Andrew Bogott has uploaded a new change for review.
https://gerrit.wikimedia.org/r/155789
Change subject: Random stab at getting wikitech config in here.
......................................................................
Random stab at getting wikitech config in here.
Questions:
- How to handle private values that are wikitech-specific?
- Should I really add wikitech-specific extensions to extension-list?
- How do I set wmfrealm properly on wikitech?
- How much of the random cruft in InitialiseSettings-wikitech should be
generalized?
Change-Id: I2b9322c6dbb43375c420c064e20a129df5a7cfaf
---
A wmf-config/InitialiseSettings-wikitech.php
M wmf-config/InitialiseSettings.php
M wmf-config/extension-list
3 files changed, 255 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config
refs/changes/89/155789/1
diff --git a/wmf-config/InitialiseSettings-wikitech.php
b/wmf-config/InitialiseSettings-wikitech.php
new file mode 100644
index 0000000..6704de1
--- /dev/null
+++ b/wmf-config/InitialiseSettings-wikitech.php
@@ -0,0 +1,236 @@
+<?php
+# WARNING: This file is publically viewable on the web.
+# Do not put private data here.
+
+/**
+ * This file is for overriding the default InitialiseSettings.php with our own
+ * stuff. Prefixing a setting key with '-' to override all values from
+ * InitialiseSettings.php
+ *
+ * Please wrap your code in functions to avoid tainting the global namespace.
+ */
+
+/**
+ * Main entry point to override production settings. Supports key beginning
with
+ * a dash to completely override a setting.
+ */
+function WikitechOverrideSettings() {
+
+ /* From Settings.php on old wikitech*/
+
+ $wgEmailConfirmToEdit = true;
+ $wgUseTeX = false;
+ $wgEnableCreativeCommonsRdf = true;
+ $wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary";
+ $wgCacheDirectory = "$IP/cache";
+ $wgMainCacheType = CACHE_MEMCACHED;
+ $wgMessageCacheType = CACHE_MEMCACHED;
+ $wgSessionsInMemcached = true;
+
+ # Anons can't edit
+ $wgGroupPermissions['*']['edit'] = false;
+
+ # Shellmanager is a Custom role for wikitech
+ $wgGroupPermissions['shellmanagers']['userrights'] = false;
+ $wgAddGroups['shellmanagers'] = array( 'shell' );
+
+ $wgGroupPermissions['contentadmin']['protect'] = true;
+ $wgGroupPermissions['contentadmin']['editprotected'] = true;
+ $wgGroupPermissions['contentadmin']['bigdelete'] = true;
+ $wgGroupPermissions['contentadmin']['delete'] = true;
+ $wgGroupPermissions['contentadmin']['undelete'] = true;
+ $wgGroupPermissions['contentadmin']['block'] = true;
+ $wgGroupPermissions['contentadmin']['blockemail'] = true;
+ $wgGroupPermissions['contentadmin']['patrol'] = true;
+ $wgGroupPermissions['contentadmin']['autopatrol'] = true;
+ $wgGroupPermissions['contentadmin']['import'] = true;
+ $wgGroupPermissions['contentadmin']['importupload'] = true;
+ $wgGroupPermissions['contentadmin']['upload_by_url'] = true;
+ $wgGroupPermissions['contentadmin']['movefile'] = true;
