DaqWikiManagement: Difference between revisions

From DaqWiki
Jump to navigation Jump to search
 
(30 intermediate revisions by the same user not shown)
Line 6: Line 6:
* https://www.mediawiki.org/wiki/Manual:Backing_up_a_wiki
* https://www.mediawiki.org/wiki/Manual:Backing_up_a_wiki
* https://www.mediawiki.org/wiki/Manual:Installation_guide
* https://www.mediawiki.org/wiki/Manual:Installation_guide
* https://www.mediawiki.org/wiki/Manual:$wgPasswordPolicy
== Increase max file upload size ==
<pre>
per https://www.mediawiki.org/wiki/Manual:Configuring_file_uploads
edit /etc/php/8.1/apache2/php.ini
set "upload_max_filesize" from "2M" to "20M"
set "post_max_size" from "8M" to "80M"
systemctl restart apache2
</pre>
== Allow SVG files created by draw.io ==
<pre>
add "http://www.w3.org/1999/xhtml" to permitted XML namespaces:
edit includes/upload/UploadBase.php add it to $validNamespaces in function checkSvgScriptCallback
</pre>
read more here: https://phabricator.wikimedia.org/T138783
== Mitigate account request spam ==
after updating to mediawiki 1.39 I see account request spam on all our mediawiki instances.
to mitigate:
* disable email notification
* set rejected and unapproved account expiration and purge time to 0.
* systemctl restart apache2
* go and reject the first account request as spam, observe that all account requests have been erased/purged
<pre>
wfLoadExtension( 'ConfirmAccount' );
$wgGroupPermissions['*']['createaccount'] = false; // REQUIRED to enforce account requests via this extension
$wgGroupPermissions['bureaucrat']['createaccount'] = true; // optional to allow account creation by this trusted user group
# $wgGroupPermissions['bureaucrat']['confirmaccount-notify'] = true; // send email to all bureaucrats
$wgConfirmAccountRequestFormItems['Biography']['enabled'] = false;
$wgConfirmAccountRequestFormItems['CV']['enabled'] = false;
$wgConfirmAccountRequestFormItems['Notes']['enabled'] = false;
$wgConfirmAccountRequestFormItems['Links']['enabled'] = false;
$wgConfirmAccountRequestFormItems['TermsOfService']['enabled'] = false;
# $wgConfirmAccountContact='olchansk@triumf.ca';
$wgRejectedAccountMaxAge = 0;
$wgConfirmAccountRejectAge = 0;
</pre>
== Update DaqWiki 1.39 to latest update ==
<pre>
ssh root@daq00
cd ~daqweb/mediawiki/DaqWiki/core
git fetch
git pull
cd skins/Vector; git pull
cd extenstions/ConfirmAccount,LookupUser,UserMerge,WikiEditor,Math; git pull
cd maintenance
./update.php ### bombs, asks to run compser
cd ..
../../composer.phar update --no-dev ### updates a bunch of stuff
cd maintenance
./update.php ### does a bunch of stuff
</pre>
== Update DaqWiki 1.35.5 to 1.39 ==
<pre>
ssh root@daq00
cd ~daqweb/mediawiki/DaqWiki
rsync -av core/ core-1.35.5
cd core
git fetch ### took a long time with several interruptions
git checkout REL1_39
git submodule update
update vendor (has to be done by hand? do not forget to git checkout REL1_39)
update skins/Vector
update extensions ConfirmAccount,UserMerge
edit LocalSettings.php, add wfLoadExtension( 'ConfirmAccount' );
run composer
run update.php
</pre>
== Update DaqWiki 1.27.7 to 1.35 ==
move DaqWiki from ladd00 to daq00, update to current LTS version.
<pre>
      ssh daq00
2001  cd ~daqweb/mediawiki/
2002  ls -l
2003  cd AgWiki/
2004  ls -l
2005  cd ..
2006  ls -l
2007  cd DaqWiki/
2008  ls -l
2009  rsync -av core/ core-1.27.7
      ssh ladd00
  993  cd ~daqweb/mediawiki/DaqWiki/core
  996  mysqldump -h localhost -u DaqWikiUser -p DaqWiki > backup.sql
      ssh daq00
2015  mysql -p ### create DaqWiki, daqwikiuser
      ln -s /home/daqweb/mediawiki/DaqWiki/core /var/www/html/DaqWiki
2022  mysql -udaqwikiuser -p DaqWiki < backup.sql
2023  xemacs -nw LocalSettings.php
2024  git fetch
2025  git status
2026  git checkout REL1_35
2028  cd extensions/WikiEditor/
2029  git fetch
2030  git checkout REL1_35
2031  cd ../..
2033  cd skins/Vector
2034  git fetch
2035  git checkout REL1_35
2036  cd ..
2037  git fetch
2043  ../../composer.phar update ### composer 2.2.5
2044  cd maintenance/
2045  ./update.php
2046  xemacs -nw ../LocalSettings.php
2047  ./update.php
2048  cd ..
2051  cd extensions/Math/
2052  git fetch
2053  git checkout REL1_35
2054  cd ..
2055  cd LookupUser/
2056  git fetch
2057  git checkout REL1_35
2058  cd ../UserMerge/
2059  git fetch
2060  git checkout REL1_35
2061  cd ../ConfirmAccount/
2062  git fetch
2063  git checkout REL1_35
2064  cd ..
2065  cd maintenance/
2066  ./update.php
</pre>
== Update AgWiki 1.31 to 1.35 ==
* ssh daq00, cd ~daqweb/mediawiki/AgWiki/core
* mv composer.json composer.json-1.31
* git fetch, git checkout REL1_35
* cd extensions/WikiEditor, git fetch, git checkout REL1_35
* cd skins/Vector, git fetch, git checkout REL1_35
* ../../composer.phar update ### composer version 2.2.5
* cd maintenance, run ./update.php ### does a lot of stuff
* cd extensions/{ConfirmAccount,UserMerge,Math}, git fetch, git checkout REL1_35
* cd maintenence, run ./update.php ### again
* agwiki version page reports correct version 1.35 and dates from Jan-Feb 2022 for all extensions, etc.
* add this to LocalSettings.php to disable the "create account" link on the login page
<pre>
# disable "create account" - we should always go through "request account"
$wgGroupPermissions['*']['createaccount'] = false;
</pre>


