DaqWikiManagement: Difference between revisions
Jump to navigation
Jump to search
(9 intermediate revisions by the same user not shown) | |||
Line 18: | Line 18: | ||
</pre> | </pre> | ||
== Allow SVG files created by | == Allow SVG files created by draw.io == | ||
<pre> | <pre> | ||
add "http://www.w3.org/1999/xhtml" to permitted XML namespaces: | add "http://www.w3.org/1999/xhtml" to permitted XML namespaces: | ||
edit includes/upload/UploadBase.php add it to $validNamespaces in function checkSvgScriptCallback | edit includes/upload/UploadBase.php add it to $validNamespaces in function checkSvgScriptCallback | ||
</pre> | |||
read more here: https://phabricator.wikimedia.org/T138783 | |||
== Mitigate account request spam == | |||
after updating to mediawiki 1.39 I see account request spam on all our mediawiki instances. | |||
to mitigate: | |||
* disable email notification | |||
* set rejected and unapproved account expiration and purge time to 0. | |||
* systemctl restart apache2 | |||
* go and reject the first account request as spam, observe that all account requests have been erased/purged | |||
<pre> | |||
wfLoadExtension( 'ConfirmAccount' ); | |||
$wgGroupPermissions['*']['createaccount'] = false; // REQUIRED to enforce account requests via this extension | |||
$wgGroupPermissions['bureaucrat']['createaccount'] = true; // optional to allow account creation by this trusted user group | |||
# $wgGroupPermissions['bureaucrat']['confirmaccount-notify'] = true; // send email to all bureaucrats | |||
$wgConfirmAccountRequestFormItems['Biography']['enabled'] = false; | |||
$wgConfirmAccountRequestFormItems['CV']['enabled'] = false; | |||
$wgConfirmAccountRequestFormItems['Notes']['enabled'] = false; | |||
$wgConfirmAccountRequestFormItems['Links']['enabled'] = false; | |||
$wgConfirmAccountRequestFormItems['TermsOfService']['enabled'] = false; | |||
# $wgConfirmAccountContact='olchansk@triumf.ca'; | |||
$wgRejectedAccountMaxAge = 0; | |||
$wgConfirmAccountRejectAge = 0; | |||
</pre> | |||
== Update DaqWiki 1.39 to latest update == | |||
<pre> | |||
ssh root@daq00 | |||
cd ~daqweb/mediawiki/DaqWiki/core | |||
git fetch | |||
git pull | |||
cd skins/Vector; git pull | |||
cd extenstions/ConfirmAccount,LookupUser,UserMerge,WikiEditor,Math; git pull | |||
cd maintenance | |||
./update.php ### bombs, asks to run compser | |||
cd .. | |||
../../composer.phar update --no-dev ### updates a bunch of stuff | |||
cd maintenance | |||
./update.php ### does a bunch of stuff | |||
</pre> | </pre> | ||
Line 34: | Line 78: | ||
git fetch ### took a long time with several interruptions | git fetch ### took a long time with several interruptions | ||
git checkout REL1_39 | git checkout REL1_39 | ||
update extensions, | git submodule update | ||
update vendor (has to be done by hand? do not forget to git checkout REL1_39) | |||
update skins/Vector | |||
update extensions ConfirmAccount,UserMerge | |||
edit LocalSettings.php, add wfLoadExtension( 'ConfirmAccount' ); | |||
run composer | run composer | ||
run update.php | run update.php |
Latest revision as of 14:26, 4 January 2024
Links
- https://www.mediawiki.org/wiki/MediaWiki
- https://www.mediawiki.org/wiki/Version_lifecycle
- https://en.wikipedia.org/wiki/MediaWiki_version_history
- https://www.mediawiki.org/wiki/Manual:Backing_up_a_wiki
- https://www.mediawiki.org/wiki/Manual:Installation_guide
- https://www.mediawiki.org/wiki/Manual:$wgPasswordPolicy
Increase max file upload size
per https://www.mediawiki.org/wiki/Manual:Configuring_file_uploads edit /etc/php/8.1/apache2/php.ini set "upload_max_filesize" from "2M" to "20M" set "post_max_size" from "8M" to "80M" systemctl restart apache2
Allow SVG files created by draw.io
add "http://www.w3.org/1999/xhtml" to permitted XML namespaces: edit includes/upload/UploadBase.php add it to $validNamespaces in function checkSvgScriptCallback
read more here: https://phabricator.wikimedia.org/T138783
Mitigate account request spam
after updating to mediawiki 1.39 I see account request spam on all our mediawiki instances.
to mitigate:
- disable email notification
- set rejected and unapproved account expiration and purge time to 0.