+ $wgGroupPermissions['contentadmin']['suppressredirect'] = true;
+ $wgGroupPermissions['contentadmin']['rollback'] = true;
+ $wgGroupPermissions['contentadmin']['browsearchive'] = true;
+ $wgGroupPermissions['contentadmin']['deletedhistory'] = true;
+ $wgGroupPermissions['contentadmin']['deletedtext'] = true;
+ $wgGroupPermissions['contentadmin']['autoconfirmed'] = true;
+
+
+ $wgNamespacesWithSubpages[NS_MAIN] = true;
+
+ $wgExtraNamespaces[110] = 'Obsolete';
+ $wgExtraNamespaces[111] = 'Obsolete_talk';
+ $wgNamespacesWithSubpages[110] = true;
+ $wgExtraNamespaces[112] = 'Ops';
+ $wgExtraNamespaces[113] = 'Ops_talk';
+ $wgNamespacesWithSubpages[112] = true;
+ $wgNamespacesWithSubpages[113] = true;
+ $wgContentNamespaces[] = 112;
+ $wgNamespacesToBeSearchedDefault[112] = true;
+
+ $wgGroupPermissions['bots']['skipcaptcha'] = true;
+ $wgCaptchaTriggers['addurl'] = false;
+
+ require_once( "$IP/extensions/DynamicSidebar/DynamicSidebar.php" );
+ include_once( "$IP/extensions/Validator/Validator.php" );
+ include_once( "$IP/extensions/SemanticMediaWiki/SemanticMediaWiki.php"
);
+ include_once( "$IP/extensions/SemanticForms/SemanticForms.php" );
+
+ # SemanticResultFormats, an extra set of printers for SMW
+ require_once(
"$IP/extensions/SemanticResultFormats/SemanticResultFormats.php" );
+
+ require_once( "Private.php" );
+ require_once( "Debug.php" );
+
+ /* from Local.php on old Wikitech */
+ $wgDBserver = "virt1000.wikimedia.org";
+ $wgDBname = "labswiki";
+
+ $wgServer = "https://wikitech.wikimedia.org";;
+ $wgSitename = "Wikitech";
+ $wgPasswordSenderName = "Wikitech Mail";
+
+ $wgCookieDomain = "wikitech.wikimedia.org";
+
+ $wgLogo =
"https://wikitech.wikimedia.org/w/images/thumb/6/60/Wikimedia_labs_logo.svg/120px-Wikimedia_labs_logo.svg.png";;
+
+ # Only sysops can create new accounts.
+ $wgGroupPermissions['*']['createaccount'] = true;
+
+ $wgGroupPermissions['cloudadmin']['listall'] = true;
+ $wgGroupPermissions['cloudadmin']['manageproject'] = true;
+ $wgGroupPermissions['cloudadmin']['userrights'] = true;
+ $wgGroupPermissions['cloudadmin']['managednsdomain'] = true;
+ $wgGroupPermissions['cloudadmin']['manageglobalpuppet'] = true;
+ $wgGroupPermissions['cloudadmin']['accessrestrictedregions'] = true;
+ $wgGroupPermissions['shell']['loginviashell'] = true;
+
+ $wgImportSources[] = "mw";
+
+ enableSemantics('wikitech');
+
+ require_once ( "$IP/extensions/CheckUser/CheckUser.php" );
+
+ require_once(
"$IP/extensions/LdapAuthentication/LdapAuthentication.php" );
+ $wgAuth = new LdapAuthenticationPlugin();
+ $wgLDAPDomainNames = array( 'labs');
+ $wgLDAPServerNames = array( 'labs' => 'virt1000.wikimedia.org' );
+ $wgLDAPSearchAttributes = array( 'labs' => 'cn');
+ $wgLDAPBaseDNs = array( 'labs' => 'dc=wikimedia,dc=org' );
+ $wgLDAPUserBaseDNs = array( 'labs' => 'ou=people,dc=wikimedia,dc=org' );
+ $wgLDAPEncryptionType = array( 'labs' => 'tls');
