From db03377b7a6300ce03c4931fc90ce4bf5dbe421e Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Dec 27 2021 18:42:09 +0000 Subject: Merge branch 'cboltz-wiki-prepare-update' into 'production' Prepare wiki update See merge request infra/salt!523 --- diff --git a/pillar/role/wiki.sls b/pillar/role/wiki.sls index c4c345e..5561874 100644 --- a/pillar/role/wiki.sls +++ b/pillar/role/wiki.sls @@ -12,7 +12,8 @@ apparmor: source: salt://profile/wiki/files/pygmentize.apparmor # list of wikis running MediaWiki 1.27 (this will allow us to migrate to a new version one by one later) -mediawiki_1_27: +mediawiki: + default_version: '1_37' elasticsearch_server: water.infra.opensuse.org mysql_server: 192.168.47.4:3307 wikis: @@ -28,18 +29,23 @@ mediawiki_1_27: cn: dbpass: not_in_salt_yet site_notice: '
The wikis are now using the new authentication system.
If you did not migrate your account yet, visit https://idp-portal-info.suse.com/
' + version: '1_27' cs: dbpass: not_in_salt_yet site_notice: '
The wikis are now using the new authentication system.
If you did not migrate your account yet, visit https://idp-portal-info.suse.com/
' + version: '1_27' de: dbpass: not_in_salt_yet site_notice: '
The wikis are now using the new authentication system.
If you did not migrate your account yet, visit https://idp-portal-info.suse.com/
' + version: '1_27' el: dbpass: not_in_salt_yet site_notice: '
The wikis are now using the new authentication system.
If you did not migrate your account yet, visit https://idp-portal-info.suse.com/
' + version: '1_27' en: dbpass: not_in_salt_yet site_notice: '
The wikis are now using the new authentication system.
If you did not migrate your account yet, visit https://idp-portal-info.suse.com/
' + version: '1_27' en-test: bento_lang: en dbpass: not_in_salt_yet @@ -47,27 +53,35 @@ mediawiki_1_27: skin: Chameleon robots: robots-disallow.txt site_notice: 'This is a test wiki. You are more than welcome to do test edits, but please keep in mind that all changes will be lost when we import a newer database dump.' + version: '1_27-git' es: dbpass: not_in_salt_yet site_notice: '
The wikis are now using the new authentication system.
If you did not migrate your account yet, visit https://idp-portal-info.suse.com/
' + version: '1_27' fr: dbpass: not_in_salt_yet site_notice: '
The wikis are now using the new authentication system.
If you did not migrate your account yet, visit https://idp-portal-info.suse.com/
' + version: '1_27' hu: dbpass: not_in_salt_yet site_notice: '
The wikis are now using the new authentication system.
If you did not migrate your account yet, visit https://idp-portal-info.suse.com/
' + version: '1_27' it: dbpass: not_in_salt_yet site_notice: '
The wikis are now using the new authentication system.
If you did not migrate your account yet, visit https://idp-portal-info.suse.com/
' + version: '1_27' ja: dbpass: not_in_salt_yet site_notice: '
The wikis are now using the new authentication system.
If you did not migrate your account yet, visit https://idp-portal-info.suse.com/
' + version: '1_27' languages: dbpass: not_in_salt_yet site_notice: '
The wikis are now using the new authentication system.
If you did not migrate your account yet, visit https://idp-portal-info.suse.com/
' + version: '1_27' nl: dbpass: not_in_salt_yet site_notice: '
The wikis are now using the new authentication system.
If you did not migrate your account yet, visit https://idp-portal-info.suse.com/
' + version: '1_27' old-de: bento_lang: de dbpass: not_in_salt_yet @@ -76,6 +90,7 @@ mediawiki_1_27: readonly_msg: 'Dieses Wiki ist ein Archiv und kann nicht bearbeitet werden.' robots: robots-disallow.txt site_notice: 'Dieses Wiki ist ein Archiv (Stand: 2011) des alten openSUSE-Wikis. Das aktuelle openSUSE-Wiki finden Sie unter [https://de.opensuse.org de.opensuse.org].' + version: '1_27' old-en: bento_lang: en dbmysql5: False @@ -84,29 +99,37 @@ mediawiki_1_27: readonly_msg: 'This wiki is an archive and cannot be edited.' robots: robots-disallow.txt site_notice: 'This wiki is an archive (from 2011) of the old openSUSE wiki. You can find the up to date openSUSE wiki at [https://en.opensuse.org en.opensuse.org].' + version: '1_27' pl: dbpass: not_in_salt_yet site_notice: '
The wikis are now using the new authentication system.
