Setup a Project Wiki: Difference between revisions

From Research
Jump to navigation Jump to search
Hha13 (talk | contribs)
 
(28 intermediate revisions by 3 users not shown)
Line 1: Line 1:
Kingfisher is our wiki server. Check out the [http://wiki.iat.sfu.ca wiki index] to see existing wikis.
sr-hercules01 is our wiki server. Check out the [http://wiki.iat.sfu.ca wiki index] to see existing wikis.


== Add a Separate Instance of MediaWiki ==
== Add a New Instance of MediaWiki ==
<p>
<p>
To set the stage for a new wiki, the champion for this new wiki should provide a wiki-name, and be clear about the type of access they want.</p>
To set the stage for a new wiki, the champion for this new wiki should provide a wiki-name, and be clear about the type of access they want.</p>


  <font color=red>hostname</font> <font color=blue>~ #</font> '''ssh root@kingfisher'''
  <font color=red><YourHost></font> <font color=blue>~ #</font> '''ssh root@hercules'''
  <font color=red>kingfisher</font> <font color=blue>~ #</font> '''cd /srv/www/htwiki'''
  <font color=red>sr-hercules01</font> <font color=blue>~ #</font> '''ssh 10.0.1.58'''
  <font color=red>kingfisher</font> <font color=blue>~ #</font> '''tar -xzvf mediawiki-unconfiguredInstallation.tar.gz'''
  <font color=red>sr-hercules01</font> <font color=blue>~ #</font> '''newWiki -N $projectName [-R $sqlRootPassword]'''
<font color=red>kingfisher</font> <font color=blue>~ #</font> '''mv mediawiki '''''$projectname'''''


The go to the mediawiki setup website for your project:
'''<nowiki>http://wiki.iat.sfu.ca/</nowiki>'''''$projectname''


Fill in the options appropriately with some special Configuration options to note:<br />
Your wiki should be completely setup at: <nowiki>http://wiki.iat.sfu.ca/$projectname</nowiki> I then usually go login to the wiki and check to see if I can edit for 100% assurance that everything is working :)


Leave the Sysop account name as WikiSysop; apply our strong password to this account.
'''A wikiSysOp account is created with a strong password unique to the wikis'''


Make a separate database for each project:
A log is kept at /var/log/newWiki.log
* '''Database name''': wiki_$projectname
Seperate username for each project:
* '''DB username''': wiki_$projectname
Unique password:
<font color=red>kingfisher</font> <font color=blue>~ #</font> '''apg -m 9 -MNC'''
*more '''apg''' info [[Linux Tips and Tools|here]]


And no table prefix.
Most settings are kept in LocalSettings.php, which is Symlinked to a master which we use to control all wikis at once. Settings for customizing a single wiki should be made in InstanceLocalSettings.php, inside the wiki's directory.


DB root password is again our strong password.
=== Access Restrictions ===
By default, our wikis are publicly viewable, but a user must login with their research account to edit pages.


''Note: When you click Install! it may fail. For me it has always failed if the username was too long (it must be at 16 characters or less)''
To customize access and viewing restrictions, look at this article on [https://www.mediawiki.org/wiki/User_rights Rights].


If it worked, this will create the LocalSettings.php file which you then move to the correct place:
Common tasks are listed below. Add them to '''InstanceLocalSettings.php''' (/var/www/localhost/htdocs/<wiki_name>/InstanceLocalSettings.php) to implement them, '''NOT''' the typical LocalSettings.php.
<font color=red>kingfisher</font> <font color=blue>htwiki #</font> '''cd $projectname'''
<font color=red>kingfisher</font> <font color=blue>''wiki_name'' #</font> '''mv config/LocalSettings.php ./'''


Config should no longer be world writable:
<font color=red>kingfisher</font> <font color=blue>~ #</font> '''chmod a-w config'''


Your wiki should be completely setup at: <nowiki>http://wiki.iat.sfu.ca/$projectname</nowiki>  I then usually go login to the wiki and add to the main page: '''Wiki is configured correctly.''' for 100% assurance that everything is working :)
To restrict anonymous viewing:


Record the database username & password, and who this wiki was created for in our 'MediaWiki on Kingfisher' file.
<font color=red>sr-hercules01</font> <font color=blue>''wiki_name'' #</font> '''vim InstanceLocalSettings.php'''
#Allow some special pages
$wgWhitelistRead = array("Special:UserLogin", "Special:UserLogout", "Special:PasswordReset", "MediaWiki:Common.css" );
#Restrict general Public from viewing all pages.
$wgGroupPermissions['*']['read']        = false;
$wgGroupPermissions['*']['createtalk'] = false;
$wgGroupPermissions['*']['createpage'] = false;
$wgGroupPermissions['*']['writeapi'] = false;
       
