Couple of things.
by Mike McGrath
First. The freeze is over. Everyone go nuts!
Second. The meeting this week will largely be based around starting to
formulate a plan to physically move the majority of our server hardware
from it's current location to another location. This is going to cause
some servers to be offline for several hours at a minimum. So if you're
able to make the meeting tomorrow, please do come.
-Mike
14 years, 8 months
[PATCH] shared session data
by Mike McGrath
My smolt change requires shared session data
can I get 2 +1's
---
manifests/servergroups/appRhel.pp | 9 +++++++++
1 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/manifests/servergroups/appRhel.pp b/manifests/servergroups/appRhel.pp
index c249973..aba5fdf 100644
--- a/manifests/servergroups/appRhel.pp
+++ b/manifests/servergroups/appRhel.pp
@@ -34,6 +34,15 @@ class appRhel {
wikipath => "smolt-wiki",
}
include mediawiki-confirmedit::confirmEdit
+ mount { "/srv/web/sessiondata":
+ device => "ntap-fedora1.fedora.phx.redhat.com:/vol/fedora/app/sessiondata",
+ fstype => "nfs",
+ ensure => "mounted",
+ options => "defaults,ro,soft,intr",
+ atboot => true,
+ require => File["/srv/web/sessiondata"]
+ }
+
}
# Firewall rules
--
1.6.2.5
14 years, 8 months
[PATCH] Enabling confirm-edit again for smolt
by Mike McGrath
This had gotten disabled during a conversion process of making mediawiki-ConfirmEdit a package I think
These files will enable the math based captcha again
---
modules/mediawiki-ConfirmEdit/README | 22 ++
.../mediawiki-ConfirmEdit/files/ConfirmEdit.php | 222 ++++++++++++++++++++
modules/mediawiki-ConfirmEdit/manifests/init.pp | 13 ++
modules/mediawiki/manifests/init.pp | 2 +-
4 files changed, 258 insertions(+), 1 deletions(-)
create mode 100644 modules/mediawiki-ConfirmEdit/README
create mode 100644 modules/mediawiki-ConfirmEdit/files/ConfirmEdit.php
create mode 100644 modules/mediawiki-ConfirmEdit/manifests/init.pp
diff --git a/modules/mediawiki-ConfirmEdit/README b/modules/mediawiki-ConfirmEdit/README
new file mode 100644
index 0000000..b4f281e
--- /dev/null
+++ b/modules/mediawiki-ConfirmEdit/README
@@ -0,0 +1,22 @@
+=====================
+mediawiki-ConfirmEdit
+=====================
+
+-----------
+Usage
+-----------
+
+The ConfirmEdit extension enables a simple text Captcha that will probably
+catch most bots. It was designed largely by Brion Vibber. The FancyCaptcha and
+reCAPTCHA addons create more complex image captchas.
+
+Captchas are a way of combating automated edits, helping to ensure that wiki
+edits are being made by real humans rather than bots. This can be particularly
+useful for reducing the problem of wiki spam, but captchas reduce accessibility
+and cause inconvenience to human users. In addition, it will not completely
+spam-proof your wiki (nor will it protect it from human spammers). You may wish
+to use this in conjunction with other anti-spam features. Remember to clean up
+any spam which might slip through the net (keep an eye on your 'recent changes'
+page). Captcha's can also be used to foil automated login attempts that try to
+guess passwords.
+
diff --git a/modules/mediawiki-ConfirmEdit/files/ConfirmEdit.php b/modules/mediawiki-ConfirmEdit/files/ConfirmEdit.php
new file mode 100644
index 0000000..0c33bc9
--- /dev/null
+++ b/modules/mediawiki-ConfirmEdit/files/ConfirmEdit.php
@@ -0,0 +1,222 @@
+<?php
+
+
+/**
+ * Experimental captcha plugin framework.
+ * Not intended as a real production captcha system; derived classes
+ * can extend the base to produce their fancy images in place of the
+ * text-based test output here.
