Historical context

Hoping to support our glorious volunteer Gvf who has been hosting wiki.wikimedia.it for free (as in beer and as in freedom) at his own expense for years and who always asked for some help in solving many problems,

In order to do T268515: Upgrade wiki.wikimedia.it from 1.26.4 to latest LTS it would be optimal to be able to create databases, but in the current server we have not that privilege.

Since we are trying to support the epic volunteer who hosts this site since years, and since we do not want to fill Gvf with things to do, a reasonable thing to do is to try to make an initial transfer from that volunteer's server to the Wikimedia Italia's server called intreccio, so there are 0% possibilities to create more unwanted workload for him.

Wiki migration and upgrade

The webmaster in charge (eme) of basic interventions on the server intreccio suggested that server for this migration, since its CPU load is usually ~0.12.

This migration is absolutely not destructive. When concluded, we can just do a DNS change.

Now we will notify the WMIT tech list by saying not to try to update wiki.wikimedia.it, since we are already doing this elsewhere.

• do a first transfer of everything on another server (wmit-intreccio)
• run update.php successfully to 1.35 T268515
• drop the Lockdown extension and migrate to $wgWhitelistReadRegexp
• successfully fix of T306587: Infoleak on https://wiki.wikimedia.it due to CVE-2021-44858 and Lockdown
• successfully adoption of extension Echo
• successfully adoption of extension Thanks T270148
• successfully adoption of extension Graph T311179
• update all extensions (breaking changes: WikiEditor, PdfHandler, Cite ..)
• install VisualEditor
• adopt VisualEditor with loopback "http" requests instead of "https"
• test of known VisualEditor potential issues T270456
  • when not logged-in, /rest.php/asd.wiki.wikimedia.it/v3/page/html/Associazione%3AFLCG/749841 gives 403 rest-read-denied correctly
• successfully upload file with weird accents T269237
• @dario.crespi.wmit is happy
• deploy DNS asd.wiki.wikimedia.it pointing to intreccio.wikimedia.it. to allow everyone to test (by M/)
• start test period (notes: https://wiki.wikimedia.it/wiki/Wikina/Test_vari)
• proposed the final migration E1545: Proposed epic final migration and update of wiki.wikimedia.it
• announce the final migration
  • tech WMIT mailing list
  • associazione WMIT mailing list (sent by @dario.crespi.wmit since @valerio.bozzolan is not sending anywhere)
  • sitenotice by @dario.crespi.wmit
• put the legacy wiki in read-only mode
• final database migration from production (ext. 10 minutes) (mysqldump via secret PHP page + import)
• final filesystem /images migration from production (ext. 1H) (ftps without shell - rsync not available)
  • completed in 1m5.9s
• final upgrade (ext. 5 minutes)
• test everything again (https://wiki.wikimedia.it/wiki/Wikina/Test_vari)
• DNS change (ext. 25 minutes) (by user M/)
• new DNS available worldwide

Notes

Proposed $wgWhitelistReadRegexp:

<?php
...
$wgWhitelistReadRegexp = [
  '/^[^:]*$/',     // main namespace
  '/^Categoria:/', // Category:
  '/^Category:/',  // Category:
  '/^File:/',      // File:
  '/^Template:/',  // Template
  '/^Utente:/',    // User:
  '/^User:/',      // User:
  '/^Speciale:PagineSpeciali$/',

  // THESE CAN BE PROPOSED FOR ANON ABILITATION
  //      '/^Speciale:Ricerca/'
];

Proposed workaround for VisualEditor redirecting traffic:

<?php
...
/**
* Fix VisualEditor loopback connections intended in http:// but redirecting to https://
*/
( function() use ( &$wgHooks, &$wgForceHTTPS ) {
    $ip = $_SERVER['REMOTE_ADDR'] ?? null;
    if( $ip && $ip === '127.0.0.1' ) {
        $wgForceHTTPS = false;
        $wgHooks['SessionMetadata'][] = function( $backend, &$metadata, $requests ) {
            if( $backend->forceHTTPS() ) {
                $backend->setForceHTTPS( false );
            }
        };
    }
} )();

Notable Debian packages installed:

memcached
imagemagick

The images can be pulled with rclone using:

# rclone sync -P wiki-gvf:/www/images /var/www/wikina/images
# chown www-data: -R                  /var/www/wikina/images

Considerations

• Isn't it a risk to have our two main sites on the same server intreccio? (By @Nemo_bis)
  • In the future it can certainly be moved to another position. At the moment we want to fix 3 risks: avoiding the burnout of our volunteer Gvf (avoid using his resources in terms of CPU, disk space, bandwidth and time); decrease the lottery factor (since on server intreccio is already possible to share SSH access to external consultants without causing problems to Gvf); and fix the reported security problems (T306587). (By @valerio.bozzolan)

How to Test

Thank you so much if you want to test this wiki before the final migration! If you want to try, visit this website:

https://asd.wiki.wikimedia.it

Suggested tests:

https://wiki.wikimedia.it/wiki/Wikina/Test_vari