Disable even research users from reading. Members of "trusted" group can view (as can sysop)
<font color=red>sr-hercules01</font> <font color=blue>''wiki_name'' #</font> '''vim InstanceLocalSettings.php'''
#Restrict wiki to only users in the trusted group.
$wgGroupPermissions['user']['read']          = false;
$wgGroupPermissions['user']['edit']          = false;
$wgGroupPermissions['trusted']['read']        = true;
$wgGroupPermissions['trusted']['edit']          = true;
$wgGroupPermissions['sysop']['read']            = true;
$wgGroupPermissions['sysop']['edit']            = true;


For a wiki requiring "trusted" group-membership (example:  Pain_Lab_Grads), it's a little crazy:
They have to '''attempt''' to log in first, and '''fail''' :-O  This will make a username entry in the wiki-database, which can '''only then''' be modified (by a WikiSysop) to add them to the "trusted" group.


To customize access and viewing restrictions, look at this article on [http://www.mediawiki.org/wiki/Manual:Preventing_access Preventing Access] (this version of mediawiki is 1.4). It's probably always a good idea to prohibit anonymous edits; add these lines to LocalSettings.php:
Because the "Special pages" link and overview are restricted (to everyone), you may have to provide direct links to the specific (deeper) pages that you want; these may be helpful:<br>
http://wiki.iat.sfu.ca/<your_particular_wiki>/index.php/?title=Special:ListUsers<br>
http://wiki.iat.sfu.ca/<your_particular_wiki>/index.php/?title=Special:UserRights<br>


<font color=red>kingfisher</font> <font color=blue>''wiki_name'' #</font> '''vim LocalSettings.php'''
          # Entirely disable Anonymous Edits in Wiki versions 1.4 and before
          $wgWhitelistEdit = true;


To allow bans by account name in lieu of IP address:


To restrict anonymous registrations, the following snippet is added to allow only Sysops user registration:
<font color=red>kingfisher</font> <font color=blue>''wiki_name'' #</font> '''vim LocalSettings.php'''
          # Prevent new user registrations except by sysops
          $wgWhitelistAccount = array ( "user" => 0, "sysop" => 1, "developer" => 1 );
To restrict anonymous viewing, the following snippet is added to allow only registered users content access to the main page, user login page, and the help page:
<font color=red>kingfisher</font> <font color=blue>''wiki_name'' #</font> '''vim LocalSettings.php'''
          # Pages anonymous (not-logged-in) users may see
          $wgWhitelistRead = array( ":Main Page", "Special:Userlogin", "Wikipedia:Help" );
To allow bans by account name in lieu of IP address:
   
   
  <font color=red>kingfisher</font> <font color=blue>''wiki_name'' #</font> '''vim LocalSettings.php'''
  <font color=red>sr-hercules01</font> <font color=blue>''wiki_name'' #</font> '''vim InstanceLocalSettings.php'''
          # allows bans to be typed in by account name rather than IP
  # allows bans to be typed in by account name rather than IP
          $wgSysopUserBans=true;
  $wgSysopUserBans=true;
 
== Add Sysop/Administrator User ==
Follow these steps to make a wiki account, a sysop account:
 
Create the account, if you haven't done so already. Logout. Login as the WikiSysop user.
 
Navigate to '''Special Pages''' ->''' Make a user into a sysop''', or modify this link with your project name: <nowiki>http://wiki.iat.sfu.ca/$projectname/index.php/Special:Makesysop</nowiki>
 
Enter the username and set bureaucrat flag too.


== Customizing ==
== Customizing ==
=== Permitted Upload File Extensions ===
==== sr-hercules01 (Wiki-city) ====
==== Kingfisher (Wiki-city) ====
All changes should be made to '''/var/www/localhost/htdocs'''''<project_name>'''''/InstanceLocalSettings.php'''.  In most cases the variable you want to adjust is already defined under includes/DefaultSettings.php, but this may be over-written during upgrades!!
All changes should be made to '''/srv/www/htwiki/'''''<project_name>'''''/LocalSettings.php'''.  In most cases the variable you want to adjust is already defined under includes/DefaultSettings.php, but this may be over-written during upgrades!!
Typical examples are to enable or disable all file uploading:
 