+ *
+ * Copyright (C) 2005-2007 Brion Vibber <brion(a)wikimedia.org>
+ * http://www.mediawiki.org/
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
+ * @addtogroup Extensions
+ */
+
+if ( !defined( 'MEDIAWIKI' ) ) {
+ exit;
+}
+
+global $wgExtensionFunctions, $wgGroupPermissions;
+
+$wgExtensionFunctions[] = 'confirmEditSetup';
+$wgExtensionCredits['other'][] = array(
+ 'name' => 'ConfirmEdit',
+ 'author' => 'Brion Vibber',
+ 'svn-date' => '$LastChangedDate: 2008-07-02 23:09:26 +0000 (Wed, 02 Jul 2008) $',
+ 'svn-revision' => '$LastChangedRevision: 36959 $',
+ 'url' => 'http://www.mediawiki.org/wiki/Extension:ConfirmEdit',
+ 'description' => 'Simple captcha implementation',
+ 'descriptionmsg' => 'captcha-desc',
+);
+
+/**
+ * The 'skipcaptcha' permission key can be given out to
+ * let known-good users perform triggering actions without
+ * having to go through the captcha.
+ *
+ * By default, sysops and registered bot accounts will be
+ * able to skip, while others have to go through it.
+ */
+$wgGroupPermissions['*' ]['skipcaptcha'] = false;
+$wgGroupPermissions['user' ]['skipcaptcha'] = false;
+$wgGroupPermissions['autoconfirmed']['skipcaptcha'] = false;
+$wgGroupPermissions['bot' ]['skipcaptcha'] = true; // registered bots
+$wgGroupPermissions['sysop' ]['skipcaptcha'] = true;
+$wgAvailableRights[] = 'skipcaptcha';
+
+/**
+ * List of IP ranges to allow to skip the captcha, similar to the group setting:
+ * "$wgGroupPermission[...]['skipcaptcha'] = true"
+ *
+ * Specific IP addresses or CIDR-style ranges may be used,
+ * for instance:
+ * $wgCaptchaWhitelistIP = array('192.168.1.0/24', '10.1.0.0/16');
+ */
+$wgCaptchaWhitelistIP = false;
+
+global $wgCaptcha, $wgCaptchaClass, $wgCaptchaTriggers;
+$wgCaptcha = null;
+$wgCaptchaClass = 'SimpleCaptcha';
+
+/**
+ * Actions which can trigger a captcha
+ *
+ * If the 'edit' trigger is on, *every* edit will trigger the captcha.
+ * This may be useful for protecting against vandalbot attacks.
+ *
+ * If using the default 'addurl' trigger, the captcha will trigger on
+ * edits that include URLs that aren't in the current version of the page.
+ * This should catch automated linkspammers without annoying people when
+ * they make more typical edits.
+ *
+ * The captcha code should not use $wgCaptchaTriggers, but CaptchaTriggers()
+ * which also takes into account per namespace triggering.
+ */
+$wgCaptchaTriggers = array();
+$wgCaptchaTriggers['edit'] = true; // Would check on every edit
+$wgCaptchaTriggers['create'] = true; // Check on page creation.
+$wgCaptchaTriggers['addurl'] = true; // Check on edits that add URLs
+$wgCaptchaTriggers['createaccount'] = true; // Special:Userlogin&type=signup
+$wgCaptchaTriggers['badlogin'] = true; // Special:Userlogin after failure
+
+/**
+ * You may wish to apply special rules for captcha triggering on some namespaces.
+ * $wgCaptchaTriggersOnNamespace[<namespace id>][<trigger>] forces an always on /
+ * always off configuration with that trigger for the given namespace.
+ * Leave unset to use the global options ($wgCaptchaTriggers).
+ *
+ * Shall not be used with 'createaccount' (it is not checked).
+ */
+$wgCaptchaTriggersOnNamespace = array();
+
+#Example:
+#$wgCaptchaTriggersOnNamespace[NS_TALK]['create'] = false; //Allow creation of talk pages without captchas.
+#$wgCaptchaTriggersOnNamespace[NS_PROJECT]['edit'] = true; //Show captcha whenever editing Project pages.
+
+/**
+ * Indicate how to store per-session data required to match up the
+ * internal captcha data with the editor.
+ *
+ * 'CaptchaSessionStore' uses PHP's session storage, which is cookie-based
+ * and may fail for anons with cookies disabled.