- systemctl restart apache2
- go and reject the first account request as spam, observe that all account requests have been erased/purged
wfLoadExtension( 'ConfirmAccount' ); $wgGroupPermissions['*']['createaccount'] = false; // REQUIRED to enforce account requests via this extension $wgGroupPermissions['bureaucrat']['createaccount'] = true; // optional to allow account creation by this trusted user group # $wgGroupPermissions['bureaucrat']['confirmaccount-notify'] = true; // send email to all bureaucrats $wgConfirmAccountRequestFormItems['Biography']['enabled'] = false; $wgConfirmAccountRequestFormItems['CV']['enabled'] = false; $wgConfirmAccountRequestFormItems['Notes']['enabled'] = false; $wgConfirmAccountRequestFormItems['Links']['enabled'] = false; $wgConfirmAccountRequestFormItems['TermsOfService']['enabled'] = false; # $wgConfirmAccountContact='olchansk@triumf.ca'; $wgRejectedAccountMaxAge = 0; $wgConfirmAccountRejectAge = 0;
Update DaqWiki 1.39 to latest update
ssh root@daq00 cd ~daqweb/mediawiki/DaqWiki/core git fetch git pull cd skins/Vector; git pull cd extenstions/ConfirmAccount,LookupUser,UserMerge,WikiEditor,Math; git pull cd maintenance ./update.php ### bombs, asks to run compser cd .. ../../composer.phar update --no-dev ### updates a bunch of stuff cd maintenance ./update.php ### does a bunch of stuff
Update DaqWiki 1.35.5 to 1.39
ssh root@daq00 cd ~daqweb/mediawiki/DaqWiki rsync -av core/ core-1.35.5 cd core git fetch ### took a long time with several interruptions git checkout REL1_39 git submodule update update vendor (has to be done by hand? do not forget to git checkout REL1_39) update skins/Vector update extensions ConfirmAccount,UserMerge edit LocalSettings.php, add wfLoadExtension( 'ConfirmAccount' ); run composer run update.php
Update DaqWiki 1.27.7 to 1.35
move DaqWiki from ladd00 to daq00, update to current LTS version.
ssh daq00 2001 cd ~daqweb/mediawiki/ 2002 ls -l 2003 cd AgWiki/ 2004 ls -l 2005 cd .. 2006 ls -l 2007 cd DaqWiki/ 2008 ls -l 2009 rsync -av core/ core-1.27.7 ssh ladd00 993 cd ~daqweb/mediawiki/DaqWiki/core 996 mysqldump -h localhost -u DaqWikiUser -p DaqWiki > backup.sql ssh daq00 2015 mysql -p ### create DaqWiki, daqwikiuser ln -s /home/daqweb/mediawiki/DaqWiki/core /var/www/html/DaqWiki 2022 mysql -udaqwikiuser -p DaqWiki < backup.sql 2023 xemacs -nw LocalSettings.php 2024 git fetch 2025 git status 2026 git checkout REL1_35 2028 cd extensions/WikiEditor/ 2029 git fetch 2030 git checkout REL1_35 2031 cd ../.. 2033 cd skins/Vector 2034 git fetch 2035 git checkout REL1_35 2036 cd .. 2037 git fetch 2043 ../../composer.phar update ### composer 2.2.5 2044 cd maintenance/ 2045 ./update.php 2046 xemacs -nw ../LocalSettings.php 2047 ./update.php 2048 cd .. 2051 cd extensions/Math/ 2052 git fetch 2053 git checkout REL1_35 2054 cd .. 2055 cd LookupUser/ 2056 git fetch 2057 git checkout REL1_35 2058 cd ../UserMerge/ 2059 git fetch 2060 git checkout REL1_35 2061 cd ../ConfirmAccount/ 2062 git fetch 2063 git checkout REL1_35 2064 cd .. 2065 cd maintenance/ 2066 ./update.php
Update AgWiki 1.31 to 1.35
- ssh daq00, cd ~daqweb/mediawiki/AgWiki/core
- mv composer.json composer.json-1.31
- git fetch, git checkout REL1_35
- cd extensions/WikiEditor, git fetch, git checkout REL1_35
- cd skins/Vector, git fetch, git checkout REL1_35
- ../../composer.phar update ### composer version 2.2.5
- cd maintenance, run ./update.php ### does a lot of stuff
- cd extensions/{ConfirmAccount,UserMerge,Math}, git fetch, git checkout REL1_35
- cd maintenence, run ./update.php ### again
- agwiki version page reports correct version 1.35 and dates from Jan-Feb 2022 for all extensions, etc.
- add this to LocalSettings.php to disable the "create account" link on the login page
# disable "create account" - we should always go through "request account" $wgGroupPermissions['*']['createaccount'] = false;
Migrate and update (el7 to U-20.04)
Migrating AgWiki from daqstore (el7) to daq00 (U-20.04).