<font color=red>hostname</font> <font color=blue>~ #</font> '''emacs -nw /srv/www/htwiki/'''''<project_name>'''''/LocalSettings.php'''
          $wgDisableUploads            = false;
          $wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg', 'pdf', 'fls', 'swf', 'doc', 'jar', 'dmg' );


After this, check the user/permissions on the $projectname/images directory.  Change:
<font color=red>hostname</font> <font color=blue>htwiki #</font> '''chown wwwrun:www images'''
Suitable permissions for '''images/''' would be '''755'''
  <font color=red>hostname</font> <font color=blue>htwiki #</font> '''chmod 755 images/'''


==== Tirpitz (Research wiki) ====
==== Tirpitz (Research wiki) ====
Things are Different on Tirpitz (tm) :-)<br>
Things are Different on Tirpitz (tm) :-)<br>
Changes are made on an NFS-mounted directory:  '''/home/projects/infrastructure/htdocs/wiki'''
<s>Changes are made on an NFS-mounted directory:  '''/home/projects/infrastructure/web_content/research.iat.sfu.ca/htdocs/wiki/'''</s>


Another gotcha can be that the file-extension is blacklisted (as in the case of 'exe').  In this case, edit LocalSettings.php to permit the file-type, '''and''' also un-BlackList it (settings in LocalSettings.php over-ride the same settings made elsewhere, like DefaultSettings.php):
Another gotcha can be that the file-extension is blacklisted (as in the case of 'exe').  In this case, edit LocalSettings.php to permit the file-type, '''and''' also un-BlackList it (settings in LocalSettings.php over-ride the same settings made elsewhere, like DefaultSettings.php):
Line 135: Line 108:


Note that I have added a space after the "http"s to force the syntax rather than show the actual link.
Note that I have added a space after the "http"s to force the syntax rather than show the actual link.


==Reset Passwords on MediaWiki==
==Reset Passwords on MediaWiki==
Line 158: Line 130:
Command to reset User password in mySQL:
Command to reset User password in mySQL:


  <font color=red>mysql</font><font color=blue>></font> '''UPDATE user SET user_password=md5(concat(<user_id>,'-',md5('newpassword'))) where user_name=;
  <font color=red>mysql</font><font color=blue>></font> '''UPDATE user SET user_password=md5(concat(<user_id>,'-',md5('newpassword'))) where user_name=�UserName�;
'''
'''


==Upgrade MediaWiki==
== Remove a wiki ==
 
 
running the latest version,mediawiki-1.8.5 mediawiki-1.11.2.
 
You were right about webapp-config, that was the key to resolving the database connectivity error.
 
After changing a few values in:
 
/etc/vhosts/webapp-config
 
vhost_root="/home/projects/${vhost_hostname}"
vhost_hostname="infrastructure"
vhost_server="lighttpd"
 
Figuring out how to configure webapp-config took a long time; I've littered errors all over /home/projects that I will clean up tomorrow.
 
 
But when I ran this webapp-config command:
 
webapp-config -I -h infrastructure -u root -d /wiki mediawiki 1.11.2
 
mediawiki populated the correct folder.
 
After that I followed the post install instructions:
 
 
=================================================================
POST-INSTALL INSTRUCTIONS
=================================================================
 
1. Completing setup:
 
$ cd /home/projects/infrastructure/htdocs/wiki
 
Then temporarily make the MediaWiki /config directory writable
to the user the web server is running as. The quickest way is
to make the directory world writable. For example:
 
$ chmod a+w config
 
Then access it via a web browser, for example:
 
lynx http://infrastructure/wiki/config/
 
2. After setup move the newly created LocalSettings.php from the config/
directory to the main mediawiki directory, for example:
 
$ mv config/LocalSettings.php .
 
Remember to restore safe permissions to the MediaWiki config/ and
LocalSettings.php (which contains clear-text passwords).
 
$ chmod a-w config
$ chmod ug=r,o=  LocalSettings.php
$ chown root:apache LocalSettings.php
chown root:lighttpd LocalSettings.php
 
If you wish to enable image uploads then you must manually edit the
LocalSettings.php file to uncomment the $wgEnableUploads line. If MediaWiki was built with the imagemagick USE-flag the directory
permissions are correct, otherwise you must install ImageMagick and
also adjust permissions on the images directory to allow the server
to write. For example:
 
$ chown lighttpd:lighttpd /home/projects/infrastructure/htdocs/wiki/images
 
 
After that I had to copy over the images, math, and skins directory from the old wiki site. I copied over LdapAuthentication.php as well. I am able to authenticate as jjaythomas, so our LDAP connectivity appears to be working.
 