If you did not migrate your account yet, visit https://idp-portal-info.suse.com/
' + version: '1_27' pt: dbpass: not_in_salt_yet site_notice: '
The wikis are now using the new authentication system.
If you did not migrate your account yet, visit https://idp-portal-info.suse.com/
' + version: '1_27' ru: dbpass: not_in_salt_yet site_notice: '
The wikis are now using the new authentication system.
If you did not migrate your account yet, visit https://idp-portal-info.suse.com/
' + version: '1_27' sv: dbpass: not_in_salt_yet site_notice: '
The wikis are now using the new authentication system.
If you did not migrate your account yet, visit https://idp-portal-info.suse.com/
' + version: '1_27' tr: dbpass: not_in_salt_yet site_notice: '
The wikis are now using the new authentication system.
If you did not migrate your account yet, visit https://idp-portal-info.suse.com/
' + version: '1_27' zh: dbpass: not_in_salt_yet site_notice: '
The wikis are now using the new authentication system.
If you did not migrate your account yet, visit https://idp-portal-info.suse.com/
' + version: '1_27' zh-tw: bento_lang: zh_TW dbpass: not_in_salt_yet site_notice: '
The wikis are now using the new authentication system.
If you did not migrate your account yet, visit https://idp-portal-info.suse.com/
' lang: zh_TW + version: '1_27' # special cases for bento_lang: # cz -> bento_lang cs diff --git a/pillar/role/wiki_readonly.sls b/pillar/role/wiki_readonly.sls index feb276f..a2246d4 100644 --- a/pillar/role/wiki_readonly.sls +++ b/pillar/role/wiki_readonly.sls @@ -2,7 +2,7 @@ # Note that wiki_readonly also uses a different elasticsearch and mysql server -mediawiki_1_27: +mediawiki: # 192.168.67.9 is water2.infra.opensuse.org elasticsearch_server: 192.168.67.9 mysql_server: 127.0.0.1 diff --git a/salt/profile/countdown/apache.sls b/salt/profile/countdown/apache.sls index 61f670f..8b0e23a 100644 --- a/salt/profile/countdown/apache.sls +++ b/salt/profile/countdown/apache.sls @@ -27,9 +27,4 @@ sysconfig_apache2_countdown: # This is handled in /etc/logrotate.d/apache2 since Leap 15.x (same/duplicate entry there) # removing the file on newer Leap versions to avoid errors in logrotate (duplicate entry...) /etc/logrotate.d/apache2-vhosts: -{% if salt['grains.get']('osfullname') == "Leap" and salt['grains.get']('osmajorrelease')|int >= 15 %} file.absent -{% else %} - file.managed: - - source: salt://profile/wiki/files/apache2-wiki.logrotate -{% endif %} diff --git a/salt/profile/wiki/apache.sls b/salt/profile/wiki/apache.sls index 38fba05..8766fa3 100644 --- a/salt/profile/wiki/apache.sls +++ b/salt/profile/wiki/apache.sls @@ -4,12 +4,13 @@ apache2_running: - enable: True - name: apache2 -{% set mediawiki_1_27 = salt['pillar.get']('mediawiki_1_27:wikis', {}) %} -{% for wiki, data in mediawiki_1_27.items() %} +{% set mediawiki = salt['pillar.get']('mediawiki:wikis', {}) %} +{% for wiki, data in mediawiki.items() %} /etc/apache2/vhosts.d/{{ wiki }}.opensuse.org.conf: file.managed: - context: + version: '{{ data.get('version', salt['pillar.get']('mediawiki:default_version')) }}' wiki: {{ wiki }} - listen_in: - service: apache2 @@ -29,9 +30,4 @@ apache2_running: # This is handled in /etc/logrotate.d/apache2 since Leap 15.x (same/duplicate entry there) # removing the file on newer Leap versions to avoid errors in logrotate (duplicate entry...) /etc/logrotate.d/apache2-wiki: -{% if salt['grains.get']('osfullname') == "Leap" and salt['grains.get']('osmajorrelease')|int >= 15 %} file.absent -{% else %} - file.managed: - - source: salt://profile/wiki/files/apache2-wiki.logrotate -{% endif %} diff --git a/salt/profile/wiki/docroot.sls b/salt/profile/wiki/docroot.sls index d4d5e3c..3d05273 100644 --- a/salt/profile/wiki/docroot.sls +++ b/salt/profile/wiki/docroot.sls @@ -2,10 +2,12 @@ # create the DocumentRoot and the directories and symlinks needed for all wikis # -{% set mediawiki_1_27 = salt['pillar.get']('mediawiki_1_27:wikis', {}) %} +{% set mediawiki = salt['pillar.get']('mediawiki:wikis', {}) %} # create /srv/www/$lang.opensuse.org and all symlinks and directories needed in it -{% for wiki, data in mediawiki_1_27.items() %} +{% for wiki, data in mediawiki.items() %} + +{% set version = data.get('version', salt['pillar.get']('mediawiki:default_version')) %} /srv/www/{{ wiki }}.opensuse.org/public: file.directory: @@ -14,9 +16,9 @@ - mode: 755 - makedirs: True -{% set mediawiki_1_27_wwwrun_dirs = [ 'cache', 'tmp', 'public/images' ] %} +{% set mediawiki_wwwrun_dirs = [ 'cache', 'tmp', 'public/images' ] %} -{% for dir in mediawiki_1_27_wwwrun_dirs %} +{% for dir in mediawiki_wwwrun_dirs %} /srv/www/{{ wiki }}.opensuse.org/{{ dir }}: file.directory: - user: wwwrun @@ -27,18 +29,15 @@ /srv/www/{{ wiki }}.opensuse.org/public/mediawiki_src: file.symlink: - {% if wiki == 'en-test' %} - # /usr/share/mediawiki_1_27--git/ is `git clone https://github.com/openSUSE/wiki/` - # + symlinks to /usr/share/mediawiki_1_27/ for everything not in the git repo + - target: /usr/share/mediawiki_{{ version }}/ + # Note for en-test: + # /usr/share/mediawiki_1_*-git/ is `git clone https://github.com/openSUSE/wiki/` + # + symlinks to /usr/share/mediawiki_1_*/ for everything not in the git repo # (git clone and creating these symlinks needs to be done manually!) - - target: /usr/share/mediawiki_1_27--git/ - {% else %} - - target: /usr/share/mediawiki_1_27/ - {% endif %} -{% set mediawiki_1_27_symlinks = [ 'api.php', 'autoload.php', 'extensions', 'img_auth.php', 'includes', 'index.php', 'languages', 'load.php', 'maintenance', +{% set mediawiki_symlinks = [ 'api.php', 'autoload.php', 'extensions', 'img_auth.php', 'includes', 'index.php', 'languages', 'load.php', 'maintenance', 'opensearch_desc.php', 'resources', 'serialized', 'skins', 'thumb_handler.php', 'thumb.php', 'vendor', ] %} -{% for symlink in mediawiki_1_27_symlinks %} +{% for symlink in mediawiki_symlinks %} /srv/www/{{ wiki }}.opensuse.org/public/{{ symlink }}: file.symlink: - target: mediawiki_src/{{ symlink }} @@ -52,8 +51,8 @@ file.managed: - context: data: {{ data }} - mysql_server: {{ pillar['mediawiki_1_27']['mysql_server'] }} - elasticsearch_server: {{ pillar['mediawiki_1_27']['elasticsearch_server'] }} + mysql_server: {{ pillar['mediawiki']['mysql_server'] }} + elasticsearch_server: {{ pillar['mediawiki']['elasticsearch_server'] }} wiki: {{ wiki }} - source: salt://profile/wiki/files/wiki_settings.php - template: jinja diff --git a/salt/profile/wiki/files/apache-vhost.conf b/salt/profile/wiki/files/apache-vhost.conf index 1f5057f..f406583 100644 --- a/salt/profile/wiki/files/apache-vhost.conf +++ b/salt/profile/wiki/files/apache-vhost.conf @@ -24,9 +24,9 @@ php_admin_flag engine on {%- if wiki == 'en-test' %} - php_admin_value open_basedir "/srv/www/en-test.opensuse.org/:/usr/share/mediawiki_1_27/:/usr/share/mediawiki_1_27--git/:/dev/urandom:/bin/bash" + php_admin_value open_basedir "/srv/www/en-test.opensuse.org/:/usr/share/mediawiki_{{ version.replace('-git', '') }}/:/usr/share/mediawiki_{{ version }}/:/dev/urandom:/bin/bash" {%- else %} - php_admin_value open_basedir "/srv/www/{{ wiki }}.opensuse.org/:/usr/share/mediawiki_1_27/:/dev/urandom:/bin/bash" + php_admin_value open_basedir "/srv/www/{{ wiki }}.opensuse.org/:/usr/share/mediawiki_{{ version }}:/dev/urandom:/bin/bash" {%- endif %} php_admin_value upload_tmp_dir /srv/www/{{ wiki }}.opensuse.org/tmp/ php_admin_value session.save_path /srv/www/{{ wiki }}.opensuse.org/tmp/ diff --git