- rsync daqstore:/var/www/html/AgWiki to /home/daqweb/mediawiki/AgWiki/core
- rsync core to core-1.30 ### make a backup
- cd core
- git fetch
- refer to https://www.mediawiki.org/wiki/Version_lifecycle to decode which version to use
- upgrade path 1.30 -> 1.31 LTS -> 1.35 LTS
- mv composer.json composer.json-1.30
- git checkout REL1_31
- cd extensions/WikiEditor, git fetch, git checkout REL1_31
- cd skins/Vector, git fetch, git checkout REL1_31
- try to load https://daq00/AgWiki, error 500
- run composer update. composer version 2 bombs, composer version 1 bombs with php error
- ssh daqstore, cd ~daqweb/mediawiki/AgWiki/core, ../../composer.phar-1.2.2 update
- try to load https://daq00/AgWiki, php error: no viable database extension found for type 'mysql'
- apt install php-mysql, same error
- edit /etc/php/7.4/apache2/php.ini, uncomment "extension=mysqli", systemctl reload apache2
- try to load https://daq00/AgWiki, php error: Cannot access the database: No such file or directory (localhost), this is correct we did not copy/migrate the mysql database yet.
- ssh daqstore, mysqldump -h localhost -u aguser -p AgWiki > backup.sql
- apt install mariadb-server
- mysql_secure_installation ### accept all default answers
- try to load https://daq00/AgWiki, php error: Cannot access the database: Access denied for user 'aguser'@'localhost' (localhost), this is correct, we did not create the user
- per https://www.mediawiki.org/wiki/Manual:Installing_MediaWiki#MariaDB/MySQL
mysql -p MariaDB [(none)]> CREATE DATABASE AgWiki; MariaDB [(none)]> CREATE USER 'agwikiuser'@'localhost' IDENTIFIED BY 'agwikiuser123'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON AgWiki.* TO 'agwikiuser'@'localhost' WITH GRANT OPTION;
- edit mysql user and password on LocalSettings.php
- try to load https://daq00/AgWiki, php error: Error: 1146 Table 'AgWiki.l10n_cache' doesn't exist (localhost), this is correct we did not load the database contents yet
- mysql -uagwikiuser -p AgWiki < backup.sql
- cd maintenance, run update.php
- try to load https://daq00/AgWiki, main wiki page redirects to daqstore/AgWiki, not good.
- edit LocalSettings.php, change $wgServer to daq00
- try to load https://daq00/AgWiki, main wiki page loads, looks good.
- login works, version page looks ok
- update extensions:
- cd extensions/ConfirmAccount, git fetch, git checkout REL1_31
- cd extensions/UserMerge, git fetch, git checkout REL1_31
- cd extensions/Math, git fetch, git checkout REL1_31
- edit Localsettings.php, comment-out load NativeSvgHandler.php and SVGEdit.php
- agwiki version page still shows all versions of extensions, run maintenance/update.php, now it shows the updated versions. good.
- edit LocalSettings.php, update $wgEmergencyContact and $wgPasswordSender
Install (el7)
ssh ladd00 cd ~daqweb/mediawiki rsync -av DaqWiki daqstore:/var/www/html/ ssh daqstore cd /var/www/html mv DaqWiki/core AgWiki cd AgWiki git fetch git checkout REL1_30 cd skins/Vector git fetch git checkout REL1_30 cd extensions/WebEditor git fetch git checkout REL1_30 open https://daqstore.triumf.ca/AgWiki/ - should give an internal error, a php exception edit LocalSettings.php
do the composer stuff
get the composer: https://getcomposer.org/download/ cd AgWiki ../composer.phar update open https://daqstore.triumf.ca/AgWiki/ - should give an error - cannot connect to the database
configure mysql
yum install php71w-mysql rpm -q mariadb ### mariadb-5.5.56-2.el7.x86_64 systemctl enable mariadb systemctl start mariadb mysql_secure_installation # set root password # accept all default answers mysql -p ### enter the root password create database `AgWiki`; create user `agwiki` identified by `agwiki123`; GRANT USAGE ON *.* TO 'aguser'@localhost IDENTIFIED BY 'aguser123'; GRANT ALL privileges ON `AgWiki`.* TO 'aguser'@localhost; FLUSH PRIVILEGES; show grants for 'aguser'@localhost; exit enter these database settings to LocalSettings.php
configure mediawiki
get rid of (rename) LocalSettings.php open https://daqstore.triumf.ca/AgWiki/ follow the link to do the configuration answer all the questions answer all the additional questions save LocalSettings.php copy it to AgWiki open the wiki - login page should open, login normally got to special pages -> version update all the individual extensions: cd extensions/XXX git fetch git checkout REL1_30 ### as appropriate systemctl restart httpd reload the wiki version page
make images directory writable
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/AgWiki/images(/.*)?' restorecon -Rv /var/www/html/AgWiki/images ls -alZ /var/www/html/AgWiki/images/
additional selinux incantations
setsebool -P httpd_setrlimit 1
Misc
- MediaWiki:Sidebar edit the navigation side bar