled'] = false; | |||
$wgConfirmAccountRequestFormItems['Notes']['enabled'] = false; | |||
$wgConfirmAccountRequestFormItems['Links']['enabled'] = false; | |||
$wgConfirmAccountRequestFormItems['TermsOfService']['enabled'] = false; | |||
# $wgConfirmAccountContact='olchansk@triumf.ca'; | |||
$wgRejectedAccountMaxAge = 0; | |||
$wgConfirmAccountRejectAge = 0; | |||
</pre> | |||
== Update DaqWiki 1.39 to latest update == | |||
<pre> | |||
ssh root@daq00 | |||
cd ~daqweb/mediawiki/DaqWiki/core | |||
git fetch | |||
git pull | |||
cd skins/Vector; git pull | |||
cd extenstions/ConfirmAccount,LookupUser,UserMerge,WikiEditor,Math; git pull | |||
cd maintenance | |||
./update.php ### bombs, asks to run compser | |||
cd .. | |||
../../composer.phar update --no-dev ### updates a bunch of stuff | |||
cd maintenance | |||
./update.php ### does a bunch of stuff | |||
</pre> | |||
== Update DaqWiki 1.35.5 to 1.39 == | |||
<pre> | |||
ssh root@daq00 | |||
cd ~daqweb/mediawiki/DaqWiki | |||
rsync -av core/ core-1.35.5 | |||
cd core | |||
git fetch ### took a long time with several interruptions | |||
git checkout REL1_39 | |||
git submodule update | |||
update vendor (has to be done by hand? do not forget to git checkout REL1_39) | |||
update skins/Vector | |||
update extensions ConfirmAccount,UserMerge | |||
edit LocalSettings.php, add wfLoadExtension( 'ConfirmAccount' ); | |||
run composer | |||
run update.php | |||
</pre> | |||
== Update DaqWiki 1.27.7 to 1.35 == | |||
move DaqWiki from ladd00 to daq00, update to current LTS version. | |||
<pre> | |||
ssh daq00 | |||
2001 cd ~daqweb/mediawiki/ | |||
2002 ls -l | |||
2003 cd AgWiki/ | |||
2004 ls -l | |||
2005 cd .. | |||
2006 ls -l | |||
2007 cd DaqWiki/ | |||
2008 ls -l | |||
2009 rsync -av core/ core-1.27.7 | |||
ssh ladd00 | |||
993 cd ~daqweb/mediawiki/DaqWiki/core | |||
996 mysqldump -h localhost -u DaqWikiUser -p DaqWiki > backup.sql | |||
ssh daq00 | |||
2015 mysql -p ### create DaqWiki, daqwikiuser | |||
ln -s /home/daqweb/mediawiki/DaqWiki/core /var/www/html/DaqWiki | |||
2022 mysql -udaqwikiuser -p DaqWiki < backup.sql | |||
2023 xemacs -nw LocalSettings.php | |||
2024 git fetch | |||
2025 git status | |||
2026 git checkout REL1_35 | |||
2028 cd extensions/WikiEditor/ | |||
2029 git fetch | |||
2030 git checkout REL1_35 | |||
2031 cd ../.. | |||
2033 cd skins/Vector | |||
2034 git fetch | |||
2035 git checkout REL1_35 | |||
2036 cd .. | |||
2037 git fetch | |||
2043 ../../composer.phar update ### composer 2.2.5 | |||
2044 cd maintenance/ | |||
2045 ./update.php | |||
2046 xemacs -nw ../LocalSettings.php | |||
2047 ./update.php | |||
2048 cd .. | |||
2051 cd extensions/Math/ | |||
2052 git fetch | |||
2053 git checkout REL1_35 | |||
2054 cd .. | |||
2055 cd LookupUser/ | |||
2056 git fetch | |||
2057 git checkout REL1_35 | |||
2058 cd ../UserMerge/ | |||
2059 git fetch | |||
2060 git checkout REL1_35 | |||
2061 cd ../ConfirmAccount/ | |||
2062 git fetch | |||
2063 git checkout REL1_35 | |||
2064 cd .. | |||
2065 cd maintenance/ | |||
2066 ./update.php | |||
</pre> | |||
== Update AgWiki 1.31 to 1.35 == | |||
* ssh daq00, cd ~daqweb/mediawiki/AgWiki/core | |||
* mv composer.json composer.json-1.31 | |||
* git fetch, git checkout REL1_35 | |||
* cd extensions/WikiEditor, git fetch, git checkout REL1_35 | |||
* cd skins/Vector, git fetch, git checkout REL1_35 | |||
* ../../composer.phar update ### composer version 2.2.5 | |||
* cd maintenance, run ./update.php ### does a lot of stuff | |||
* cd extensions/{ConfirmAccount,UserMerge,Math}, git fetch, git checkout REL1_35 | |||
* cd maintenence, run ./update.php ### again | |||
* agwiki version page reports correct version 1.35 and dates from Jan-Feb 2022 for all extensions, etc. | |||
* add this to LocalSettings.php to disable the "create account" link on the login page | |||
<pre> | |||
# disable "create account" - we should always go through "request account" | |||
$wgGroupPermissions['*']['createaccount'] = false; | |||