I think the math feature is still unconfigured, however, because I could not set the "math" USE flag, and the post-install instructions say this:
 
_______
Math Support:
 
If you wish to enable the math support then you must manually edit"
the LocalSettings.php file to uncomment the $wgUseTeX line.
MediaWiki must have been built with the math USE-flag enabled or the
necessary support executable will not be present.
You may also have to execute
 
$ texconfig dvips printcmd -
 
if you have not configured tetex before.
________
 
 
After that, I repopulated our Localsettings.php file with a bunch of values I "felt" should be there (I've marked my changes fairly clearly).
 
I'm sure that there will be numerous bugs to iron out over Localsettings.php, but I can't find any obvious errors.
 
The original site is preserved on this path: /home/projects/infrastructure/htdocs/wiki.old
 
A bunch of our webapp-config mistakes will need to be mopped up, they will be listed as folders called /mediawiki and /wiki.
 
 
I was reluctant to remove them when my goal was to get our wiki back online. I would have just deleted them, but a post-install instruction indicated:
 
______________
* Running /usr/sbin/webapp-cleaner -p -C mediawiki
* Unused versions of mediawiki detected.
* To clean, run the following command:
* emerge -Cav =mediawiki-1.8.5
>>> www-apps/mediawiki-1.11.2 merged.
 
>>> No packages selected for removal by clean
>>> Auto-cleaning packages...
 
>>> No outdated packages were found on your system.
 
* Messages for package www-apps/mediawiki-1.11.2:
 
*
* Don't forget to use webapp-config to remove any copies of
* mediawiki-1.11.2 installed in
*
*    /var/www/infrastructure/htdocs/home/projects/infrastructure/htdocs/wiki
*    /var/www/infrastructure/htdocs/infrastructure
*    /var/www/infrastructure/htdocs/mediawiki
*    /var/www/localhost/htdocs/mediawiki
*    /var/www/infrastructure/htdocs/wiki
________________


webapp-config is used to create the wikis.


***As as side note, I think that we can set the "vhost" flag on future upgrades. When you set that flag webapp-config is run automatically. Now that the /etc/vhosts/webapp-config has been tailored to our web root and lighttpd, I think automatic webapp-config will work.
Use webapp-config -li to see installs, then webapp-config -C -d $projectName to remove it.  Then remove the directory in the localhost/htdocs directory when you are sure you have gotten everything you want.

Latest revision as of 21:43, 13 November 2014

sr-hercules01 is our wiki server. Check out the wiki index to see existing wikis.

Add a New Instance of MediaWiki

To set the stage for a new wiki, the champion for this new wiki should provide a wiki-name, and be clear about the type of access they want.

<YourHost> ~ # ssh root@hercules
sr-hercules01 ~ # ssh 10.0.1.58
sr-hercules01 ~ # newWiki -N $projectName [-R $sqlRootPassword]


Your wiki should be completely setup at: http://wiki.iat.sfu.ca/$projectname I then usually go login to the wiki and check to see if I can edit for 100% assurance that everything is working :)

A wikiSysOp account is created with a strong password unique to the wikis

A log is kept at /var/log/newWiki.log

Most settings are kept in LocalSettings.php, which is Symlinked to a master which we use to control all wikis at once. Settings for customizing a single wiki should be made in InstanceLocalSettings.php, inside the wiki's directory.

Access Restrictions

By default, our wikis are publicly viewable, but a user must login with their research account to edit pages.

To customize access and viewing restrictions, look at this article on Rights.

Common tasks are listed below. Add them to InstanceLocalSettings.php (/var/www/localhost/htdocs/<wiki_name>/InstanceLocalSettings.php) to implement them, NOT the typical LocalSettings.php.


To restrict anonymous viewing:

sr-hercules01 wiki_name # vim InstanceLocalSettings.php

#Allow some special pages
$wgWhitelistRead = array("Special:UserLogin", "Special:UserLogout", "Special:PasswordReset", "MediaWiki:Common.css" );

#Restrict general Public from viewing all pages.
$wgGroupPermissions['*']['read']        = false;
$wgGroupPermissions['*']['createtalk'] = false;
$wgGroupPermissions['*']['createpage'] = false;
$wgGroupPermissions['*']['writeapi'] = false;
       

Disable even research users from reading. Members of "trusted" group can view (as can sysop)

sr-hercules01 wiki_name # vim InstanceLocalSettings.php
#Restrict wiki to only users in the trusted group.
$wgGroupPermissions['user']['read']           = false;
$wgGroupPermissions['user']['edit']           = false;
$wgGroupPermissions['trusted']['read']        = true;
$wgGroupPermissions['trusted']['edit']          = true;
$wgGroupPermissions['sysop']['read']            = true;
$wgGroupPermissions['sysop']['edit']            = true;

For a wiki requiring "trusted" group-membership (example: Pain_Lab_Grads), it's a little crazy: They have to attempt to log in first, and fail :-O This will make a username entry in the wiki-database, which can only then be modified (by a WikiSysop) to add them to the "trusted" group.