+ *
+ * 'CaptchaCacheStore' uses $wgMemc, which avoids the cookie dependency
+ * but may be fragile depending on cache configuration.
+ */
+global $wgCaptchaStorageClass;
+$wgCaptchaStorageClass = 'CaptchaSessionStore';
+
+/**
+ * Number of seconds a captcha session should last in the data cache
+ * before expiring when managing through CaptchaCacheStore class.
+ *
+ * Default is a half hour.
+ */
+global $wgCaptchaSessionExpiration;
+$wgCaptchaSessionExpiration = 30 * 60;
+
+/**
+ * Number of seconds after a bad login that a captcha will be shown to
+ * that client on the login form to slow down password-guessing bots.
+ *
+ * Has no effect if 'badlogin' is disabled in $wgCaptchaTriggers or
+ * if there is not a caching engine enabled.
+ *
+ * Default is five minutes.
+ */
+global $wgCaptchaBadLoginExpiration;
+$wgCaptchaBadLoginExpiration = 5 * 60;
+
+/**
+ * Allow users who have confirmed their e-mail addresses to post
+ * URL links without being harassed by the captcha.
+ */
+global $ceAllowConfirmedEmail;
+$ceAllowConfirmedEmail = false;
+
+/**
+ * Number of bad login attempts before triggering the captcha. 0 means the
+ * captcha is presented on the first login.
+ */
+global $wgCaptchaBadLoginAttempts;
+$wgCaptchaBadLoginAttempts = 3;
+
+/**
+ * Regex to whitelist URLs to known-good sites...
+ * For instance:
+ * $wgCaptchaWhitelist = '#^https?://([a-z0-9-]+\\.)?(wikimedia|wikipedia)\.org/#i';
+ * Local admins can define a whitelist under [[MediaWiki:captcha-addurl-whitelist]]
+ */
+$wgCaptchaWhitelist = false;
+
+/**
+ * Additional regexes to check for. Use full regexes; can match things
+ * other than URLs such as junk edits.
+ *
+ * If the new version matches one and the old version doesn't,
+ * toss up the captcha screen.
+ *
+ * @fixme Add a message for local admins to add items as well.
+ */
+$wgCaptchaRegexes = array();
+
+/** Register special page */
+$wgSpecialPages['Captcha'] = array( /*class*/'CaptchaSpecialPage', /*name*/'Captcha' );
+
+$wgConfirmEditIP = dirname( __FILE__ );
+$wgExtensionMessagesFiles['ConfirmEdit'] = "$wgConfirmEditIP/ConfirmEdit.i18n.php";
+
+if ( defined( 'MW_SUPPORTS_EDITFILTERMERGED' ) ) {
+ $wgHooks['EditFilterMerged'][] = 'ConfirmEditHooks::confirmEditMerged';
+} else {
+ $wgHooks['EditFilter'][] = 'ConfirmEditHooks::confirmEdit';
+}
+$wgHooks['UserCreateForm'][] = 'ConfirmEditHooks::injectUserCreate';
+$wgHooks['AbortNewAccount'][] = 'ConfirmEditHooks::confirmUserCreate';
+$wgHooks['LoginAuthenticateAudit'][] = 'ConfirmEditHooks::triggerUserLogin';
+$wgHooks['UserLoginForm'][] = 'ConfirmEditHooks::injectUserLogin';
+$wgHooks['AbortLogin'][] = 'ConfirmEditHooks::confirmUserLogin';
+# Register API hook
+$wgHooks['APIEditBeforeSave'][] = 'ConfirmEditHooks::confirmEditAPI';
+
+$wgAutoloadClasses['ConfirmEditHooks']
+ = $wgAutoloadClasses['SimpleCaptcha']
+ = $wgAutoloadClasses['CaptchaSessionStore']
+ = $wgAutoloadClasses['CaptchaCacheStore']
+ = $wgAutoloadClasses['CaptchaSpecialPage']
+ = "$wgConfirmEditIP/ConfirmEdit_body.php";
+
+/**
+ * Set up $wgWhitelistRead
+ */
+function confirmEditSetup() {
+ global $wgGroupPermissions, $wgCaptchaTriggers;
+ if( !$wgGroupPermissions['*']['read'] && $wgCaptchaTriggers['badlogin'] ) {
+ // We need to ensure that the captcha interface is accessible
+ // so that unauthenticated users can actually get in after a
+ // mistaken password typing.
