diff --git a/COPYING b/COPYING new file mode 100644 index 0000000..5e181cd --- /dev/null +++ b/COPYING @@ -0,0 +1,18 @@ +The MIT License (MIT) + +Copyright (c) 2016 The MITRE Corporation + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and +associated documentation files (the "Software"), to deal in the Software without restriction, +including without limitation the rights to use, copy, modify, merge, publish, distribute, +sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial +portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT +NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES +OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/README b/README new file mode 100644 index 0000000..ac43495 --- /dev/null +++ b/README @@ -0,0 +1,243 @@ +This repository contains ansible playbooks for installing and configuring +MediaWiki wiki farms. A wiki farm can comprise multiple web front end +hosts, referred to as wiki families, each hosting multiple wikis. These +playbooks support either installing MediaWiki and its database on a single +host or splitting them between two tiers. + +These playbooks will install MySQL, Apache, Squid, MediaWiki, and MediaWiki +skins/extensions in a single directory hierarchy (possibly separated between +two hosts as described above) and configure SELinux. This directory hierarchy +is self-contained, supporting migration between similarly configured hosts. + +The wikis hosted by the wiki farms built by these playbooks will be accessed +over HTTPS with a permanenent redirect to HTTPS if accessed over HTTP. These +playbooks have been tested using ansible 2.0.1.0 to provision CentOS 6.7 and +RedHat 6.7 targets. + +Each wiki on a wiki family has an instance directory in the INSTANCES +directory that is a sibling the the MediaWiki directory. The instance directory +contains a branding sub-directory containing the logo and favicon as well as +an images directory containing all uploaded files for the wiki. In addition, the +instance directory contains several optional wiki configuration files described +below. + +To simplify wiki farm management, the MediaWiki LocalSettings.php +configuration file has been crafted to include a set of role specific +configuration files in a WikiFarm subdirectory of the MediaWiki installation. +Some of these files will be customized for a particular wiki family +(MediaWiki host), while others will be the same across all wiki families in +a wiki farm. This allows, for example, a new global extension configuration +file to be pushed to all wiki families when a new extension is installed +across all wiki families in the wiki farm. In addition, in the instance +configuration directory for each wiki in the wiki family, several wiki-specific +configuration files may exist. The configuration files in the WikiFarm and +instance directories are as follows (all files are optional unless noted +otherwise) in the order in which they are loaded: + +* Debug.php + * debugging flags +* Server.php (mandatory) + * server-specific configuration (e.g. wiki family base URL) +* Keys.php (mandatory) + * MediaWiki-generated keys +* Email.php (mandatory) + * email configuration +* Upload.php (mandatory) + * file upload configuration +* WikiFamilyPreConfiguration.php + * pre-extension configuration specific to this wiki family +* Skins.php (mandatory) + * skin registration and configuration +* Interwiki.php + * interwiki configuration +* /Namespaces.php + * configuration of any wiki-specific namespaces +* /PreConfiguration.php + * any wiki-specific configuration that must be done prior to loading the + extensions +* Authentication.php + * extension registration and configuration for authentication +* Permissions.php + * permission configuration +* GlobalExtensions.php + * extension registration and configuration shared across all wiki families + in this wiki farm +* LocalExtensions.php + * extension registration and configuration for the wikis in this wiki family +* /PostConfiguration.php + * any wiki-specific configuration that must be done after loading the + extensions +* WikiFamilyPostConfiguration.php + * post-extension configuration specific to this wiki family + +CONFIGURATION NOTES: + +* These playbooks require three variables holding wiki farm passwords to be + specified: MYSQL_ROOT_PASSWORD, MYSQL_WIKI_PASSWORD, WIKI_ADMIN_PASSWORD. + These variables may be defined using the --extra-vars (-e) parameter on the + ansible-playbook command line or may be defined in an ansible variable file + or ansible vault. The latter would require additional parameters (such as + --ask-vault-pass or --vault-password-file) to be added to the commands + below. By default, a file "group_vars/all/vars" has been provided with dummy + values for these variables that must be changed. + +* If you need to use specify a proxy, uncomment the PROXY_ENV lines in + group_vars/all/vars and set them appropriately. + +* There are also some other default values in group_vars/all/vars that you may + want to change to match your environment. + +* For each MediaWiki host, a certificate and private key must be provided in an + ansible-accessible diretory named certs on the ansible host. The files in that + directory must be named -private.key and -site.crt. + The part must match the MediaWiki host name as specified in the + ansible hosts file. + +* You must create an ansible