+ $wgLDAPWriteLocation = array( 'labs' => 'ou=people,dc=wikimedia,dc=org'
);
+ $wgLDAPAddLDAPUsers = array( 'labs' => true );
+ $wgLDAPUpdateLDAP = array( 'labs' => true );
+ $wgLDAPPasswordHash = array( 'labs' => 'clear' );
+ // 'invaliddomain' is set to true so that mail password options
+ // will be available on user creation and password mailing
+ $wgLDAPMailPassword = array( 'labs' => true, 'invaliddomain' => true );
+ $wgLDAPPreferences = array( 'labs' => array( "email"=>"mail" ) );
+ $wgLDAPUseFetchedUsername = array( 'labs' => true );
+ $wgLDAPLowerCaseUsernameScheme = array( 'labs' => false,
'invaliddomain' => false );
+ $wgLDAPLowerCaseUsername = array( 'labs' => false, 'invaliddomain' =>
false );
+ // Only enable UseLocal if you need to promote an LDAP user
+ #$wgLDAPUseLocal = true;
+ $wgMinimalPasswordLength = 1;
+
+ require_once( "$IP/extensions/OATHAuth/OATHAuth.php" );
+
+ require_once( "$IP/extensions/OpenStackManager/OpenStackManager.php" );
+ $wgOpenStackManagerNovaKeypairStorage = 'ldap';
+ $wgOpenStackManagerNovaIdentityURI =
'http://virt1000.wikimedia.org:35357/v2.0';
+ $wgOpenStackManagerLDAPDomain = 'labs';
+ $wgOpenStackManagerLDAPProjectBaseDN =
'ou=projects,dc=wikimedia,dc=org';
+ $wgOpenStackManagerLDAPProjectGroupBaseDN =
"ou=groups,dc=wikimedia,dc=org";
+ $wgOpenStackManagerLDAPInstanceBaseDN = 'ou=hosts,dc=wikimedia,dc=org';
+ $wgOpenStackManagerLDAPServiceGroupBaseDN =
'ou=servicegroups,dc=wikimedia,dc=org';
+ $wgOpenStackManagerLDAPDefaultGid = '500';
+ $wgOpenStackManagerLDAPDefaultShell = '/usr/local/bin/sillyshell';
+ $wgOpenStackManagerLDAPUseUidAsNamingAttribute = true;
+ $wgOpenStackManagerDNSOptions = array(
+ 'enabled' => true,
+ 'servers' => array( 'primary' => 'virt1000.wikimedia.org' ),
+ 'soa' => array( 'hostmaster' => 'hostmaster.wikimedia.org',
'refresh' => '1800', 'retry' => '3600', 'expiry' => '86400', 'minimum' =>
'7200' ),
+ );
+ $wgOpenStackManagerPuppetOptions = array(
+ 'enabled' => true,
+ 'defaultclasses' => array( 'base', 'role::labs::instance',
'sudo::labs_project' ),
+ 'defaultvariables' => array( 'realm' => 'labs' ),
+ );
+ $wgOpenStackManagerInstanceUserData = array(
+ 'cloud-config' => array(
+ #'puppet' => array( 'conf' => array( 'puppetd' =>
array( 'server' => 'wikitech.wikimedia.org', 'certname' => '%i' ) ) ),
+ #'apt_upgrade' => 'true',
+ 'apt_update' => 'false', // Puppet will cause this
+ #'apt_mirror' => 'http://ubuntu.wikimedia.org/ubuntu/',
+ ),
+ 'scripts' => array(
+ # Used for new images
+ 'runpuppet.sh' =>
'/srv/org/wikimedia/controller/scripts/runpuppet.sh',
+ # Used for pre-configured images
+ 'runpuppet-new.sh' =>
'/srv/org/wikimedia/controller/scripts/runpuppet-new.sh',
+ ),
+ 'upstarts' => array(
+ 'ttyS0.conf' =>
'/srv/org/wikimedia/controller/upstarts/ttyS0.conf',
+ 'ttyS1.conf' =>
'/srv/org/wikimedia/controller/upstarts/ttyS1.conf',
+ ),
+ );
+ $wgOpenStackManagerDefaultSecurityGroupRules = array(