+ global $wgWhitelistRead;
+ $image = Title::makeTitle( NS_SPECIAL, 'Captcha/image' );
+ $help = Title::makeTitle( NS_SPECIAL, 'Captcha/help' );
+ $wgWhitelistRead[] = $image->getPrefixedText();
+ $wgWhitelistRead[] = $help->getPrefixedText();
+ }
+}
+
+
diff --git a/modules/mediawiki-ConfirmEdit/manifests/init.pp b/modules/mediawiki-ConfirmEdit/manifests/init.pp
new file mode 100644
index 0000000..5755cf0
--- /dev/null
+++ b/modules/mediawiki-ConfirmEdit/manifests/init.pp
@@ -0,0 +1,13 @@
+# mediawiki-ConfirmEdit
+
+class mediawiki-ConfirmEdit::ConfirmEdit {
+ package { 'mediawiki-ConfirmEdit' :
+ ensure => present,
+ require => Package['mediawiki']
+ }
+
+ file { '/usr/share/mediawiki/extensions/ConfirmEdit/ConfirmEdit.php':
+ require => Package['mediawiki-ConfirmEdit'],
+ source => 'puppet:///mediawiki-ConfirmEdit/ConfirmEdit.php'
+ }
+}
diff --git a/modules/mediawiki/manifests/init.pp b/modules/mediawiki/manifests/init.pp
index 6175a45..9606c56 100644
--- a/modules/mediawiki/manifests/init.pp
+++ b/modules/mediawiki/manifests/init.pp
@@ -1,6 +1,7 @@
class mediawiki::app {
include httpd::base
include httpd::php
+ include mediawiki-ConfirmEdit::ConfirmEdit
package { "mediawiki":
ensure => installed,
@@ -14,7 +15,6 @@ class mediawiki::app {
"mediawiki-Boilerplate",
"mediawiki-Cite",
"mediawiki-Click",
- "mediawiki-ConfirmEdit",
"mediawiki-HNP",
"mediawiki-Lockdown",
"mediawiki-ParserFunctions",
--
1.6.2.5
14 years, 8 months
[Change Request] Website changes for F12-Alpha
by Todd Zullinger
The following two changes are needed to ensure the website is ready
for the alpha release tomorrow morning. I won't push them until
tomorrow morning, but can I get a few +1's for them a while?
Todd Zullinger (2):
fedora-web: Disable /get-prerelease redirect for F12-Alpha
fedora-web: Use f12-alpha branch
modules/fedora-web/files/redirects.conf | 4 ++--
modules/fedora-web/files/syncStatic.sh | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
14 years, 8 months
[PATCH] Temporary setting for galgoci
by Mike McGrath
---
manifests/servergroups/proxy.pp | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/manifests/servergroups/proxy.pp b/manifests/servergroups/proxy.pp
index bdea7b6..70bbcf4 100644
--- a/manifests/servergroups/proxy.pp
+++ b/manifests/servergroups/proxy.pp
@@ -741,7 +741,8 @@ class proxy {
# Firewall Rules, allow HTTP traffic through
$tcpPorts = [ 80, 443, 873, 8080 ]
$udpPorts = []
- $custom = []
+ $custom = ['-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT',
+ '-A INPUT -p tcp -m tcp --sport 80 -j DROP']
iptables { "/etc/sysconfig/iptables":
content => template("system/iptables-template.conf.erb"),
--
1.6.2.5
14 years, 8 months
Infrastructure Introduction
by Terrance Hutchinson
Hi,
I am highly interested in joining the Fedora Infrastructure team. I am a
Systems Integration Engineer/Software Developer for Hewlett-Packard in the
NAS/SAN division. I have been here for about 1 year
and before that was IT administrator for my schools Engineering department.
I was in charge of maintaining all of the EDA servers as well
as Linux workstations (100+). At my job now I deal with a lot of storage,
manipulating, optimizing storage for various types of Application Servers.I
use Fedora as my workstation OS and I am the team linux guru. I am skilled
in HTML/CSS/JavaScript as well as Perl, Python and TCL/Tk.