== Migrate and update (el7 to U-20.04) ==
== Migrate and update (el7 to U-20.04) ==


Migrating AdWiki from daqstore (el7) to daq00 (U-20.04).
Migrating AgWiki from daqstore (el7) to daq00 (U-20.04).


* rsync daqstore:/var/www/html/AgWiki to /home/daqweb/mediawiki/AgWiki/core
* rsync daqstore:/var/www/html/AgWiki to /home/daqweb/mediawiki/AgWiki/core
Line 32: Line 191:
* mysql_secure_installation ### accept all default answers
* mysql_secure_installation ### accept all default answers
* try to load https://daq00/AgWiki, php error: Cannot access the database: Access denied for user 'aguser'@'localhost' (localhost), this is correct, we did not create the user
* try to load https://daq00/AgWiki, php error: Cannot access the database: Access denied for user 'aguser'@'localhost' (localhost), this is correct, we did not create the user
* per https://www.mediawiki.org/wiki/Manual:Installing_MediaWiki#MariaDB/MySQL
<pre>
mysql -p
MariaDB [(none)]> CREATE DATABASE AgWiki;
MariaDB [(none)]> CREATE USER 'agwikiuser'@'localhost' IDENTIFIED BY 'agwikiuser123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON AgWiki.* TO 'agwikiuser'@'localhost' WITH GRANT OPTION;
</pre>
* edit mysql user and password on LocalSettings.php
* try to load https://daq00/AgWiki, php error: Error: 1146 Table 'AgWiki.l10n_cache' doesn't exist (localhost), this is correct we did not load the database contents yet
* mysql -uagwikiuser -p AgWiki < backup.sql
* cd maintenance, run update.php
* try to load https://daq00/AgWiki, main wiki page redirects to daqstore/AgWiki, not good.
* edit LocalSettings.php, change $wgServer to daq00
* try to load https://daq00/AgWiki, main wiki page loads, looks good.
* login works, version page looks ok
* update extensions:
* cd extensions/ConfirmAccount, git fetch, git checkout REL1_31
* cd extensions/UserMerge, git fetch, git checkout REL1_31
* cd extensions/Math, git fetch, git checkout REL1_31
* edit Localsettings.php, comment-out load NativeSvgHandler.php and SVGEdit.php
* agwiki version page still shows all versions of extensions, run maintenance/update.php, now it shows the updated versions. good.
* edit LocalSettings.php, update $wgEmergencyContact and $wgPasswordSender