</pre> | |||
== Migrate and update (el7 to U-20.04) == | |||
Migrating AgWiki from daqstore (el7) to daq00 (U-20.04). | |||
* rsync daqstore:/var/www/html/AgWiki to /home/daqweb/mediawiki/AgWiki/core | |||
* rsync core to core-1.30 ### make a backup | |||
* cd core | |||
* git fetch | |||
* refer to https://www.mediawiki.org/wiki/Version_lifecycle to decode which version to use | |||
* upgrade path 1.30 -> 1.31 LTS -> 1.35 LTS | |||
* mv composer.json composer.json-1.30 | |||
* git checkout REL1_31 | |||
* cd extensions/WikiEditor, git fetch, git checkout REL1_31 | |||
* cd skins/Vector, git fetch, git checkout REL1_31 | |||
* try to load https://daq00/AgWiki, error 500 | |||
* run composer update. composer version 2 bombs, composer version 1 bombs with php error | |||
* ssh daqstore, cd ~daqweb/mediawiki/AgWiki/core, ../../composer.phar-1.2.2 update | |||
* try to load https://daq00/AgWiki, php error: no viable database extension found for type 'mysql' | |||
* apt install php-mysql, same error | |||
* edit /etc/php/7.4/apache2/php.ini, uncomment "extension=mysqli", systemctl reload apache2 | |||
* try to load https://daq00/AgWiki, php error: Cannot access the database: No such file or directory (localhost), this is correct we did not copy/migrate the mysql database yet. | |||
* ssh daqstore, mysqldump -h localhost -u aguser -p AgWiki > backup.sql | |||
* apt install mariadb-server | |||
* mysql_secure_installation ### accept all default answers | |||
* try to load https://daq00/AgWiki, php error: Cannot access the database: Access denied for user 'aguser'@'localhost' (localhost), this is correct, we did not create the user | |||
* per https://www.mediawiki.org/wiki/Manual:Installing_MediaWiki#MariaDB/MySQL | |||
<pre> | |||
mysql -p | |||
MariaDB [(none)]> CREATE DATABASE AgWiki; | |||
MariaDB [(none)]> CREATE USER 'agwikiuser'@'localhost' IDENTIFIED BY 'agwikiuser123'; | |||
MariaDB [(none)]> GRANT ALL PRIVILEGES ON AgWiki.* TO 'agwikiuser'@'localhost' WITH GRANT OPTION; | |||
</pre> | |||
* edit mysql user and password on LocalSettings.php | |||
* try to load https://daq00/AgWiki, php error: Error: 1146 Table 'AgWiki.l10n_cache' doesn't exist (localhost), this is correct we did not load the database contents yet | |||
* mysql -uagwikiuser -p AgWiki < backup.sql | |||
* cd maintenance, run update.php | |||
* try to load https://daq00/AgWiki, main wiki page redirects to daqstore/AgWiki, not good. | |||
* edit LocalSettings.php, change $wgServer to daq00 | |||
* try to load https://daq00/AgWiki, main wiki page loads, looks good. | |||
* login works, version page looks ok | |||
* update extensions: | |||
* cd extensions/ConfirmAccount, git fetch, git checkout REL1_31 | |||
* cd extensions/UserMerge, git fetch, git checkout REL1_31 | |||
* cd extensions/Math, git fetch, git checkout REL1_31 | |||
* edit Localsettings.php, comment-out load NativeSvgHandler.php and SVGEdit.php | |||
* agwiki version page still shows all versions of extensions, run maintenance/update.php, now it shows the updated versions. good. | |||
* edit LocalSettings.php, update $wgEmergencyContact and $wgPasswordSender | |||
== Install (el7) == | == Install (el7) == | ||
Line 46: | Line 257: | ||
rpm -q mariadb ### mariadb-5.5.56-2.el7.x86_64 | rpm -q mariadb ### mariadb-5.5.56-2.el7.x86_64 | ||
systemctl enable mariadb | |||
systemctl start mariadb | systemctl start mariadb | ||
mysql_secure_installation | mysql_secure_installation | ||
# set root password | # set root password | ||
# accept all default answers | # accept all default answers | ||
mysql -p ### enter the root password | |||
create database `AgWiki`; | |||
create user `agwiki` identified by `agwiki123`; | |||
GRANT USAGE ON *.* TO 'aguser'@localhost IDENTIFIED BY 'aguser123'; | |||
GRANT ALL privileges ON `AgWiki`.* TO 'aguser'@localhost; | |||
FLUSH PRIVILEGES; | |||
show grants for 'aguser'@localhost; | |||
exit | |||
enter these database settings to LocalSettings.php | |||