+ # Allow all traffic within the project
+ array( 'group' => 'default' ),
+ # Allow ping from everywhere
+ array( 'fromport' => '-1',
+ 'toport' => '-1',
+ 'protocol' => 'icmp',
+ 'range' => '0.0.0.0/0' ),
+ # Allow ssh from all projects
+ array( 'fromport' => '22',
+ 'toport' => '22',
+ 'protocol' => 'tcp',
+ 'range' => '10.0.0.0/8' ),
+ # Allow nrpe access from all projects (access is limited in
config)
+ array( 'fromport' => '5666',
+ 'toport' => '5666',
+ 'protocol' => 'tcp',
+ 'range' => '10.0.0.0/8' ),
+ );
+ $wgOpenStackManagerInstanceBannedInstanceTypes = array(
+ "m1.tiny",
+ "s1.tiny",
+ "s1.small",
+ "s1.medium",
+ "s1.large",
+ "s1.xlarge",
+ "pmtpa-1",
+ "pmtpa-2",
+ "pmtpa-3",
+ "pmtpa-4",
+ "pmtpa-5",
+ "pmtpa-6",
+ "pmtpa-7",
+ "pmtpa-8",
+ "pmtpa-9",
+ "pmtpa-10",
+ "pmtpa-11"
+ );
+
+ # Enable doc links on the 'configure instance' page
+ $wgOpenStackManagerPuppetDocBase =
'http://doc.wikimedia.org/puppet/classes/__site__/';
+
+ $wgOpenStackManagerProxyGateways = array('pmtpa' => '208.80.153.214',
'eqiad' => '208.80.155.156');
+
+ # Restrict eqiad to a group
+ $wgOpenStackManagerRestrictedRegions = array();
+ $wgOpenStackManagerReadOnlyRegions = array();
+
+ $smwgNamespacesWithSemanticLinks[112] = true;
+ $smwgNamespacesWithSemanticLinks[NS_NOVA_RESOURCE] = true;
+ $wgNamespacesWithSubpages[NS_NOVA_RESOURCE] = true;
+ #$wgNamespacesToBeSearchedDefault[NS_NOVA_RESOURCE] = true;
+ $wgNamespacesToBeSearchedDefault[NS_HELP] = true;
+
+ #require_once("$IP/extensions/OpenID/OpenID.php");
+ $wgOpenIDClientOnly = false;
+ $wgHideOpenIDLoginLink = true;
+ $wgOpenIDConsumerAllow = '';
+ $wgOpenIDConsumerDenyByDefault = true;
+}
diff --git a/wmf-config/InitialiseSettings.php
b/wmf-config/InitialiseSettings.php
index 30a4b34..1817843 100644
--- a/wmf-config/InitialiseSettings.php
+++ b/wmf-config/InitialiseSettings.php
@@ -1836,6 +1836,7 @@
'execwiki' => '/mnt/upload7/private/execwiki',
'transitionteamwiki' => '/mnt/upload7/private/transitionteamwiki',
'iegcomwiki' => '/mnt/upload7/private/iegcomwiki',
+ 'wikitech' => "/srv/org/wikimedia/controller/wikis/images";
),
'wgImgAuthUrlPathMap' => array(
@@ -9977,6 +9978,7 @@
'wiktionary' => '//bits.wikimedia.org/apple-touch/wiktionary.png',
'enwiktionary' => '//bits.wikimedia.org/apple-touch/wiktionary/en.png',
// bug 46431
+ 'wikitech' => '/Wikitech-apple-touch-icon.png',
),
'wgUserEmailUseReplyTo' => array(
@@ -11620,6 +11622,7 @@
# and comment out the one after that
#'default' => CACHE_MEMCACHED,
'default' => 'mysql-multiwrite',
+ 'wikitech' => CACHE_MEMCACHED,
),
'wgLanguageConverterCacheType' => array(
@@ -11696,6 +11699,7 @@
'trwiki' => true, // bug 38227
'urwiki' => true, // bug 40848
'viwiki' => true, // bug 48878
+ 'wikitech' => true,
'zhwiki' => true, // bug 30362
),
'wmgWikiLoveDefault' => array(
@@ -12986,6 +12990,7 @@
'wmgUseEcho' => array(
'default' => false,
'echowikis' => true,
+ 'wikitech' => true,