a/salt/profile/wiki/files/apache2-wiki.logrotate b/salt/profile/wiki/files/apache2-wiki.logrotate deleted file mode 100644 index 77e9011..0000000 --- a/salt/profile/wiki/files/apache2-wiki.logrotate +++ /dev/null @@ -1,21 +0,0 @@ -# -# This is handled in /etc/logrotate.d/apache2 -# since Leap 15.2 (same/duplicate entry there) -# disabling here for reference and to avoid -# errors in logrotate (duplicate entry...) -# -#/var/log/apache2/*-access_log { -# compress -# dateext -# maxage 365 -# rotate 99 -# size=+4096k -# notifempty -# missingok -# create 644 root root -# sharedscripts -# postrotate -# systemctl reload apache2.service -# sleep 60 -# endscript -#} diff --git a/salt/profile/wiki/files/httpd2-prefork.apparmor b/salt/profile/wiki/files/httpd2-prefork.apparmor index 8b3459e..913ddb6 100644 --- a/salt/profile/wiki/files/httpd2-prefork.apparmor +++ b/salt/profile/wiki/files/httpd2-prefork.apparmor @@ -1,10 +1,9 @@ # managed by salt - do not edit! -# $Id: usr.sbin.httpd2-prefork 12 2006-04-12 21:35:41Z steve-beattie $ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE -# Copyright (C) 2017 Christian Boltz +# Copyright (C) 2017-2021 Christian Boltz # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -124,7 +123,7 @@ profile httpd2-prefork /usr/sbin/httpd{,2}-prefork flags=(complain,attach_discon /srv/www/files.opensuse.org/public/** r, } - # {% for wiki in pillar['mediawiki_1_27']['wikis']|sort %} + # {% for wiki in pillar['mediawiki']['wikis']|sort %} ^vhost_{{wiki}}wiki flags=(complain,attach_disconnected) { #include #include @@ -134,7 +133,7 @@ profile httpd2-prefork /usr/sbin/httpd{,2}-prefork flags=(complain,attach_discon /dev/tty rw, /proc/meminfo r, /usr/bin/timeout rix, - /usr/share/mediawiki_1_27/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize Px -> pygmentize, + /usr/share/mediawiki_1_*/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize Px -> pygmentize, /usr/sbin/sendmail PUx, /var/log/apache2/{{wiki}}-access_log w, /var/log/apache2/{{wiki}}-access_log-20[12][0-9][01][0-9][0-3][0-9] w, @@ -160,10 +159,7 @@ profile httpd2-prefork /usr/sbin/httpd{,2}-prefork flags=(complain,attach_discon /srv/www/{{wiki}}.opensuse.org/tmp/php* rw, /srv/www/{{wiki}}.opensuse.org/secrets.php r, /srv/www/{{wiki}}.opensuse.org/wiki_settings.php r, - /usr/share/mediawiki_1_27/** r, - # {% if wiki == 'en-test' %} - /usr/share/mediawiki_1_27--git/** r, - # {% endif %} + /usr/share/mediawiki_1_*/** r, } # {% endfor %} diff --git a/salt/profile/wiki/files/pygmentize.apparmor b/salt/profile/wiki/files/pygmentize.apparmor index 79b2829..3960ad6 100644 --- a/salt/profile/wiki/files/pygmentize.apparmor +++ b/salt/profile/wiki/files/pygmentize.apparmor @@ -12,7 +12,7 @@ #include -profile pygmentize /usr/share/mediawiki_1_27/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize flags=(complain) { +profile pygmentize /usr/share/mediawiki_*/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize flags=(complain) { #include #include @@ -28,11 +28,11 @@ profile pygmentize /usr/share/mediawiki_1_27/extensions/SyntaxHighlight_GeSHi/py /usr/local/lib/ r, /usr/local/lib64/ r, /usr/share/ r, - /usr/share/mediawiki_1_27/ r, - /usr/share/mediawiki_1_27/extensions/ r, - /usr/share/mediawiki_1_27/extensions/SyntaxHighlight_GeSHi/ r, - /usr/share/mediawiki_1_27/extensions/SyntaxHighlight_GeSHi/pygments/ r, - /usr/share/mediawiki_1_27/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize r, + /usr/share/mediawiki_1_*/ r, + /usr/share/mediawiki_1_*/extensions/ r, + /usr/share/mediawiki_1_*/extensions/SyntaxHighlight_GeSHi/ r, + /usr/share/mediawiki_1_*/extensions/SyntaxHighlight_GeSHi/pygments/ r, + /usr/share/mediawiki_1_*/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize r, }