BryanDavis has uploaded a new change for review. https://gerrit.wikimedia.org/r/133757
Change subject: Add CentralAuth role ...................................................................... Add CentralAuth role This role installs the CentralAuth extension and creates two additional wikis. login.wiki.local.wmftest.net is the login wiki and centralauthtest.wiki.local.wmftest.net is configured to show that logins work automatically across the wiki farm. Co-author: Bryan Davis <[email protected]> Change-Id: Ide7acba8cd6a223d38cb26b766a6d9482905c5fa --- A puppet/manifests/roles/centralauth.pp M puppet/modules/multiwiki/templates/LoadWgConf.php.erb M puppet/modules/multiwiki/templates/dbConf.php.erb 3 files changed, 80 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/vagrant refs/changes/57/133757/1 diff --git a/puppet/manifests/roles/centralauth.pp b/puppet/manifests/roles/centralauth.pp new file mode 100644 index 0000000..fda5e79 --- /dev/null +++ b/puppet/manifests/roles/centralauth.pp @@ -0,0 +1,78 @@ +# == Class: role::centralauth +# This role installs the CentralAuth extension and creates two additional +# wikis. login.wiki.local.wmftest.net is the login wiki and +# centralauthtest.wiki.local.wmftest.net is configured to show that logins +# work automatically across the wiki farm. +# +class role::centralauth { + require ::role::mediawiki + include ::mysql + + $db_name = 'centralauth' + $loginwiki = 'login' + $ca_common_settings = { + wgCentralAuthDatabase => $db_name, + wgCentralAuthCookies => true, + wgCentralAuthCreateOnView => true, + wgCentralAuthLoginWiki => "${loginwiki}wiki", + wgCentralAuthSilentLogin => true, + wgCentralAuthUseOldAutoLogin => false, + wgCentralAuthAutoMigrate => true, + wgCentralAuthAutoNew => true, + wgSharedDB => $db_name, + wgSharedTables => [ 'objectcache' ], + } + $ca_auth_settings = [ + '$wgGroupPermissions["sysop"]["centralauth-lock"] = true;', + '$wgGroupPermissions["bureaucrat"]["centralauth-oversight"] = true;', + '$wgGroupPermissions["bureaucrat"]["centralauth-unmerge"] = true;', + '$wgGroupPermissions["bureaucrat"]["centralauth-globalrename"] = true;', + ] + + # Install CentralAuth for default wiki + mediawiki::extension { 'CentralAuth': + needs_update => true, + settings => $ca_common_settings, + } + mediawiki::settings { 'CentralAuthPermissions': + values => $ca_auth_settings, + } + + # Create an application database + mysql::db { $db_name: + ensure => present, + } + mysql::sql { 'Create CentralAuth objectcache': + sql => "CREATE TABLE ${db_name}.objectcache LIKE ${::role::mysql::db_name}.objectcache;", + unless => "SELECT COUNT(*) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema = '${db_name}' AND table_name = 'objectcache';", + require => Mysql::Db[$db_name], + } + mysql::sql { 'Create CentralAuth tables': + sql => "USE ${db_name}; SOURCE ${::role::mediawiki::dir}/extensions/CentralAuth/central-auth.sql;", + unless => "SELECT COUNT(*) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema = '${db_name}' AND table_name = 'globalnames';", + require => [ + Mysql::Db[$db_name], + Mediawiki::Extension['CentralAuth'] + ], + } + + # Create login wiki + multiwiki::wiki{ $loginwiki: } + multiwiki::extension { "${loginwiki}:CentralAuth": + needs_update => true, + settings => $ca_common_settings, + } + multiwiki::settings { "${loginwiki}:CentralAuthPermissions": + values => $ca_auth_settings, + } + + # Create test wiki to show that logins are cross-wiki + multiwiki::wiki{ 'centralauthtest': } + multiwiki::extension { 'centralauthtest:CentralAuth': + needs_update => true, + settings => $ca_common_settings, + } + multiwiki::settings { 'centralauthtest:CentralAuthPermissions': + values => $ca_auth_settings, + } +} diff --git a/puppet/modules/multiwiki/templates/LoadWgConf.php.erb b/puppet/modules/multiwiki/templates/LoadWgConf.php.erb index 4228e42..4e6d94c 100644 --- a/puppet/modules/multiwiki/templates/LoadWgConf.php.erb +++ b/puppet/modules/multiwiki/templates/LoadWgConf.php.erb @@ -1,5 +1,6 @@ <?php +$wgCentralAuthAutoLoginWikis = array( 'devwiki'=>'wiki' ); $wgLocalDatabases[] = 'wiki'; foreach ( glob( __DIR__ . '/*/dbConf.php' ) as $file) { diff --git a/puppet/modules/multiwiki/templates/dbConf.php.erb b/puppet/modules/multiwiki/templates/dbConf.php.erb index 35f776d..3f893c9 100644 --- a/puppet/modules/multiwiki/templates/dbConf.php.erb +++ b/puppet/modules/multiwiki/templates/dbConf.php.erb @@ -1,2 +1,3 @@ <?php $wgLocalDatabases[] = '<%= @wikidb %>'; +$wgCentralAuthAutoLoginWikis['<%= @wikidb %>']='<%= @wikidb %>'; -- To view, visit https://gerrit.wikimedia.org/r/133757 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ide7acba8cd6a223d38cb26b766a6d9482905c5fa Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/vagrant Gerrit-Branch: master Gerrit-Owner: BryanDavis <[email protected]> Gerrit-Reviewer: CSteipp <[email protected]> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