== Install (el7) ==
== Install (el7) ==

Latest revision as of 14:26, 4 January 2024

Links

Increase max file upload size

per https://www.mediawiki.org/wiki/Manual:Configuring_file_uploads
edit /etc/php/8.1/apache2/php.ini
set "upload_max_filesize" from "2M" to "20M"
set "post_max_size" from "8M" to "80M"
systemctl restart apache2

Allow SVG files created by draw.io

add "http://www.w3.org/1999/xhtml" to permitted XML namespaces:
edit includes/upload/UploadBase.php add it to $validNamespaces in function checkSvgScriptCallback

read more here: https://phabricator.wikimedia.org/T138783

Mitigate account request spam

after updating to mediawiki 1.39 I see account request spam on all our mediawiki instances.

to mitigate:

  • disable email notification
  • set rejected and unapproved account expiration and purge time to 0.
  • systemctl restart apache2
  • go and reject the first account request as spam, observe that all account requests have been erased/purged
wfLoadExtension( 'ConfirmAccount' );
$wgGroupPermissions['*']['createaccount'] = false; // REQUIRED to enforce account requests via this extension
$wgGroupPermissions['bureaucrat']['createaccount'] = true; // optional to allow account creation by this trusted user group
# $wgGroupPermissions['bureaucrat']['confirmaccount-notify'] = true; // send email to all bureaucrats
$wgConfirmAccountRequestFormItems['Biography']['enabled'] = false;
$wgConfirmAccountRequestFormItems['CV']['enabled'] = false;
$wgConfirmAccountRequestFormItems['Notes']['enabled'] = false;
$wgConfirmAccountRequestFormItems['Links']['enabled'] = false;
$wgConfirmAccountRequestFormItems['TermsOfService']['enabled'] = false;
# $wgConfirmAccountContact='olchansk@triumf.ca';
$wgRejectedAccountMaxAge = 0;
$wgConfirmAccountRejectAge = 0;

Update DaqWiki 1.39 to latest update

ssh root@daq00
cd ~daqweb/mediawiki/DaqWiki/core
git fetch
git pull
cd skins/Vector; git pull
cd extenstions/ConfirmAccount,LookupUser,UserMerge,WikiEditor,Math; git pull
cd maintenance
./update.php ### bombs, asks to run compser
cd ..
../../composer.phar update --no-dev ### updates a bunch of stuff
cd maintenance
./update.php ### does a bunch of stuff

Update DaqWiki 1.35.5 to 1.39

ssh root@daq00
cd ~daqweb/mediawiki/DaqWiki
rsync -av core/ core-1.35.5
cd core
git fetch ### took a long time with several interruptions
git checkout REL1_39
git submodule update
update vendor (has to be done by hand? do not forget to git checkout REL1_39)
update skins/Vector
update extensions ConfirmAccount,UserMerge
edit LocalSettings.php, add wfLoadExtension( 'ConfirmAccount' );
run composer
run update.php

Update DaqWiki 1.27.7 to 1.35

move DaqWiki from ladd00 to daq00, update to current LTS version.