I am fluent in the C/C++ and java programming languages.This could range
from performance issues to full on bug-hunts. I also manage our RHEL
vritualization clusters for client testing. Another part of my job is to
create rpm's and source tarballs for the various software and utilities we
use. I have experience in package management and I working on becoming a
package maintainer in Fedora. I have access to about 3 servers
that I can use for development, two are loaded up to be virtual app servers
and one is File Server (iSCSI and NFS). I am also a Fedora Ambassador for my
area.
If you need to know more or if there is more I need to do please let me know
as I would love to be part of the team.
Thanks for taking the time to read this email. I look forward to working
with such an awesome group of people.
Hutchint
14 years, 8 months
Joining the Fedora Infrstructure team
by Terrance Hutchinson
Hi,
I am highly interested in joining the Fedora Infrastructure team. I am a
Systems Integration Engineer/Software Developer for Hewlett-Packard NAS
products. I use Fedora
as my workstation OS and I am the team linux guru. I am skilled in
HTML/CSS/JavaScript as well as Perl, Python and TCL/Tk. I am fluent in the
C/C++ and java programming languages. I deal with many storage based
protocols such as iSCSI, NFS and CIFS constantly. This could range from
performance issues to full on bug-hunts. I also know clustering and
different linux virtualization platforms.
If you need to know more or if there is more I need to do please let me know
as I would love to be part of the team.
Terrance
14 years, 8 months
Joining the Fedora Infrastructure team
by Mathieu Bridon
Hi,
I'd like to join the Infrastructure team, so here is my introduction.
I'm a junior system engineer. I have a short (one year) experience
managing RHEL (2.1 to 5, yes we still have 2.1 in production :'( ) web
servers running J2EE applications with Apache/JOnAS (please, don't ask
me the versions of those two, you might have nightmares ^^').
I'm also getting familiar with TurboGears web applications as I'm
developing one myself. [1]
Finally, for the skills that might be of interest to the
Infrastructure team, I'm a Fedora package maintainer. [2]
My motivation for joining the Infrastructure team is that I feel like
I can help, even if only a little, and I'm sure I can learn a lot from
this (and I love learning :)
I'll try to be around this thursday for the IRC meeting. Let me know
if there's something I can do in the meantime.
Best regards,
[1] https://fedorahosted.org/shomyu/
[2] https://admin.fedoraproject.org/pkgdb/users/packages/bochecha
----------
Mathieu Bridon (bochecha)
14 years, 8 months
Infrastructure Introduction
by timg@codero.com
Hello,
I previously worked with the Fedora Infrastructure group a year or two
ago, unfortunately life prevailed and I was unable to help out much. At
this time things have changed and I feel that I now have the time to
help contribute to the project.
I currently work as a Systems Administrator, and helped develop,
implement, and maintain a large managed server environment (100+ servers
- CentOS based), which range from standard one server web sites, to load
balancing and MySQL/DRBD clusters.
I am interested in re-joining the sysadmin tools and noc FIG's and
previously had sponsorship by Mike McGrath and Matt Domsch. If you would
like any additional information about my current skill set please feel
free to email me. Thank you for your time, see you in IRC.
14 years, 8 months
RfR: Two AMQP Brokers for Infrastructure and Fedora Community
by John (J5) Palmieri
Hey guys,
I just filed an Request for Resources ticket to get our AMQP infrastructure started.
https://fedorahosted.org/fedora-infrastructure/ticket/1629
For those who haven't been following the messaging sig, AMQP brokers are messaging services which will allow us to go beyond our current e-mail notification system by standardizing on a single software parsable notification format and routing system.
The reason we need more than one broker is for security reasons. The main broker will only take events from internal infrastructure relay them to other brokers in different security domains. Clients will only be able to attach to these relays via various authentication mechanisms (FAS or in the case of the FComm broker, web browser domain security). If they act up we can always cut them without interrupting other channels. The full writeup is on the messaging sig wiki - https://fedoraproject.org/wiki/Messaging_SIG
--
John (J5) Palmieri
Software Engineer
Red Hat, Inc.
14 years, 8 months