</pre> | |||
configure mediawiki | |||
<pre> | |||
get rid of (rename) LocalSettings.php | |||
open https://daqstore.triumf.ca/AgWiki/ | |||
follow the link to do the configuration | |||
answer all the questions | |||
answer all the additional questions | |||
save LocalSettings.php | |||
copy it to AgWiki | |||
open the wiki - login page should open, login normally | |||
got to special pages -> version | |||
update all the individual extensions: | |||
cd extensions/XXX | |||
git fetch | |||
git checkout REL1_30 ### as appropriate | |||
systemctl restart httpd | |||
reload the wiki version page | |||
</pre> | |||
make images directory writable | |||
<pre> | |||
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/AgWiki/images(/.*)?' | |||
restorecon -Rv /var/www/html/AgWiki/images | |||
ls -alZ /var/www/html/AgWiki/images/ | |||
</pre> | |||
additional selinux incantations | |||
<pre> | |||
setsebool -P httpd_setrlimit 1 | |||
</pre> | </pre> | ||
Latest revision as of 14:26, 4 January 2024
Links
- https://www.mediawiki.org/wiki/MediaWiki
- https://www.mediawiki.org/wiki/Version_lifecycle
- https://en.wikipedia.org/wiki/MediaWiki_version_history
- https://www.mediawiki.org/wiki/Manual:Backing_up_a_wiki
- https://www.mediawiki.org/wiki/Manual:Installation_guide
- https://www.mediawiki.org/wiki/Manual:$wgPasswordPolicy
Increase max file upload size
per https://www.mediawiki.org/wiki/Manual:Configuring_file_uploads edit /etc/php/8.1/apache2/php.ini set "upload_max_filesize" from "2M" to "20M" set "post_max_size" from "8M" to "80M" systemctl restart apache2
Allow SVG files created by draw.io
add "http://www.w3.org/1999/xhtml" to permitted XML namespaces: edit includes/upload/UploadBase.php add it to $validNamespaces in function checkSvgScriptCallback
read more here: https://phabricator.wikimedia.org/T138783
Mitigate account request spam
after updating to mediawiki 1.39 I see account request spam on all our mediawiki instances.
to mitigate:
- disable email notification
- set rejected and unapproved account expiration and purge time to 0.
- systemctl restart apache2
- go and reject the first account request as spam, observe that all account requests have been erased/purged
wfLoadExtension( 'ConfirmAccount' ); $wgGroupPermissions['*']['createaccount'] = false; // REQUIRED to enforce account requests via this extension $wgGroupPermissions['bureaucrat']['createaccount'] = true; // optional to allow account creation by this trusted user group # $wgGroupPermissions['bureaucrat']['confirmaccount-notify'] = true; // send email to all bureaucrats $wgConfirmAccountRequestFormItems['Biography']['enabled'] = false; $wgConfirmAccountRequestFormItems['CV']['enabled'] = false; $wgConfirmAccountRequestFormItems['Notes']['enabled'] = false; $wgConfirmAccountRequestFormItems['Links']['enabled'] = false; $wgConfirmAccountRequestFormItems['TermsOfService']['enabled'] = false; # $wgConfirmAccountContact='olchansk@triumf.ca'; $wgRejectedAccountMaxAge = 0; $wgConfirmAccountRejectAge = 0;
Update DaqWiki 1.39 to latest update
ssh root@daq00 cd ~daqweb/mediawiki/DaqWiki/core git fetch git pull cd skins/Vector; git pull cd extenstions/ConfirmAccount,LookupUser,UserMerge,WikiEditor,Math; git pull cd maintenance ./update.php ### bombs, asks to run compser cd .. ../../composer.phar update --no-dev ### updates a bunch of stuff cd maintenance ./update.php ### does a bunch of stuff
Update DaqWiki 1.35.5 to 1.39
ssh root@daq00 cd ~daqweb/mediawiki/DaqWiki rsync -av core/ core-1.35.5 cd core git fetch ### took a long time with several interruptions git checkout REL1_39 git submodule update update vendor (has to be done by hand? do not forget to git checkout REL1_39) update skins/Vector update extensions ConfirmAccount,UserMerge edit LocalSettings.php, add wfLoadExtension( 'ConfirmAccount' ); run composer run update.php
Update DaqWiki 1.27.7 to 1.35
move DaqWiki from ladd00 to daq00, update to current LTS version.