       ssh daq00
 2001  cd ~daqweb/mediawiki/
 2002  ls -l
 2003  cd AgWiki/
 2004  ls -l
 2005  cd ..
 2006  ls -l
 2007  cd DaqWiki/
 2008  ls -l
 2009  rsync -av core/ core-1.27.7

       ssh ladd00
  993  cd ~daqweb/mediawiki/DaqWiki/core
  996  mysqldump -h localhost -u DaqWikiUser -p DaqWiki > backup.sql

       ssh daq00
 2015  mysql -p ### create DaqWiki, daqwikiuser
       ln -s /home/daqweb/mediawiki/DaqWiki/core /var/www/html/DaqWiki
 2022  mysql -udaqwikiuser -p DaqWiki < backup.sql
 2023  xemacs -nw LocalSettings.php
 2024  git fetch
 2025  git status
 2026  git checkout REL1_35
 2028  cd extensions/WikiEditor/
 2029  git fetch
 2030  git checkout REL1_35
 2031  cd ../..
 2033  cd skins/Vector
 2034  git fetch
 2035  git checkout REL1_35
 2036  cd ..
 2037  git fetch
 2043  ../../composer.phar update ### composer 2.2.5
 2044  cd maintenance/
 2045  ./update.php 
 2046  xemacs -nw ../LocalSettings.php
 2047  ./update.php 
 2048  cd ..
 2051  cd extensions/Math/
 2052  git fetch
 2053  git checkout REL1_35
 2054  cd ..
 2055  cd LookupUser/
 2056  git fetch
 2057  git checkout REL1_35
 2058  cd ../UserMerge/
 2059  git fetch
 2060  git checkout REL1_35
 2061  cd ../ConfirmAccount/
 2062  git fetch
 2063  git checkout REL1_35
 2064  cd ..
 2065  cd maintenance/
 2066  ./update.php 

Update AgWiki 1.31 to 1.35

  • ssh daq00, cd ~daqweb/mediawiki/AgWiki/core
  • mv composer.json composer.json-1.31
  • git fetch, git checkout REL1_35
  • cd extensions/WikiEditor, git fetch, git checkout REL1_35
  • cd skins/Vector, git fetch, git checkout REL1_35
  • ../../composer.phar update ### composer version 2.2.5
  • cd maintenance, run ./update.php ### does a lot of stuff
  • cd extensions/{ConfirmAccount,UserMerge,Math}, git fetch, git checkout REL1_35
  • cd maintenence, run ./update.php ### again
  • agwiki version page reports correct version 1.35 and dates from Jan-Feb 2022 for all extensions, etc.
  • add this to LocalSettings.php to disable the "create account" link on the login page
# disable "create account" - we should always go through "request account" 
$wgGroupPermissions['*']['createaccount'] = false; 

Migrate and update (el7 to U-20.04)

Migrating AgWiki from daqstore (el7) to daq00 (U-20.04).