hosts file. The hosts.example file is an example. + +* You must ensure that the database hosts are listed in the db_hosts section + and the MediaWiki hosts are listed in the mw_hosts section of the ansible + hosts file. For example: + + * To place Apache/MediaWiki on and MySQL on , add to + mw_hosts and to db_hosts + + * To place MySQL/Apache/MediaWiki all on , add to + db_hosts and mw_hosts + +* The install_mw_extensions.yml playbook comes preconfigured with a set of + useful extensions. This serves as a starting point as well as an example + of how extensions can be specified. This list of extensions can eaily be + moved out of the playbook file into a separate variable file, but it is + included in the playbook for now so it is easy to find the extension + definitions. Each extension in the list contains the following fields + (the url and composer fields must not both be used for the same extension): + + * name: the name of the extension used to identify the extension directory + and to register the extension (not used for composer loading) + * url: if specified, the git URL to install the extension from + * composer: if specified, the name of the extension for composer installation + * version: the version of the extension to install (defaults to dev-master for + composer) + * enable: either "global" or "local", indicating whether to add extension + loading and configuration statements to GlobalExtensions.php or + LocalExtensions.php + * legacy: if defined and true, specifies that the extension should be + loaded with the old style (require) rather than the new style + (wfLoadExtension) + * composer_update: if defined and true, descend into the extension directory + and perform a composer update after installing + * config: a list of configuration statements for the extension to be + included in GlobalExtensions.php or LocalExtensions.php (see "enable") + +* To set up a wiki family to use a shared interwiki table (to facilitate + transclusion between wikis in a wiki family), + add the "SHARED_WIKI_DB_NAME=" flag when running the add_db_client.yml + playbook and run the following after installing MediaWiki: + + ansible-playbook configure_shared_interwiki.yml -e "MW_RELEASE=REL1_26 SHARED_WIKI_DB_NAME=" + + When choosing a name for the shared wiki database ( above), be sure + to choose a name that will never be the name of a wiki on the wiki family + (e.g. SHARED_WIKI_TABLES). + +PLAYBOOK INSTRUCTIONS: + +* Perform initial configuration on all hosts: + + ansible-playbook setup.yml -kKbu + + where is the username you will ssh to before sudo'ing on the + remote host. If you can login directly as root on the remote host, + you may do the following instead: + + ansible-playbook setup.yml -k + +* Configure the database hosts: + + ansible-playbook deploy_db_hosts.yml + +* Add a MediaWiki host as a client of a database host; run one of the + following (adding "SHARED_WIKI_DB_NAME=" if you want to have a shared + interwiki table): + + * To configure , which is serving as the database host for MediaWiki + host : + + ansible-playbook add_db_client.yml -e "MW_HOST=" -l + + or + + ansible-playbook add_db_client.yml -e "MW_HOST= SHARED_WIKI_DB_NAME=" -l + + * To configure , which is serving as the MediaWiki and database host: + + ansible-playbook add_db_client.yml -e "MW_HOST=" -l + + or + + ansible-playbook add_db_client.yml -e "MW_HOST= SHARED_WIKI_DB_NAME=" -l + +* Configure the MediaWiki hosts: + + ansible-playbook deploy_mw_hosts.yml + + ansible-playbook install_mediawiki.yml -e "MW_RELEASE=REL1_26" + or + ansible-playbook install_mediawiki.yml -e "MW_RELEASE=REL1_26 DB_HOST=" + + ansible-playbook install_mw_extensions.yml -e "MW_RELEASE=REL1_26" + ansible-playbook install_skins.yml -e "MW_RELEASE=REL1_26" + + If you want to have a shared interwiki table: + + ansible-playbook configure_shared_interwiki.yml -e "MW_RELEASE=REL1_26 SHARED_WIKI_DB_NAME=" + + The steps above can be repeated for multiple MediaWiki releases. + +* Create a new wiki; run one of the following: + + * If Apache/MediaWiki is on and MySQL is on : + + ansible-playbook create_new_wiki.yml -e "MW_HOST= DB_HOST= WIKI_NAME=" + + * If MySQL/Apache/MediaWiki ar all on : + + ansible-playbook create_new_wiki.yml -e "MW_HOST= WIKI_NAME=" + + * The new wiki will be available at http:/// + +* Clone a wiki from FROM_MW_HOST/FROM_DB_HOST to TO_MW_HOST/TO_DB_HOST with + optional renaming: + + NOTES: + + * This playbook first pulls the database .sql file and wiki instance + directory .tar.bz2 file to the controller host from the source host + and then pushes them to the destination host. + + * If the source and destination environments are different, the two + playbooks that are invoked by clone_wiki.yml can be called separately: + clone_wiki_pull.yml and clone_wiki_push.yml. + + * The source database host must have the mysql-python module + installed. On that host, run: + + yum install python-pip python-devel mysql-devel + pip install mysql-python + + * If the wiki does not yet exist on the destination host/host pair, + you must run the create_new_wiki.yml playbook above first to set up the + database permissions correctly. + + * If FROM_DB_HOST is not specified, it defaults to FROM_MW_HOST. + + * If TO_DB_HOST is not specified, it defaults to TO_MW_HOST. + + * If TO_WIKI_NAME is not specified, it defaults to FROM_WIKI_NAME. + + ansible-playbook