Page MenuHomePhabricator

Update wikitech-static OS/PHP version
Closed, ResolvedPublic


This is a Ubuntu Precise + PHP 5.3 machine running MW. The next version of MW (1.27, scheduled for release in May) will not support PHP 5.3. I don't know if 5.5 has been backported to Precise but I guess we don't really want to leave the machine running Precise? I could do-release-upgrade to Trusty, or someone in ops could spin up a new VM (Jessie?).

Event Timeline

Krenair raised the priority of this task from to Needs Triage.
Krenair updated the task description. (Show Details)
Krenair added subscribers: Krenair, RobH, Dzahn, Andrew.
Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald Transcript
Dzahn mentioned this in Unknown Object (Task).Feb 26 2016, 8:06 PM
Dzahn added a subtask: Unknown Object (Task).

@Krenair i made a procurement ticket to request a second VM with jessie. The idea would be to give you access to that so you could migrate data from the old one, we switch the sync script from regular wikitech and then we shut down the old VM. sounds good?

Change 275601 had a related patch set uploaded (by Dzahn):
add wikitech-static-jessie for migration

Change 275601 merged by Dzahn:
add wikitech-static-jessie for migration's password: 
< wikitech-static on jessie >
<	T126385		    >
       \   \_______
 v__v   \  \   O   )
 (oo)      ||----w |
 (__)      ||     ||  \/\
Last login: Mon Mar  7 20:31:42 2016 from
root@wikitech-static-jessie:~# hostname -s
root@wikitech-static-jessie:~# hostname -f
root@wikitech-static-jessie:~# for file in /etc/ssh/*; do ssh-keygen -lf $file; done
1024 d8:03:ef:21:51:1d:3e:c1:d0:d3:1e:d6:f5:d7:6a:c6 /etc/ssh/ (DSA)
256 33:32:b7:54:72:4b:79:ba:78:66:a4:8a:3f:5e:82:21 /etc/ssh/ (ECDSA)
256 53:6f:f2:e6:b4:90:ff:59:d4:8b:76:6d:c9:1a:1a:ec /etc/ssh/ (ED25519)
2048 88:56:f0:3d:95:f7:cc:11:c2:3a:b2:f9:32:6b:4d:ce /etc/ssh/ (RSA)

@Krenair i added your ssh key to that ^ got root , like on the current wikitech-static

let's add the other keys and disable password based login

Dzahn closed subtask Unknown Object (Task) as Resolved.Mar 7 2016, 10:05 PM

Which key did you add to which user? On wikitech-static I have a separate (different from prod, different from labs) key for my own account (not root), and I don't have (/need) the root password. I haven't been able to log in to this.

Am now in, after a bit of fiddling around with passwords and sshd -d, it turns out the issue was with file permissions on my authorized_keys file

  • Copied my usual files across (basically what I have in prod puppet modules/admin/files/home/krenair), installed git (and bash-completion)
  • Installed apache, copied apache config and SSL certificate, a2enmod ssl
  • Figured out what I had to change about config to make it work in the new version - renamed site to have a .conf extension, a2enmod rewrite
  • Copied the wikitech import cron across
  • Copied MW config
  • Set up new copy of MediaWiki (+vendor and cache dir ownership)
  • Installed memcached and mysql-server-core-5.5/mysql-client-core-5.5
  • Installed php5 (specifically, this is 5.6.17-0+deb8u1)
  • Fiddled with apache config some more (Require all granted) to make this work under Apache 2.4
  • Installed php5-mysql
  • mysqldump on old machine, copy to new machine, create DB, mysql, set up wikiuser account
  • Copy /srv/mediawiki/images over

also, MW extensions not running REL1_xx branches to be aware of: Validator is on 0.5.x and SMW/SRF are on 1.8.x (it uses the wikitech-static cert, so that will cause your browser to throw a security warning)

@Andrew, do you think this is OK to switch now?

Not very important, but is it possible to enable OPcache in PHP? Even if you only allow 64MB of cache usage, this should make the wiki a lot faster.

I'm happy to switch over, as soon as daniel removes the WIP from

Done, removed the WIP and merged DNS switch.

the sync between wikitech and wikitech-static .. does that need any change because the IP changed? or all just hostname based?

Dzahn removed a project: Patch-For-Review.
Dzahn set Security to None.

I don't think anything needs to be changed - the access restriction was removed recently and the dumps became public

eh, true :) i just did that in T54170

i will just claim you resolved this


  • Updated the hostname on the new host from wikitech-static-jessie to wikitech-static - the previous name no longer resolves and sudo was not happy about this
  • Changed file permissions on dump import script to 755 so that it can actually be executed. This should hopefully fix importing.

thank you. yes, the hostname change was intended but not explicitely mentioned.

the dump import script thing sounds like a potential puppet fix?

the dump import script thing sounds like a potential puppet fix?

I suppose so, if puppet were installed.

This should hopefully fix importing.

Revisions from earlier today have appeared on, so I believe this is now working as expected.