  • rsync daqstore:/var/www/html/AgWiki to /home/daqweb/mediawiki/AgWiki/core
  • rsync core to core-1.30 ### make a backup
  • cd core
  • git fetch
  • refer to https://www.mediawiki.org/wiki/Version_lifecycle to decode which version to use
  • upgrade path 1.30 -> 1.31 LTS -> 1.35 LTS
  • mv composer.json composer.json-1.30
  • git checkout REL1_31
  • cd extensions/WikiEditor, git fetch, git checkout REL1_31
  • cd skins/Vector, git fetch, git checkout REL1_31
  • try to load https://daq00/AgWiki, error 500
  • run composer update. composer version 2 bombs, composer version 1 bombs with php error
  • ssh daqstore, cd ~daqweb/mediawiki/AgWiki/core, ../../composer.phar-1.2.2 update
  • try to load https://daq00/AgWiki, php error: no viable database extension found for type 'mysql'
  • apt install php-mysql, same error
  • edit /etc/php/7.4/apache2/php.ini, uncomment "extension=mysqli", systemctl reload apache2
  • try to load https://daq00/AgWiki, php error: Cannot access the database: No such file or directory (localhost), this is correct we did not copy/migrate the mysql database yet.
  • ssh daqstore, mysqldump -h localhost -u aguser -p AgWiki > backup.sql
  • apt install mariadb-server
  • mysql_secure_installation ### accept all default answers
  • try to load https://daq00/AgWiki, php error: Cannot access the database: Access denied for user 'aguser'@'localhost' (localhost), this is correct, we did not create the user
  • per https://www.mediawiki.org/wiki/Manual:Installing_MediaWiki#MariaDB/MySQL
mysql -p
MariaDB [(none)]> CREATE DATABASE AgWiki;
MariaDB [(none)]> CREATE USER 'agwikiuser'@'localhost' IDENTIFIED BY 'agwikiuser123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON AgWiki.* TO 'agwikiuser'@'localhost' WITH GRANT OPTION;
  • edit mysql user and password on LocalSettings.php
  • try to load https://daq00/AgWiki, php error: Error: 1146 Table 'AgWiki.l10n_cache' doesn't exist (localhost), this is correct we did not load the database contents yet
  • mysql -uagwikiuser -p AgWiki < backup.sql
  • cd maintenance, run update.php
  • try to load https://daq00/AgWiki, main wiki page redirects to daqstore/AgWiki, not good.
  • edit LocalSettings.php, change $wgServer to daq00
  • try to load https://daq00/AgWiki, main wiki page loads, looks good.
  • login works, version page looks ok
  • update extensions:
  • cd extensions/ConfirmAccount, git fetch, git checkout REL1_31
  • cd extensions/UserMerge, git fetch, git checkout REL1_31
  • cd extensions/Math, git fetch, git checkout REL1_31
  • edit Localsettings.php, comment-out load NativeSvgHandler.php and SVGEdit.php
  • agwiki version page still shows all versions of extensions, run maintenance/update.php, now it shows the updated versions. good.
  • edit LocalSettings.php, update $wgEmergencyContact and $wgPasswordSender

Install (el7)

ssh ladd00
cd ~daqweb/mediawiki
rsync -av DaqWiki daqstore:/var/www/html/

ssh daqstore
cd /var/www/html
mv DaqWiki/core AgWiki
cd AgWiki
git fetch

git checkout REL1_30

cd skins/Vector
git fetch
git checkout REL1_30

cd extensions/WebEditor
git fetch
git checkout REL1_30

open https://daqstore.triumf.ca/AgWiki/ - should give an internal error, a php exception

edit LocalSettings.php

do the composer stuff

get the composer: https://getcomposer.org/download/
cd AgWiki
../composer.phar update

open https://daqstore.triumf.ca/AgWiki/ - should give an error - cannot connect to the database

configure mysql

yum install php71w-mysql

rpm -q mariadb ### mariadb-5.5.56-2.el7.x86_64

systemctl enable mariadb
systemctl start mariadb

mysql_secure_installation
# set root password
# accept all default answers

mysql -p ### enter the root password
create database `AgWiki`;
create user `agwiki` identified by `agwiki123`;
GRANT USAGE ON *.* TO 'aguser'@localhost IDENTIFIED BY 'aguser123';
GRANT ALL privileges ON `AgWiki`.* TO 'aguser'@localhost;
FLUSH PRIVILEGES;
show grants for 'aguser'@localhost;
exit

enter these database settings to LocalSettings.php

configure mediawiki

get rid of (rename) LocalSettings.php
open https://daqstore.triumf.ca/AgWiki/
follow the link to do the configuration
answer all the questions
answer all the additional questions
save LocalSettings.php
copy it to AgWiki

open the wiki  - login page should open, login normally

got to special pages -> version

update all the individual extensions:
cd extensions/XXX
git fetch
git checkout REL1_30 ### as appropriate
systemctl restart httpd
reload the wiki version page

make images directory writable

semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/AgWiki/images(/.*)?'
restorecon -Rv /var/www/html/AgWiki/images
ls -alZ /var/www/html/AgWiki/images/

additional selinux incantations

setsebool -P httpd_setrlimit 1

Misc