We previously moved the FPCA check from a patched file held here in
ansible into the RPM itself when it was built for the Fedora infra
repos. While we no longer installed the patched file, it remained here
in the files dir of the wiki role, so we are deleting it.
Also, have added a comment to the play to say where we are holding this
patch now, so when i forget about it again, and come back to it in
another year or so, i can remember faster
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
This space was in a networking cage thats going away and all the
machines there are old and out of warentee.
This space was intended for disaster recovery purposes.
For that now we have a internal vm that can access our mirrored netapp
storage, so we can sync anything off it we need to when iad2 is down.
I will be resetting up a batcave13 in another datacenter to allow us a
backup ansible/dns control host. bastion13/ns13/proxy13 will likely just
go away forever. download-rdu01 should be replaced by the new
download-cc-rdu01 once we have the new hardware in place for that.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Right now by default users are logged out after 1 hour of inactivity on
the wiki. This is anoying for people who do a number of edits during the
day. So, lets increase this timeout to 10 hours.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Sometimes folks are unable to login to the wiki because there have been
too many login attempts from the proxy they happen to be hitting the
wiki from. Lets just disable this throttle entirely, as brute force
won't work ever anyhow.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
mediawiki deprecated the NS_IMAGE constants in favor of the NS_FILE
constants back in 1.14. They were removed in 1.34, so now we change
them.
c429074687/RELEASE-NOTES-1.34 (L225)
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
mediawiki-OpenIDConnect and mediawiki-PluggableAuth are updated to newer
versions, and the config setup has changed. this tweaks it for the wiki
stage.
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
We don't use talk pages, people often add notes to them and no one ever
sees them. We want discussion of things on our lists or matrix, not in a
talk page no one reads.
This disables editing talk pages by using the lockdown plugin and only
granting permissions to edit talk pages to 'noone'. Since that group
doesn't exist, no one can edit them.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
the patch for the OIDC plugin is now in the RPM, but for now lets only
not apply the patch via ansible in staging, so we know it works.
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
Updates the wiki OIDC scopes settings to point to the new agreements
scope rather than the CLA one from the FAS days
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
Remove two templates that appear to previously been used to set up
authentication directly to FAS, before ipsilon / OIDC was implemented in
the wiki
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
This still had all the phx2 local servers, adjust them to the new iad2
ips and see if that helps the wiki stop thowing so many 503's.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Since we no longer have any machines in phx2, I have tried to remove
them from ansible. Note that there are still some places where we need
to remove them still: nagios, dhcp, named were not touched, and in cases
where it wasn't pretty clear what a conditional was doing I left it to
be cleaned up later.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
The ParserFunctions extension (which we already use) has some
string functions which I would like to use, but they aren't
enabled by default. Per the documentation, just adding this
config setting should turn them on.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