clone_wiki.yml -e "FROM_MW_HOST= FROM_DB_HOST= TO_MW_HOST= TO_DB_HOST= FROM_WIKI_NAME= TO_WIKI_NAME=" + + or + + ansible-playbook clone_wiki.yml -e "FROM_MW_HOST= TO_MW_HOST= FROM_WIKI_NAME=" diff --git a/add_db_client.yml b/add_db_client.yml new file mode 100644 index 0000000..61ace7c --- /dev/null +++ b/add_db_client.yml @@ -0,0 +1,62 @@ +- name: Add a wiki farm as a client to DB hosts + + hosts: db_hosts + + tasks: + - name: check for existance of firewall rule + shell: iptables -C INPUT -p tcp --dport {{ MYSQL_PORT }} -s {{ MW_HOST }} -j ACCEPT + register: firewall_rule_exists + ignore_errors: true + when: inventory_hostname != MW_HOST + + - name: add firewall rule + shell: iptables -I INPUT -p tcp --dport {{ MYSQL_PORT }} -s {{ MW_HOST }} -j ACCEPT + when: inventory_hostname != MW_HOST and firewall_rule_exists.rc == 1 + + - name: save firewall rules + shell: service iptables save + when: inventory_hostname != MW_HOST and firewall_rule_exists.rc == 1 + + - name: grant access to empty wiki to wiki user (db host != wiki host) + mysql_user: + name={{ MYSQL_WIKI_USER }} + password={{ MYSQL_WIKI_PASSWORD }} + priv="{{ EMPTY_WIKI_NAME }}.*:SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE,DROP,CREATE TEMPORARY TABLES" + append_privs=true + host={{ MW_HOST }} + login_user=root + login_password={{ MYSQL_ROOT_PASSWORD }} + when: inventory_hostname != MW_HOST + + - name: grant access to empty wiki to wiki user (db host == wiki host) + mysql_user: + name={{ MYSQL_WIKI_USER }} + password={{ MYSQL_WIKI_PASSWORD }} + priv="{{ EMPTY_WIKI_NAME }}.*:SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE,DROP,CREATE TEMPORARY TABLES" + append_privs=true + host=localhost + login_user=root + login_password={{ MYSQL_ROOT_PASSWORD }} + when: inventory_hostname == MW_HOST + + - name: grant access to shared wiki database to wiki user (db host != wiki host) + mysql_user: + name={{ MYSQL_WIKI_USER }} + password={{ MYSQL_WIKI_PASSWORD }} + priv="{{ SHARED_WIKI_DB_NAME }}.*:SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE,DROP,CREATE TEMPORARY TABLES" + append_privs=true + host={{ MW_HOST }} + login_user=root + login_password={{ MYSQL_ROOT_PASSWORD }} + when: inventory_hostname != MW_HOST and SHARED_WIKI_DB_NAME is defined + + - name: grant access to shared wiki database to wiki user (db host == wiki host) + mysql_user: + name={{ MYSQL_WIKI_USER }} + password={{ MYSQL_WIKI_PASSWORD }} + priv="{{ SHARED_WIKI_DB_NAME }}.*:SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE,DROP,CREATE TEMPORARY TABLES" + append_privs=true + host=localhost + login_user=root + login_password={{ MYSQL_ROOT_PASSWORD }} + when: inventory_hostname == MW_HOST and SHARED_WIKI_DB_NAME is defined diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..9e5f4cd --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,3 @@ +[defaults] +hostfile = hosts +remote_user = root diff --git a/clone_wiki.yml b/clone_wiki.yml new file mode 100644 index 0000000..41207ab --- /dev/null +++ b/clone_wiki.yml @@ -0,0 +1,2 @@ +- include: clone_wiki_pull.yml +- include: clone_wiki_push.yml diff --git a/clone_wiki_pull.yml b/clone_wiki_pull.yml new file mode 100644 index 0000000..c2a8a7e --- /dev/null +++ b/clone_wiki_pull.yml @@ -0,0 +1,40 @@ +- name: Dump and fetch source database to controller + + hosts: "{{ FROM_DB_HOST | default(FROM_MW_HOST) }}" + + gather_facts: no + + tasks: + + - name: dump source database + mysql_db: + state=dump + name={{ FROM_WIKI_NAME }} + target={{ CLONE_DIRECTORY }}/{{ FROM_WIKI_NAME }}-{{ FROM_DB_HOST | default(FROM_MW_HOST) }}.sql + login_user=root + login_password={{ MYSQL_ROOT_PASSWORD }} + + - name: fetch source database to controller + fetch: + src={{ CLONE_DIRECTORY }}/{{ FROM_WIKI_NAME }}-{{ FROM_DB_HOST | default(FROM_MW_HOST) }}.sql + dest={{ CLONE_DIRECTORY }}/ + flat=yes + fail_on_missing=yes + +- name: Archive and fetch source wiki instance directory to controller + + hosts: "{{ FROM_MW_HOST }}" + + gather_facts: no + + tasks: + + - name: archive source wiki instance directory + shell: tar cfj {{ CLONE_DIRECTORY }}/{{ FROM_WIKI_NAME }}-{{ FROM_MW_HOST }}.tar.bz2 -C {{ MW_INSTANCE_DIRECTORY }} {{ FROM_WIKI_NAME }} + + - name: fetch source wiki instance directory to controller + fetch: + src={{ CLONE_DIRECTORY }}/{{ FROM_WIKI_NAME }}-{{ FROM_MW_HOST }}.tar.bz2 + dest={{ CLONE_DIRECTORY }}/ + flat=yes + fail_on_missing=yes diff --git a/clone_wiki_push.yml b/clone_wiki_push.yml new file mode 100644 index 0000000..c713d38 --- /dev/null +++ b/clone_wiki_push.yml @@ -0,0 +1,78 @@ +- name: Push source database from controller to destination and regenerate + + hosts: "{{ TO_DB_HOST | default(TO_MW_HOST) }}" + + gather_facts: no + + tasks: + + - name: push source database dump to destination + copy: + src={{ CLONE_DIRECTORY }}/{{ FROM_WIKI_NAME }}-{{ FROM_DB_HOST | default(FROM_MW_HOST) }}.sql + dest={{ CLONE_DIRECTORY }} + + - name: dump destination database + mysql_db: + state=dump + name={{ TO_WIKI_NAME | default(FROM_WIKI_NAME) }} + target={{ CLONE_DIRECTORY }}/{{ TO_WIKI_NAME | default(FROM_WIKI_NAME) }}-{{ TO_DB_HOST | default(TO_MW_HOST) }}.sql + login_user=root + login_password={{ MYSQL_ROOT_PASSWORD }} + + - name: remove destination database if it exists + mysql_db: + state=absent + name={{ TO_WIKI_NAME | default(FROM_WIKI_NAME) }} + login_user=root + login_password={{ MYSQL_ROOT_PASSWORD }} + + - name: create empty destination database + mysql_db: + state=present + name={{ TO_WIKI_NAME | default(FROM_WIKI_NAME) }} + login_user=root + login_password={{ MYSQL_ROOT_PASSWORD }} + + - name: import source database dump at destination + mysql_db: + state=import + name={{ TO_WIKI_NAME | default(FROM_WIKI_NAME) }} + target={{ CLONE_DIRECTORY }}/{{ FROM_WIKI_NAME }}-{{ FROM_DB_HOST | default(FROM_MW_HOST) }}.sql + login_user=root + login_password={{ MYSQL_ROOT_PASSWORD }} + +- name: Push source wiki instance directory from controller to destination and unarchive + + hosts: "{{ TO_MW_HOST }}" + + gather_facts: no + + tasks: + + - name: push source wiki instance directory to destination + copy: + src={{ CLONE_DIRECTORY }}/{{ FROM_WIKI_NAME }}-{{ FROM_MW_HOST }}.tar.bz2 + dest={{ CLONE_DIRECTORY }} + + - name: archive destination wiki instance directory + shell: tar cfj {{ CLONE_DIRECTORY }}/{{ TO_WIKI_NAME | default(FROM_WIKI_NAME) }}-{{ TO_MW_HOST }}.tar.bz2 -C {{ MW_INSTANCE_DIRECTORY }} {{ FROM_WIKI_NAME }} + + - name: remove destination wiki instance directory + file: + path={{ MW_INSTANCE_DIRECTORY }}/{{ TO_WIKI_NAME | default(FROM_WIKI_NAME) }} + state=absent + + - name: unarchive source wiki instance directory at destination (rename) + shell: tar xfj {{ CLONE_DIRECTORY }}/{{ FROM_WIKI_NAME }}-{{ FROM_MW_HOST }}.tar.bz2 -C {{ MW_INSTANCE_DIRECTORY }} {{ FROM_WIKI_NAME }} --transform "s/^{{ FROM_WIKI_NAME }}/{{ TO_WIKI_NAME }}/" + when: TO_WIKI_NAME is defined + + - name: unarchive source wiki instance directory at destination (no rename) + shell: tar xfj {{ CLONE_DIRECTORY }}/{{ FROM_WIKI_NAME }}-{{ FROM_MW_HOST }}.tar.bz2 -C {{ MW_INSTANCE_DIRECTORY }} {{ FROM_WIKI_NAME }} + when: TO_WIKI_NAME is not defined + + - name: restore destination wiki instance directory file context + shell: restorecon -Rv {{ MW_INSTANCE_DIRECTORY }}/{{ TO_WIKI_NAME | default(FROM_WIKI_NAME) }} + + - name: run update maintenance script on new wiki + shell: WIKI_NAME={{ TO_WIKI_NAME | default(FROM_WIKI_NAME) }} php maintenance/update.php --quick + chdir={{ MW_CODE_DIRECTORY }} diff --git a/configure_shared_interwiki.yml b/configure_shared_interwiki.yml new file mode 100644 index 0000000..b09e5f2 --- /dev/null +++ b/configure_shared_interwiki.yml @@ -0,0 +1,28 @@ +- name: Configure shared interwiki table + + hosts: db_hosts + + tasks: + - name: remove interwiki schema from database if it already exists + mysql_db: + name={{ SHARED_WIKI_DB_NAME }} + login_user=root + login_password={{ MYSQL_ROOT_PASSWORD }} + state=absent + + - name: create new interwiki schema + mysql_db: + name={{ SHARED_WIKI_DB_NAME }} + login_user=root + login_password={{ MYSQL_ROOT_PASSWORD }} + state=present + + - name: copy empty wiki interwiki table to new interwiki schema + shell: mysqldump {{ EMPTY_WIKI_NAME }} interwiki -u root --password={{ MYSQL_ROOT_PASSWORD }} | mysql {{ SHARED_WIKI_DB_NAME }} -u root --password={{ MYSQL_ROOT_PASSWORD }} + +- name: Copy interwiki configuration file + + hosts: mw_hosts + + roles: + - configure_shared_interwiki_on_mw_host diff --git a/create_new_wiki.yml b/create_new_wiki.yml new file mode 100644 index 0000000..b25d7cc --- /dev/null +++ b/create_new_wiki.yml @@ -0,0 +1,13 @@ +- name: Create a new wiki from the saved empty wiki schema - DB tasks + + hosts: "{{ DB_HOST | default(MW_HOST) }}" + + roles: + - create_new_wiki_on_db_host + +- name: Create a new wiki from the saved empty wiki schema - MediaWiki tasks + + hosts: "{{ MW_HOST }}" + + roles: + - create_new_wiki_on_mw_host diff --git a/deploy_db_hosts.yml b/deploy_db_hosts.yml new file mode 100644 index 0000000..9a5732e --- /dev/null +++ b/deploy_db_hosts.yml @@ -0,0 +1,8 @@ +- name: Deploy DB hosts + + hosts: db_hosts + + roles: + - deploy_db_host + + environment: "{{ PROXY_ENV | default({}) }}" diff --git a/deploy_mw_hosts.yml b/deploy_mw_hosts.yml new file mode 100644 index 0000000..99e9976 --- /dev/null +++ b/deploy_mw_hosts.yml @@ -0,0 +1,8 @@ +- name: Deploy MediaWiki hosts + + hosts: mw_hosts + + roles: + - deploy_mw_host + + environment: "{{ PROXY_ENV | default({}) }}" diff --git a/group_vars/all/vars b/group_vars/all/vars new file mode 100644 index 0000000..bb6c1cc --- /dev/null +++ b/group_vars/all/vars @@ -0,0 +1,16 @@ +ROOT_DIRECTORY: /WIKIFARM + +CLONE_DIRECTORY: "{{ ROOT_DIRECTORY }}/CLONE" + +MYSQL_PORT: 3306 +MYSQL_WIKI_USER: wiki +MYSQL_ROOT_PASSWORD: changeme +MYSQL_WIKI_PASSWORD: changeme +WIKI_ADMIN_PASSWORD: changeme +EMPTY_WIKI_NAME: emptywiki +WIKI_EMAIL: no-reply@{{ inventory_hostname }} +VALIDATE_CERTS: yes + +#PROXY_ENV: +# http_proxy: http://myproxy +# https_proxy: http://myproxy diff --git a/group_vars/db_hosts/vars b/group_vars/db_hosts/vars new file mode 100644 index 0000000..c629ddd --- /dev/null +++ b/group_vars/db_hosts/vars @@ -0,0 +1 @@ +MYSQL_DIRECTORY: "{{ ROOT_DIRECTORY }}/MYSQL" diff --git a/group_vars/mw_hosts/vars b/group_vars/mw_hosts/vars new file mode 100644 index 0000000..f0231c2 --- /dev/null +++ b/group_vars/mw_hosts/vars @@ -0,0 +1,38 @@ +GIT_VERSION: 2.6.3 + +PHP_MEMORY_LIMIT: 600M +PHP_SESSION_GC_MAXLIFETIME: 86400 + +CERT_DIRECTORY: "{{ ROOT_DIRECTORY }}/CERTS" + +SQUID_HOSTNAME: "{{ ansible_fqdn }}" +SQUID_LISTEN_PORT: 443 +SQUID_LISTEN_ADDRESS: "{{ ansible_default_ipv4.address }}:{{ SQUID_LISTEN_PORT }}" + +PURGE_LISTEN_PORT: 80 +PURGE_LISTEN_ADDRESS: "127.0.0.1:{{ PURGE_LISTEN_PORT }}" + +APACHE_DIRECTORY: "{{ ROOT_DIRECTORY }}/APACHE" +APACHE_CONF_DIRECTORY: "{{ APACHE_DIRECTORY }}/CONF" +APACHE_INSTANCE_DIRECTORY: "{{ APACHE_CONF_DIRECTORY }}/INSTANCES" +APACHE_HTML_DIRECTORY: "{{ APACHE_DIRECTORY }}/HTML" +APACHE_REDIRECT_DIRECTORY: "{{ APACHE_DIRECTORY }}/REDIRECT" +APACHE_LISTEN_PORT: 8080 +APACHE_LISTEN_ADDRESS: "127.0.0.1:{{ APACHE_LISTEN_PORT }}" + +REDIRECT_LISTEN_PORT: 80 +REDIRECT_LISTEN_ADDRESS: "{{ ansible_default_ipv4.address }}:{{ REDIRECT_LISTEN_PORT }}" + +MW_DIRECTORY: "{{ ROOT_DIRECTORY }}/MEDIAWIKI" +MW_INSTANCE_DIRECTORY: "{{ MW_DIRECTORY }}/INSTANCES" +MW_CODE_DIRECTORY: "{{ MW_DIRECTORY }}/mediawiki" +MW_CODE_RELEASE_DIRECTORY: "{{ MW_DIRECTORY }}/mediawiki-{{ MW_RELEASE }}" +MW_WIKIFARM_CONFIG_DIRECTORY: "{{ MW_CODE_RELEASE_DIRECTORY }}/WikiFarm" + +WIKI_ADMIN_USER: administrator +WIKI_URL: https://{{ inventory_hostname }} +WIKI_IP_ADDRESS: "{{ ansible_default_ipv4.address }}" + +WMF_GIT_URL_ROOT: "http://git.wikimedia.org/git/mediawiki" + +MW_GIT_URL: "{{ WMF_GIT_URL_ROOT }}/core.git" diff --git a/hosts.example b/hosts.example new file mode 100644 index 0000000..af764dc --- /dev/null +++ b/hosts.example @@ -0,0 +1,11 @@ +[db_hosts] +db1 +db2 + +[mw_hosts] +mw1 +mw2 + +[all:children] +db_hosts +mw_hosts diff --git a/install_mediawiki.yml b/install_mediawiki.yml new file mode 100644 index 0000000..ceb752d --- /dev/null +++ b/install_mediawiki.yml @@ -0,0 +1,8 @@ +- name: Install MediWiki + + hosts: mw_hosts + + roles: + - install_mediawiki + + environment: "{{ PROXY_ENV | default({}) }}" diff --git a/install_mw_extensions.yml b/install_mw_extensions.yml new file mode 100644 index 0000000..cfd21fb --- /dev/null +++ b/install_mw_extensions.yml @@ -0,0 +1,283 @@ +- name: Install MediaWiki extensions + + hosts: mw_hosts + + roles: + - install_mw_extensions + + environment: "{{ PROXY_ENV | default({}) }}" + + vars: + + MW_EXTENSIONS_GIT_URL_ROOT: "{{ WMF_GIT_URL_ROOT }}/extensions" + + EXTENSIONS: + + - name: "Semantic MediaWiki" + composer: "mediawiki/semantic-media-wiki" + version: "dev-master#5cb0065" + config: | + enableSemantics($wgSitename); + $smwgLinksInValues = true; + $smwgPageSpecialProperties = array( '_MDAT', '_CDAT' ); + + - name: "Semantic Result Formats" + composer: "mediawiki/semantic-result-formats" + config: | + $srfgFormats[] = 'tagcloud'; + + - name: "Semantic Extra Special Properties" + composer: "mediawiki/semantic-extra-special-properties" + config: | + $sespSpecialProperties[] = '_EUSER'; + $sespSpecialProperties[] = '_CUSER'; + $sespSpecialProperties[] = '_VIEWS'; + + - name: "Maps" + composer: "mediawiki/maps" + + - name: "Semantic Maps" + composer: "mediawiki/semantic-maps" + + - name: "Lingo" + composer: "mediawiki/lingo" + + - name: "SemanticGlossary" + composer: "mediawiki/semantic-glossary" + + - name: "ImageMap" + composer: "mediawiki/image-map" + + - name: "UserFunctions" + composer: "mediawiki/user-functions" + + - name: "WikiEditor" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/WikiEditor.git" + version: "{{ MW_RELEASE }}" + enable: global + config: | + $wgDefaultUserOptions['usebetatoolbar'] = 1; + $wgDefaultUserOptions['usebetatoolbar-cgd'] = 1; + $wgDefaultUserOptions['wikieditor-preview'] = 1; + + - name: "CodeEditor" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/CodeEditor.git" + version: "{{ MW_RELEASE }}" + enable: global + + - name: "ParserFunctions" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/ParserFunctions.git" + version: "{{ MW_RELEASE }}" + enable: global + config: | + $wgPFEnableStringFunctions = true; + + - name: "Cite" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/Cite.git" + version: "{{ MW_RELEASE }}" + enable: global + + - name: "HitCounters" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/HitCounters.git" + version: "{{ MW_RELEASE }}" + enable: global + + - name: "SyntaxHighlight_GeSHi" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/SyntaxHighlight_GeSHi.git" + version: "{{ MW_RELEASE }}" + enable: global + composer_update: true + + - name: "Scribunto" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/Scribunto.git" + version: "{{ MW_RELEASE }}" + legacy: true + enable: global + config: | + $wgScribuntoDefaultEngine = 'luasandbox'; + $wgScribuntoUseGeSHi = true; + $wgScribuntoUseCodeEditor = true; + + - name: "Arrays" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/Arrays.git" + version: "{{ MW_RELEASE }}" + legacy: true + enable: global + + - name: "HeaderTabs" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/HeaderTabs.git" + version: "{{ MW_RELEASE }}" + legacy: true + enable: global + config: | + $htRenderSingleTab = true; + $htEditTabLink = false; + + - name: "Variables" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/Variables.git" + version: "{{ MW_RELEASE }}" + legacy: true + enable: global + + - name: "DataTransfer" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/DataTransfer.git" + version: "{{ MW_RELEASE }}" + legacy: true + enable: global + + - name: "ReplaceText" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/ReplaceText.git" + version: "{{ MW_RELEASE }}" + legacy: true + enable: global + + - name: "ExternalData" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/ExternalData.git" + version: "{{ MW_RELEASE }}" + legacy: true + enable: global + + - name: "PipeEscape" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/PipeEscape.git" + version: "{{ MW_RELEASE }}" + legacy: true + enable: global + + - name: "UrlGetParameters" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/UrlGetParameters.git" + version: "{{ MW_RELEASE }}" + legacy: true + enable: global + + - name: "MagicNoCache" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/MagicNoCache.git" + version: "{{ MW_RELEASE }}" + legacy: true + enable: global + + - name: "Widgets" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/Widgets.git" + version: "{{ MW_RELEASE }}" + legacy: true + submodule: true + enable: global + + - name: "SimpleMathJax" + url: "https://github.com/jmnote/SimpleMathJax.git" + version: master + legacy: true + enable: global + + - name: "SemanticForms" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/SemanticForms.git" + version: "f649edc" + legacy: true + enable: global + + - name: "SemanticRating" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/SemanticRating.git" + version: master + enable: global + + - name: "TitleIcon" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/TitleIcon.git" + version: master + enable: global + config: | + $wgTitleIcon_TitleIconPropertyName = 'Logo Link'; + + - name: "HierarchyBuilder" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/HierarchyBuilder.git" + version: master + enable: global + + - name: "SemanticTitle" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/SemanticTitle.git" + version: master + legacy: true + enable: global + config: | + $wgAllowDisplayTitle = true; + $wgRestrictDisplayTitle = false; + + - name: "VIKI" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/VIKI.git" + version: master + enable: global + config: | + $wgRegisterInternalExternals = true; + $wgVIKI_Hidden_Categories = array('Framework Pages'); + $wgVIKI_Second_Order_Links = true; + + - name: "VikiTitleIcon" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/VikiTitleIcon.git" + version: master + enable: global + + - name: "VikiSemanticTitle" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/VikiSemanticTitle.git" + version: master + enable: global + + - name: "JSBreadCrumbs" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/JSBreadCrumbs.git" + version: master + legacy: true + config: | + $wgDefaultUserOptions['jsbreadcrumbs-showcrumbssidebar'] = true; + enable: global + + - name: "DynamicPageList" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/DynamicPageList.git" + version: "{{ MW_RELEASE }}" + legacy: true + + - name: "InputBox" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/InputBox.git" + version: "{{ MW_RELEASE }}" + + - name: "WhosOnline" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/WhosOnline.git" + version: "master" + + - name: "SafeDelete" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/SafeDelete.git" + version: master + + - name: "SemanticDependency" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/SemanticDependency.git" + version: master + + - name: "PluggableAuth" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/PluggableAuth.git" + version: master + + - name: "OpenIDConnect" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/OpenIDConnect.git" + version: master + + - name: "SimpleSAMLphp" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/SimpleSAMLphp.git" + version: master + + - name: "LdapAuthentication" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/LdapAuthentication.git" + version: "{{ MW_RELEASE }}" + + - name: "LDAPAuthorization" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/LDAPAuthorization.git" + version: "{{ MW_RELEASE }}" + + - name: "Cargo" + url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/Cargo.git" + version: "25c8dc5" + + - name: "CustomNavBlocks" + url: "https://github.com/mathiasertl/CustomNavBlocks.git" + version: master + legacy: true + + - name: "Piwik" + url: "https://github.com/DaSchTour/piwik-mediawiki-extension.git" + version: master + legacy: true diff --git a/install_skins.yml b/install_skins.yml new file mode 100644 index 0000000..3adc326 --- /dev/null +++ b/install_skins.yml @@ -0,0 +1,22 @@ +- name: Install MediaWiki skins + + hosts: mw_hosts + + roles: + - install_skins + + environment: "{{ PROXY_ENV | default({}) }}" + + vars: + + MW_SKINS_GIT_URL_ROOT: "{{ WMF_GIT_URL_ROOT }}/skins" + + SKINS: + + - name: "Vector" + url: "{{ MW_SKINS_GIT_URL_ROOT }}/Vector.git" + version: "{{ MW_RELEASE }}" + + - name: "foreground" + url: https://github.com/thingles/foreground.git + version: develop diff --git a/roles/configure_shared_interwiki_on_mw_host/files/Interwiki.php b/roles/configure_shared_interwiki_on_mw_host/files/Interwiki.php new file mode 100644 index 0000000..0fa6596 --- /dev/null +++ b/roles/configure_shared_interwiki_on_mw_host/files/Interwiki.php @@ -0,0 +1,6 @@ + + DocumentRoot "{{ APACHE_REDIRECT_DIRECTORY }}" + ServerName {{ SQUID_HOSTNAME }} + ErrorLog /var/log/httpd/80_error_log + CustomLog /var/log/httpd/80_access_log common + CustomLog /var/log/httpd/80_referer_log referer + CustomLog /var/log/httpd/80_agent_log agent + ServerSignature Off + Redirect permanent / https://{{ SQUID_HOSTNAME }}/ + RewriteEngine on + RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) + RewriteRule .