ssh daq00 2001 cd ~daqweb/mediawiki/ 2002 ls -l 2003 cd AgWiki/ 2004 ls -l 2005 cd .. 2006 ls -l 2007 cd DaqWiki/ 2008 ls -l 2009 rsync -av core/ core-1.27.7 ssh ladd00 993 cd ~daqweb/mediawiki/DaqWiki/core 996 mysqldump -h localhost -u DaqWikiUser -p DaqWiki > backup.sql ssh daq00 2015 mysql -p ### create DaqWiki, daqwikiuser ln -s /home/daqweb/mediawiki/DaqWiki/core /var/www/html/DaqWiki 2022 mysql -udaqwikiuser -p DaqWiki < backup.sql 2023 xemacs -nw LocalSettings.php 2024 git fetch 2025 git status 2026 git checkout REL1_35 2028 cd extensions/WikiEditor/ 2029 git fetch 2030 git checkout REL1_35 2031 cd ../.. 2033 cd skins/Vector 2034 git fetch 2035 git checkout REL1_35 2036 cd .. 2037 git fetch 2043 ../../composer.phar update ### composer 2.2.5 2044 cd maintenance/ 2045 ./update.php 2046 xemacs -nw ../LocalSettings.php 2047 ./update.php 2048 cd .. 2051 cd extensions/Math/ 2052 git fetch 2053 git checkout REL1_35 2054 cd .. 2055 cd LookupUser/ 2056 git fetch 2057 git checkout REL1_35 2058 cd ../UserMerge/ 2059 git fetch 2060 git checkout REL1_35 2061 cd ../ConfirmAccount/ 2062 git fetch 2063 git checkout REL1_35 2064 cd .. 2065 cd maintenance/ 2066 ./update.php
Update AgWiki 1.31 to 1.35
- ssh daq00, cd ~daqweb/mediawiki/AgWiki/core
- mv composer.json composer.json-1.31
- git fetch, git checkout REL1_35
- cd extensions/WikiEditor, git fetch, git checkout REL1_35
- cd skins/Vector, git fetch, git checkout REL1_35
- ../../composer.phar update ### composer version 2.2.5
- cd maintenance, run ./update.php ### does a lot of stuff
- cd extensions/{ConfirmAccount,UserMerge,Math}, git fetch, git checkout REL1_35
- cd maintenence, run ./update.php ### again
- agwiki version page reports correct version 1.35 and dates from Jan-Feb 2022 for all extensions, etc.
- add this to LocalSettings.php to disable the "create account" link on the login page
# disable "create account" - we should always go through "request account" $wgGroupPermissions['*']['createaccount'] = false;
Migrate and update (el7 to U-20.04)
Migrating AgWiki from daqstore (el7) to daq00 (U-20.04).
- rsync daqstore:/var/www/html/AgWiki to /home/daqweb/mediawiki/AgWiki/core
- rsync core to core-1.30 ### make a backup
- cd core
- git fetch
- refer to https://www.mediawiki.org/wiki/Version_lifecycle to decode which version to use
- upgrade path 1.30 -> 1.31 LTS -> 1.35 LTS
- mv composer.json composer.json-1.30
- git checkout REL1_31
- cd extensions/WikiEditor, git fetch, git checkout REL1_31
- cd skins/Vector, git fetch, git checkout REL1_31
- try to load https://daq00/AgWiki, error 500
- run composer update. composer version 2 bombs, composer version 1 bombs with php error
- ssh daqstore, cd ~daqweb/mediawiki/AgWiki/core, ../../composer.phar-1.2.2 update
- try to load https://daq00/AgWiki, php error: no viable database extension found for type 'mysql'
- apt install php-mysql, same error
- edit /etc/php/7.4/apache2/php.ini, uncomment "extension=mysqli", systemctl reload apache2
- try to load https://daq00/AgWiki, php error: Cannot access the database: No such file or directory (localhost), this is correct we did not copy/migrate the mysql database yet.
