Page MenuHomePhabricator

Update wikitech-static OS/PHP version
Closed, ResolvedPublic

Description

This is a Ubuntu Precise + PHP 5.3 machine running MW. The next version of MW (1.27, scheduled for release in May) will not support PHP 5.3. I don't know if 5.5 has been backported to Precise but I guess we don't really want to leave the machine running Precise? I could do-release-upgrade to Trusty, or someone in ops could spin up a new VM (Jessie?).

Event Timeline

Krenair created this task.Feb 9 2016, 9:48 PM
Krenair updated the task description. (Show Details)
Krenair raised the priority of this task from to Needs Triage.
Krenair added subscribers: Krenair, RobH, Dzahn, Andrew.
Restricted Application added a project: Cloud-Services. · View Herald TranscriptFeb 9 2016, 9:48 PM
Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald Transcript
Dzahn mentioned this in Unknown Object (Task).Feb 26 2016, 8:06 PM
Dzahn added a subtask: Unknown Object (Task).

@Krenair i made a procurement ticket to request a second VM with jessie. The idea would be to give you access to that so you could migrate data from the old one, we switch the sync script from regular wikitech and then we shut down the old VM. sounds good?

Sounds good to me

Change 275601 had a related patch set uploaded (by Dzahn):
add wikitech-static-jessie for migration

https://gerrit.wikimedia.org/r/275601

Change 275601 merged by Dzahn:
add wikitech-static-jessie for migration

https://gerrit.wikimedia.org/r/275601

root@wikitech-static-jessie.wikimedia.org's password: 
 ___________________________
< wikitech-static on jessie >
<	T126385		    >
 ---------------------------
       \   \_______
 v__v   \  \   O   )
 (oo)      ||----w |
 (__)      ||     ||  \/\
    
Last login: Mon Mar  7 20:31:42 2016 from iron.wikimedia.org
root@wikitech-static-jessie:~# hostname -s
wikitech-static-jessie
root@wikitech-static-jessie:~# hostname -f
wikitech-static-jessie.wikimedia.org
root@wikitech-static-jessie:~# for file in /etc/ssh/*_key.pub; do ssh-keygen -lf $file; done
1024 d8:03:ef:21:51:1d:3e:c1:d0:d3:1e:d6:f5:d7:6a:c6 /etc/ssh/ssh_host_dsa_key.pub (DSA)
256 33:32:b7:54:72:4b:79:ba:78:66:a4:8a:3f:5e:82:21 /etc/ssh/ssh_host_ecdsa_key.pub (ECDSA)
256 53:6f:f2:e6:b4:90:ff:59:d4:8b:76:6d:c9:1a:1a:ec /etc/ssh/ssh_host_ed25519_key.pub (ED25519)
2048 88:56:f0:3d:95:f7:cc:11:c2:3a:b2:f9:32:6b:4d:ce /etc/ssh/ssh_host_rsa_key.pub (RSA)

https://wikitech.wikimedia.org/wiki/Help:SSH_Fingerprints/wikitech-static-jessie.wikimedia.org

Dzahn added a comment.EditedMar 7 2016, 9:01 PM

@Krenair i added your ssh key to that ^ got root , like on the current wikitech-static

let's add the other keys and disable password based login

Dzahn closed subtask Unknown Object (Task) as Resolved.Mar 7 2016, 10:05 PM

Which key did you add to which user? On wikitech-static I have a separate (different from prod, different from labs) key for my own account (not root), and I don't have (/need) the root password. I haven't been able to log in to this.

Am now in, after a bit of fiddling around with passwords and sshd -d, it turns out the issue was with file permissions on my authorized_keys file

Krenair claimed this task.EditedMar 9 2016, 12:09 AM
  • Copied my usual files across (basically what I have in prod puppet modules/admin/files/home/krenair), installed git (and bash-completion)
  • Installed apache, copied apache config and SSL certificate, a2enmod ssl
  • Figured out what I had to change about config to make it work in the new version - renamed site to have a .conf extension, a2enmod rewrite
Krenair added a comment.EditedMar 9 2016, 1:22 AM
  • Copied the wikitech import cron across
  • Copied MW config
  • Set up new copy of MediaWiki (+vendor and cache dir ownership)
  • Installed memcached and mysql-server-core-5.5/mysql-client-core-5.5
  • Installed php5 (specifically, this is 5.6.17-0+deb8u1)
ori awarded a token.Mar 9 2016, 1:27 AM

once we are ready to switch i was going to do this https://gerrit.wikimedia.org/r/#/c/276088/

Krenair added a comment.EditedMar 9 2016, 3:45 AM
  • Fiddled with apache config some more (Require all granted) to make this work under Apache 2.4
  • Installed php5-mysql
  • mysqldump on old machine, copy to new machine, create DB, mysql, set up wikiuser account
  • Copy /srv/mediawiki/images over

also, MW extensions not running REL1_xx branches to be aware of: Validator is on 0.5.x and SMW/SRF are on 1.8.x

https://wikitech-static-jessie.wikimedia.org/wiki/Main_Page (it uses the wikitech-static cert, so that will cause your browser to throw a security warning)

Krenair reassigned this task from Krenair to Andrew.Mar 9 2016, 3:51 AM

@Andrew, do you think this is OK to switch now?

Not very important, but is it possible to enable OPcache in PHP? Even if you only allow 64MB of cache usage, this should make the wiki a lot faster.

Andrew added a comment.Mar 9 2016, 3:03 PM

I'm happy to switch over, as soon as daniel removes the WIP from https://gerrit.wikimedia.org/r/#/c/276088

Done, removed the WIP and merged DNS switch.

the sync between wikitech and wikitech-static .. does that need any change because the IP changed? or all just hostname based?

Dzahn set Security to None.
Dzahn reassigned this task from Andrew to Krenair.

I don't think anything needs to be changed - the access restriction was removed recently and the dumps became public

Dzahn closed this task as Resolved.Mar 9 2016, 7:25 PM

eh, true :) i just did that in T54170

i will just claim you resolved this

Also:

  • Updated the hostname on the new host from wikitech-static-jessie to wikitech-static - the previous name no longer resolves and sudo was not happy about this
  • Changed file permissions on dump import script to 755 so that it can actually be executed. This should hopefully fix importing.
Dzahn added a comment.EditedMar 12 2016, 1:48 AM

thank you. yes, the hostname change was intended but not explicitely mentioned.

the dump import script thing sounds like a potential puppet fix?

the dump import script thing sounds like a potential puppet fix?

I suppose so, if puppet were installed.

This should hopefully fix importing.

Revisions from earlier today have appeared on https://wikitech-static.wikimedia.org/wiki/Special:RecentChanges, so I believe this is now working as expected.