Because the "Special pages" link and overview are restricted (to everyone), you may have to provide direct links to the specific (deeper) pages that you want; these may be helpful:
http://wiki.iat.sfu.ca/<your_particular_wiki>/index.php/?title=Special:ListUsers
http://wiki.iat.sfu.ca/<your_particular_wiki>/index.php/?title=Special:UserRights


To allow bans by account name in lieu of IP address:


sr-hercules01 wiki_name # vim InstanceLocalSettings.php
 # allows bans to be typed in by account name rather than IP
 $wgSysopUserBans=true;

Customizing

sr-hercules01 (Wiki-city)

All changes should be made to /var/www/localhost/htdocs<project_name>/InstanceLocalSettings.php. In most cases the variable you want to adjust is already defined under includes/DefaultSettings.php, but this may be over-written during upgrades!!


Tirpitz (Research wiki)

Things are Different on Tirpitz (tm) :-)
Changes are made on an NFS-mounted directory: /home/projects/infrastructure/web_content/research.iat.sfu.ca/htdocs/wiki/

Another gotcha can be that the file-extension is blacklisted (as in the case of 'exe'). In this case, edit LocalSettings.php to permit the file-type, and also un-BlackList it (settings in LocalSettings.php over-ride the same settings made elsewhere, like DefaultSettings.php):

tirpitz ~ # emacs -nw /home/projects/infrastructure/htdocs/wiki/LocalSettings.php 
$wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg', 'swf', 'pdf', 'exe', 'bin', 'dmg', 'reg', 'tbz2', 'zip' ); /** Files with these extensions will never be allowed as uploads. */ $wgFileBlacklist = array( # HTML may contain cookie-stealing JavaScript and web bugs 'html', 'htm', 'js', 'jsb', # PHP scripts may execute arbitrary code on the server 'php', 'phtml', 'php3', 'php4', 'phps', # Other types that may be interpreted by some servers 'shtml', 'jhtml', 'pl', 'py', 'cgi', # May contain harmful executables for Windows victims 'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' ); # 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' ); temporarily uncomment for .exe uploads

Upload (filesize) Limits

Filesize limits can be tricky - Mediawiki just follows general apache and php limitations. When Mediawiki encounters a filesize limitation, it seems to (unhelpfully :-( ) fail silently; you'll usually just get a blank Upload file page again. Let's increase these limits (tirpitz - our main Research wiki - used as an example):

hostname ~ # emacs -nw /etc/php/cgi-php5/php.ini
         memory_limit "128M"
         file_uploads "On"
         post_max_size "25M"
         upload_max_filesize "25M"


Adding an RSS Feed

Some users have made the request for an RSS feed. This functionality comes prepackaged with the wiki software and all you need to do is add /index.php?title=Special:Recentchanges&feed=rss to the wiki url. For example, with the Memory Association Machine wiki, this code snippet was added to the bottom of the splash page, as well as an RSS graphic associated with the link:

http ://wiki.iat.sfu.ca/Memory_Association_Machine/index.php?title=Special:Recentchanges&feed=rss http ://research.iat.sfu.ca/images/rss.gif

Note that I have added a space after the "http"s to force the syntax rather than show the actual link.

Reset Passwords on MediaWiki

Determine User Name:

To find out all the users in a particular Wiki, to isolate the actual user name of person you want to change the password for:

mysql> use wiki_databasename; SELECT * FROM user;


Determine ID:

To find out the user_id of a particular user (necessary to generate hash):

mysql> SELECT user_id, user_name from user WHERE user_name="UserName";


Reset Password:

Command to reset User password in mySQL:

mysql> UPDATE user SET user_password=md5(concat(<user_id>,'-',md5('newpassword'))) where user_name=�UserName�;

Remove a wiki

webapp-config is used to create the wikis.

Use webapp-config -li to see installs, then webapp-config -C -d $projectName to remove it. Then remove the directory in the localhost/htdocs directory when you are sure you have gotten everything you want.