- ssh daqstore, mysqldump -h localhost -u aguser -p AgWiki > backup.sql
- apt install mariadb-server
- mysql_secure_installation ### accept all default answers
- try to load https://daq00/AgWiki, php error: Cannot access the database: Access denied for user 'aguser'@'localhost' (localhost), this is correct, we did not create the user
- per https://www.mediawiki.org/wiki/Manual:Installing_MediaWiki#MariaDB/MySQL
mysql -p MariaDB [(none)]> CREATE DATABASE AgWiki; MariaDB [(none)]> CREATE USER 'agwikiuser'@'localhost' IDENTIFIED BY 'agwikiuser123'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON AgWiki.* TO 'agwikiuser'@'localhost' WITH GRANT OPTION;
- edit mysql user and password on LocalSettings.php
- try to load https://daq00/AgWiki, php error: Error: 1146 Table 'AgWiki.l10n_cache' doesn't exist (localhost), this is correct we did not load the database contents yet
- mysql -uagwikiuser -p AgWiki < backup.sql
- cd maintenance, run update.php
- try to load https://daq00/AgWiki, main wiki page redirects to daqstore/AgWiki, not good.
- edit LocalSettings.php, change $wgServer to daq00
- try to load https://daq00/AgWiki, main wiki page loads, looks good.
- login works, version page looks ok
- update extensions:
- cd extensions/ConfirmAccount, git fetch, git checkout REL1_31
- cd extensions/UserMerge, git fetch, git checkout REL1_31
- cd extensions/Math, git fetch, git checkout REL1_31
- edit Localsettings.php, comment-out load NativeSvgHandler.php and SVGEdit.php
- agwiki version page still shows all versions of extensions, run maintenance/update.php, now it shows the updated versions. good.
- edit LocalSettings.php, update $wgEmergencyContact and $wgPasswordSender
Install (el7)
ssh ladd00 cd ~daqweb/mediawiki rsync -av DaqWiki daqstore:/var/www/html/ ssh daqstore cd /var/www/html mv DaqWiki/core AgWiki cd AgWiki git fetch git checkout REL1_30 cd skins/Vector git fetch git checkout REL1_30 cd extensions/WebEditor git fetch git checkout REL1_30 open https://daqstore.triumf.ca/AgWiki/ - should give an internal error, a php exception edit LocalSettings.php
do the composer stuff
get the composer: https://getcomposer.org/download/ cd AgWiki ../composer.phar update open https://daqstore.triumf.ca/AgWiki/ - should give an error - cannot connect to the database
configure mysql
yum install php71w-mysql rpm -q mariadb ### mariadb-5.5.56-2.el7.x86_64 systemctl enable mariadb systemctl start mariadb mysql_secure_installation # set root password # accept all default answers mysql -p ### enter the root password create database `AgWiki`; create user `agwiki` identified by `agwiki123`; GRANT USAGE ON *.* TO 'aguser'@localhost IDENTIFIED BY 'aguser123'; GRANT ALL privileges ON `AgWiki`.* TO 'aguser'@localhost; FLUSH PRIVILEGES; show grants for 'aguser'@localhost; exit enter these database settings to LocalSettings.php
configure mediawiki
get rid of (rename) LocalSettings.php open https://daqstore.triumf.ca/AgWiki/ follow the link to do the configuration answer all the questions answer all the additional questions save LocalSettings.php copy it to AgWiki open the wiki - login page should open, login normally got to special pages -> version update all the individual extensions: cd extensions/XXX git fetch git checkout REL1_30 ### as appropriate systemctl restart httpd reload the wiki version page
make images directory writable
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/AgWiki/images(/.*)?' restorecon -Rv /var/www/html/AgWiki/images ls -alZ /var/www/html/AgWiki/images/
additional selinux incantations
setsebool -P httpd_setrlimit 1
Misc
- MediaWiki:Sidebar edit the navigation side bar