),
'wmgEchoEnableEmailBatch' => array(
'default' => true,
@@ -13810,3 +13815,9 @@
require( "$wmfConfigDir/InitialiseSettings-labs.php" );
wmfLabsOverrideSettings();
}
+
+### Wikitech override #####
+if ( $wmfRealm == 'wikitech' ) {
+ require( "$wmfConfigDir/InitialiseSettings-wikitech.php" );
+ WikitechOverrideSettings();
+}
diff --git a/wmf-config/extension-list b/wmf-config/extension-list
index 66691b4..3d5bf61 100644
--- a/wmf-config/extension-list
+++ b/wmf-config/extension-list
@@ -32,6 +32,7 @@
$IP/extensions/DismissableSiteNotice/DismissableSiteNotice.php
$IP/extensions/DonationInterface/donationinterface_langonly.php
$IP/extensions/DoubleWiki/DoubleWiki.php
+$IP/extensions/DynamicSidebar/DynamicSidebar.php
$IP/extensions/Echo/Echo.php
$IP/extensions/EducationProgram/EducationProgram.php
$IP/extensions/Elastica/Elastica.php
@@ -60,6 +61,7 @@
$IP/extensions/JsonConfig/JsonConfig.php
$IP/extensions/LabeledSectionTransclusion/lst.php
$IP/extensions/LandingCheck/LandingCheck.php
+$IP/extensions/LdapAuthentication/LdapAuthentication.php
$IP/extensions/LiquidThreads/LiquidThreads.php
$IP/extensions/Listings/Listings.php
$IP/extensions/LocalisationUpdate/LocalisationUpdate.php
@@ -78,8 +80,10 @@
$IP/extensions/NewUserMessage/NewUserMessage.php
$IP/extensions/Nuke/SpecialNuke.php
$IP/extensions/OAI/OAIRepo.php
+$IP/extensions/OATHAuth/OATHAuth.php
$IP/extensions/OAuth/OAuth.php
$IP/extensions/OpenSearchXml/OpenSearchXml.php
+$IP/extensions/OpenStackManager/OpenStackManager.php
$IP/extensions/Oversight/HideRevision.php
$IP/extensions/PagedTiffHandler/PagedTiffHandler.php
$IP/extensions/PageImages/PageImages.php
@@ -102,6 +106,9 @@
$IP/extensions/Scribunto/Scribunto.php
$IP/extensions/SearchExtraNS/SearchExtraNS.php
$IP/extensions/SecurePoll/SecurePoll.php
+$IP/extensions/SemanticForms/SemanticForms.php
+$IP/extensions/SemanticMediaWiki/SemanticMediaWiki.php
+$IP/extensions/SemanticResultFormats/SemanticResultFormats.php
$IP/extensions/ShortUrl/ShortUrl.php
$IP/extensions/SiteMatrix/SiteMatrix.php
$IP/extensions/Solarium/Solarium.php
@@ -126,6 +133,7 @@
$IP/extensions/UniversalLanguageSelector/UniversalLanguageSelector.php
$IP/extensions/UploadWizard/UploadWizard.php
$IP/extensions/UserMerge/UserMerge.php
+$IP/extensions/Validator/Validator.php
$IP/extensions/VectorBeta/VectorBeta.php
$IP/extensions/VipsScaler/VipsScaler.php
$IP/extensions/VipsScaler/VipsTest.php
--
To view, visit https://gerrit.wikimedia.org/r/155789
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I2b9322c6dbb43375c420c064e20a129df5a7cfaf
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: Andrew Bogott <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
![https://wikitech.wikimedia.org/w/images/thumb/6/60/Wikimedia_labs_logo.svg/120px-Wikimedia_labs_logo.svg.png"](https://wikitech.wikimedia.org/w/images/thumb/6/60/Wikimedia_labs_logo.svg/120px-Wikimedia_labs_logo.svg.png"){kind=link}