* - [F] + + Options None + AllowOverride None + Order allow,deny + Deny from all + + diff --git a/roles/deploy_mw_host/templates/optional.conf.j2 b/roles/deploy_mw_host/templates/optional.conf.j2 new file mode 100644 index 0000000..7eb9152 --- /dev/null +++ b/roles/deploy_mw_host/templates/optional.conf.j2 @@ -0,0 +1,39 @@ +RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|HEAD|DELETE) +RewriteRule .* - [F] + + + + ExpiresActive On + ExpiresDefault "access plus 1 hour" + ExpiresByType text/html "access plus 1 day" + ExpiresByType image/gif "access plus 1 week" + ExpiresByType image/jpeg "access plus 1 week" + ExpiresByType image/png "access plus 1 week" + ExpiresByType text/css "access plus 1 week" + ExpiresByType text/javascript "access plus 1 week" + ExpiresByType application/x-javascript "access plus 1 week" + ExpiresByType text/xml "access plus 1 day" + ExpiresByType image/x-icon "access plus 1 month" + ExpiresByType image/ico "access plus 1 month" + ExpiresByType image/icon "access plus 1 month" + + + + + + # compress content with type html, text, and css + AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css + # compress content with type javascript + AddOutputFilterByType DEFLATE application/x-javascript application/javascript text/javascript text/x-js text/x-javascript + # Incase the mime type is mot set correctlly + AddOutputFilter DEFLATE js css htm html xml + + # properly handle requests coming from behind proxies + Header append Vary User-Agent + + + + +FileETag MTime Size + +Header set X-Frame-Options SAMEORIGIN diff --git a/roles/deploy_mw_host/templates/squid.conf.j2 b/roles/deploy_mw_host/templates/squid.conf.j2 new file mode 100644 index 0000000..23f2ae9 --- /dev/null +++ b/roles/deploy_mw_host/templates/squid.conf.j2 @@ -0,0 +1,59 @@ +cache_mgr root +visible_hostname {{ SQUID_HOSTNAME }} +https_port {{ SQUID_LISTEN_ADDRESS }} cert={{ CERT_DIRECTORY }}/site.crt key={{ CERT_DIRECTORY }}/private.key defaultsite={{ SQUID_HOSTNAME }} vhost +http_port {{ PURGE_LISTEN_ADDRESS }} defaultsite={{ SQUID_HOSTNAME }} vhost +cache_peer 127.0.0.1 parent {{ APACHE_LISTEN_PORT }} 0 no-query originserver login=PASS + +cache_dir ufs /var/spool/squid 10000 16 256 +cache_mem 256 MB +maximum_object_size_in_memory 256 KB +logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %h" "%{User-Agent}>h" %Ss:%Sh + +access_log /var/log/squid/access.log combined + +cache_log /var/log/squid/cache.log +cache_store_log /var/log/squid/store.log +#logfile_rotate 10 +## put this in crontab to rotate logs at midnight: +## 0 0 * * * /usr/sbin/squid -k rotate &> /dev/null + +acl manager proto cache_object +acl localhost src 127.0.0.1/32 ::1 +acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 +#acl Safe_ports port 80 +acl Safe_ports port 443 +acl SSL_ports port 443 +acl PURGE method PURGE +acl CONNECT method CONNECT + +http_access allow manager localhost +http_access deny manager + +http_access allow PURGE localhost +http_access deny PURGE + +http_access deny !Safe_ports + +http_access deny CONNECT !SSL_ports + +http_access allow all +http_reply_access allow all +icp_access allow all + +cache_effective_group squid +coredump_dir /var/spool/squid + +forwarded_for on + +emulate_httpd_log on + +redirect_rewrites_host_header off + +buffered_logs on + +# Do not cache cgi-bin, ? urls, posts, etc. +hierarchy_stoplist cgi-bin ? +acl QUERY urlpath_regex cgi-bin \? +acl POST method POST +no_cache deny QUERY +no_cache deny POST diff --git a/roles/deploy_mw_host/templates/wiki_index.php.j2 b/roles/deploy_mw_host/templates/wiki_index.php.j2 new file mode 100644 index 0000000..db20853 --- /dev/null +++ b/roles/deploy_mw_host/templates/wiki_index.php.j2 @@ -0,0 +1,18 @@ +' . gethostname() . ' Wiki Directory'; +$dir = '{{ APACHE_INSTANCE_DIRECTORY }}'; +$files = scandir($dir); +if ($files && $files != array()) { + echo '
    '; + foreach ($files as $file) { + $index = stripos($file, '.conf'); + if ($index !== false) { + $wiki = substr($file, 0, $index); + echo '
  • '; + echo '' . $wiki . ''; + echo '
    • '; + } + } + echo '
'; +} diff --git a/roles/deploy_mw_host/templates/wikifarm.conf.j2 b/roles/deploy_mw_host/templates/wikifarm.conf.j2 new file mode 100644 index 0000000..ba6faec --- /dev/null +++ b/roles/deploy_mw_host/templates/wikifarm.conf.j2 @@ -0,0 +1,15 @@ +SetEnvIf Request_URI "^/([^/]+)" WIKI_NAME=$1 + + + Require all denied + + + Require all denied + + + Require all denied + + +Include {{ APACHE_CONF_DIRECTORY }}/optional.conf +Include {{ APACHE_CONF_DIRECTORY }}/http_redirect.conf +Include {{ APACHE_INSTANCE_DIRECTORY }}/*.conf diff --git a/roles/deploy_mw_host/vars/main.yml b/roles/deploy_mw_host/vars/main.yml new file mode 100644 index 0000000..68f9a50 --- /dev/null +++ b/roles/deploy_mw_host/vars/main.yml @@ -0,0 +1,23 @@ +REMI_PACKAGES: + - mysql + +PACKAGES: + - libselinux-python + - policycoreutils-python + - gcc + - openssl-devel + - libcurl-devel + - gettext + - expat-devel + - perl-ExtUtils-MakeMaker + - php + - php-ldap + - php-mbstring + - php-xml + - php-pecl-apcu + - php-mysqlnd + - php-pear-Mail + - MySQL-python + - httpd + - ImageMagick + - squid diff --git a/roles/install_mediawiki/files/Debug.php b/roles/install_mediawiki/files/Debug.php new file mode 100644 index 0000000..e2b600f --- /dev/null +++ b/roles/install_mediawiki/files/Debug.php @@ -0,0 +1,5 @@ + {{ MW_WIKIFARM_CONFIG_DIRECTORY }}/Keys.php; grep "^\$wgSecretKey" LocalSettings.php >> {{ MW_WIKIFARM_CONFIG_DIRECTORY }}/Keys.php; grep "^\$wgUpgradeKey" LocalSettings.php >> {{ MW_WIKIFARM_CONFIG_DIRECTORY }}/Keys.php + chdir={{ MW_CODE_RELEASE_DIRECTORY }} + +- name: remove newly created LocalSettings.php + file: + path={{ MW_CODE_RELEASE_DIRECTORY }}/LocalSettings.php + state=absent + +- name: copy configuration files 1/4 + template: + src=LocalSettings.php.j2 + dest={{ MW_CODE_RELEASE_DIRECTORY }}/LocalSettings.php + mode=644 + owner=apache + group=apache + +- name: copy configuration files 2/4 + copy: + src={{ item }} + dest={{ MW_WIKIFARM_CONFIG_DIRECTORY }}/{{ item }} + mode=644 + owner=apache + group=apache + with_items: + - Debug.php + - Upload.php + - Permissions.php + +- name: copy configuration files 3/4 + template: + src=Server.php.j2 + dest={{ MW_WIKIFARM_CONFIG_DIRECTORY }}/Server.php + mode=644 + owner=apache + group=apache + +- name: copy configuration files 4/4 + template: + src=Email.php.j2 + dest={{ MW_WIKIFARM_CONFIG_DIRECTORY }}/Email.php + mode=644 + owner=apache + group=apache + +- name: create link to the newly installed MediaWiki version + file: + src={{ MW_CODE_RELEASE_DIRECTORY }} + dest={{ MW_CODE_DIRECTORY }} + state=link diff --git a/roles/install_mediawiki/templates/Email.php.j2 b/roles/install_mediawiki/templates/Email.php.j2 new file mode 100644 index 0000000..bbcd555 --- /dev/null +++ b/roles/install_mediawiki/templates/Email.php.j2 @@ -0,0 +1,4 @@ + +# where is the name of the wiki you want to work with. +# Then run your php scripts. +if (isset($_SERVER['WIKI_NAME'])) { + $wgSitename = $_SERVER['WIKI_NAME']; +} else { + die("WIKI_NAME not set."); +} +$wgMetaNamespace = $wgSitename; + +if( file_exists( "WikiFarm/Debug.php" ) ) { + require_once( "WikiFarm/Debug.php" ); +} + +require_once( "WikiFarm/Server.php" ); +require_once( "WikiFarm/Keys.php" ); + +$INSTANCE_DIR = "{{ MW_INSTANCE_DIRECTORY }}/$wgSitename"; + +## The URL base path to the directory containing the wiki; +## defaults for all runtime URL paths are based off of this. +## For more information on customizing the URLs +## (like /w/index.php/Page_title to /wiki/Page_title) please see: +## https://www.mediawiki.org/wiki/Manual:Short_URL +$wgScriptPath = "/$wgSitename"; + +## The relative URL path to the skins directory +$wgResourceBasePath = $wgScriptPath; + +## The relative URL path to the logo. +if( file_exists( "$INSTANCE_DIR/branding/logo.png" ) ) { + $wgLogo = "/$wgSitename/branding/logo.png"; +} else { + $wgLogo = "$wgResourceBasePath/resources/assets/wiki.png"; +} +if( file_exists( "$INSTANCE_DIR/branding/favicon.ico" ) ) { + $wgFavicon = "/$wgSitename/branding/favicon.ico"; +} + +require_once( "WikiFarm/Email.php" ); + +## Database settings +$wgDBtype = "mysql"; +$wgDBserver = "{{ DB_HOST | default('localhost') }}:{{ MYSQL_PORT | default(3306) }}"; +$wgDBname = $wgSitename; +$wgDBuser = "{{ MYSQL_WIKI_USER }}"; +$wgDBpassword = "{{ MYSQL_WIKI_PASSWORD }}"; + +# MySQL specific settings +$wgDBprefix = ""; + +# MySQL table options to use during installation or update +$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary"; + +# Experimental charset support for MySQL 5.0. +$wgDBmysql5 = false; + +## Shared memory settings +$wgMainCacheType = CACHE_ACCEL; +$wgMemCachedServers = array(); + +## Set $wgCacheDirectory to a writable directory on the web server +## to make your wiki go slightly faster. The directory should not +## be publically accessible from the web. +#$wgCacheDirectory = "$IP/cache"; + +require_once( "WikiFarm/Upload.php" ); + +# Site language code, should be one of the list in ./languages/Names.php +$wgLanguageCode = "en"; + +## For attaching licensing metadata to pages, and displaying an +## appropriate copyright notice / icon. GNU Free Documentation +## License and Creative Commons licenses are supported so far. +$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright +$wgRightsUrl = ""; +$wgRightsText = ""; +$wgRightsIcon = ""; + +# Path to the GNU diff3 utility. Used for conflict resolution. +$wgDiff3 = "/usr/bin/diff3"; + +if( file_exists( "WikiFarm/WikiFamilyPreConfiguration.php" ) ) { + require_once( "WikiFarm/WikiFamilyPreConfiguration.php" ); +} + +require_once( "WikiFarm/Skins.php" ); + +if( file_exists( "WikiFarm/Interwiki.php" ) ) { + require_once( "WikiFarm/Interwiki.php" ); +} + +if( file_exists( "$INSTANCE_DIR/Namespaces.php" ) ) { + require_once( "$INSTANCE_DIR/Namespaces.php" ); +} + +if( file_exists( "$INSTANCE_DIR/PreConfiguration.php" ) ) { + require_once( "$INSTANCE_DIR/PreConfiguration.php" ); +} + +$ED = __DIR__ . '/extensions'; + +if( file_exists( "WikiFarm/Authentication.php" ) ) { + require_once( "WikiFarm/Authentication.php" ); +} + +if( file_exists( "WikiFarm/Permissions.php" ) ) { + require_once( "WikiFarm/Permissions.php" ); +} + +if( file_exists( "WikiFarm/GlobalExtensions.php" ) ) { + require_once( "WikiFarm/GlobalExtensions.php" ); +} + +if( file_exists( "WikiFarm/LocalExtensions.php" ) ) { + require_once( "WikiFarm/LocalExtensions.php" ); +} + +if( file_exists( "$INSTANCE_DIR/PostConfiguration.php" ) ) { + require_once( "$INSTANCE_DIR/PostConfiguration.php" ); +} + +if( file_exists( "WikiFarm/WikiFamilyPostConfiguration.php" ) ) { + require_once( "WikiFarm/WikiFamilyPostConfiguration.php" ); +} diff --git a/roles/install_mediawiki/templates/Server.php.j2 b/roles/install_mediawiki/templates/Server.php.j2 new file mode 100644 index 0000000..a7fd591 --- /dev/null +++ b/roles/install_mediawiki/templates/Server.php.j2 @@ -0,0 +1,8 @@ +