Pagina in lingua inglese

Differenze tra le versioni di "Wikina/Technical documentation"

Da Wikimedia Italia.
Jump to navigation Jump to search
Riga 208: Riga 208:
 
Thank you for your contributions to this page and on the WMIT infrastructure in general ❤️
 
Thank you for your contributions to this page and on the WMIT infrastructure in general ❤️
 
__NOINDEX__<!-- this should be a public page but without impacting in the main website search results -->
 
__NOINDEX__<!-- this should be a public page but without impacting in the main website search results -->
 +
[[Categoria:Documentazione tecnica]]

Versione delle 08:45, 27 gen 2023

Pagina legata al server ⚙️ intreccio

Thank you for contributing to this page, collecting info about the website called wikina, served at https://wiki.wikimedia.it/ and running MediaWiki.

Server

The website is served by server ⚙️ intreccio.

Webserver

The frontend webserver is Apache HTTP. Its configuration is published here:

443
https://gitlab.wikimedia.org/repos/wikimedia-it/wmit-infrastructure/-/blob/main/servers/intreccio/conf/apache2/sites-available/it-wikimedia-wiki-ssl.conf
80
https://gitlab.wikimedia.org/repos/wikimedia-it/wmit-infrastructure/-/blob/main/servers/intreccio/conf/apache2/sites-available/it-wikimedia-wiki-txt.conf
Main
https://gitlab.wikimedia.org/repos/wikimedia-it/wmit-infrastructure/-/blob/main/servers/intreccio/conf/apache2/include/it-wikimedia-wiki-main.conf

In short, Apache HTTPd serves static files as-is.

Dynamic files are proxed to the underlying #PHP FPM webserver.

PHP FPM

The PHP FPM (FastCGI Process Manager) is a dedicated process serving PHP files.

The configuration of PHP FPM is splitted in pools. Relevant pool:

/etc/php/7.3/fpm/pool.d/wikina.conf

TODO: publish this configuration file on git.

The backend PHP FPM webserver does not listen to a port but to a filesystem socket. It is here:

/run/php/php7.3-fpm-wikina.sock

Apache is the only user who can connect to that socket.

Filesystem

This is a filesystem overview:

root@intreccio:/var/www/wikina# ls -la
total 72
drwxr-x--- 11 wmit-wikina wmit-wikina  4096 gen 26 20:54 .
drwxr-xr-x 21 root        root         4096 gen  9 11:37 ..
drwxrwx---  2 wmit-wikina wmit-wikina 20480 gen  9 13:38 cache
drwxr-x---  2 wmit-wikina wmit-wikina  4096 gen  9 13:43 debug
drwxr-xr-x 31 root        root         4096 gen  9 13:28 extensions
drwxr-xr-x  2 root        root         4096 nov 28 19:44 fonts
drwxr-xr-x 24 wmit-wikina wmit-wikina  4096 gen  9 11:37 images
lrwxrwxrwx  1 root        root           83 dic 19 08:32 LocalSettings-public.php -> /etc/wmit-infrastructure/servers/intreccio/projects/wikina/LocalSettings-public.php
-rw-r-----  1 root        wmit-wikina   675 set  3 23:51 LocalSettings-secret.php
drwxr-xr-x 14 root        root         4096 gen  9 13:38 mediawiki-1.35.6
drwxr-xr-x 14 root        root         4096 lug 23  2022 mediawiki-1.35.7
lrwxrwxrwx  1 root        root           67 dic 19 08:32 scripts -> /etc/wmit-infrastructure/servers/intreccio/projects/wikina/scripts/
drwxrwx---  2 wmit-wikina wmit-wikina  4096 gen 27 07:17 tmp
lrwxrwxrwx  1 root        root           16 giu 15  2022 www -> mediawiki-1.35.6

Pathnames that MUST NOT be writable by anyone and MUST be readable by the application:

# chown root:wmit-wikina
# chmod o=
/var/www/wikina/extensions/LocalSettings-secret.php

Pathnames that MUST be private to others and MUST be readable and writable to the application:

# chown wmit-wikina:
# chmod o=
/var/www/wikina/tmp
/var/www/wikina/cache
/var/www/wikina/debug

Pathnames that MUST be read-only and SHOULD be kept public (since they do not contains any secret):

# chown root:
/var/www/wikina/extensions
/var/www/wikina/extensions/fonts
/var/www/wikina/extensions/LocalSettings-public.php
/var/www/wikina/extensions/www
/var/www/wikina/extensions/mediawiki-*/
/var/www/wikina/extensions/scripts

Pathnames that MUST be writable by the application and SHOULD be public (since they do not contain any secret):

# chown wmit-wikina:
/var/www/wikina/images

MediaWiki

MediaWiki configuration

The MediaWiki configuration is published here:

https://gitlab.wikimedia.org/repos/wikimedia-it/wmit-infrastructure/-/blob/main/servers/intreccio/projects/wikina/LocalSettings-public.php

The public configuration is here on the filesystem:

/var/www/wikina/LocalSettings-public.php

The secret configuration is on the server itself and it just contains database password, email credentials, upgrade key, and nothing else.

The secret configuration is here on the filesystem:

nano /var/www/wikina/LocalSettings-secret.php

Systemd unit

There is a systemd unit executing MediaWiki background jobs. Here the unit:

https://gitlab.wikimedia.org/repos/wikimedia-it/wmit-infrastructure/-/blob/main/servers/intreccio/projects/wikina/systemd/wikina-jobs.service

Here its source code:

https://gitlab.wikimedia.org/repos/wikimedia-it/wmit-infrastructure/-/blob/main/servers/intreccio/projects/wikina/scripts/run-jobs.sh

Unix

There is a dedicated Unix user called wmit-wikina:wmit-wikina.

Writable files are assigned to that user.

Non-writable files are assigned to the user root:root.

Extensions

Extensions are deployed here:

/var/www/wikina/extensions

Then they can be activated from the #MediaWiki configuration.

Database

The database is a local, standard MariaDB installation.

Database name:

wikina

There is a dedicated username with its credential. It's only stored in the secret #MediaWiki configuration and nowhere else.

Backup

Backup on-site

The database is under a daily on-site backup, executed daily, before midnight. This is the on-site path:

/var/backups/wmi/intreccio.wikimedia.it/daily/databases/wikina.sql.gz

Backup off-site

The backup is then pushed off-site on this server:

General details:

That copy is then kept for some days, rotated on daily basis. Example location:

/var/backups/wmi/intreccio.wikimedia.it
/var/backups/wmi.1/intreccio.wikimedia.it
/var/backups/wmi.2/intreccio.wikimedia.it

Etc.

Complete snapshot

There is also a complete daily server snapshot executed from the OpenStack provider, restorable by any "admin" or "superadmin" of this provider:

Don't execute a manual snapshot randomly since it can put the server offline for several minutes.

Don't allocate a server snapshot randomly since it consumes paid resources.

Phabricator Workboard

To report feature requests / bugs:

Accessi a: Server intreccio

Elenco di tutti i ruoli e le relative utenze che possono accedere a Server intreccio:

Per aggiungere un ruolo o una utenza, aggiungere il seguente template nella pagina utente della persona mancante:

{{Accesso|Server intreccio|RUOLO}}

Accessi a: Wikina

Elenco di tutti i ruoli e le relative utenze che possono accedere a Wikina:

Per aggiungere un ruolo o una utenza, aggiungere il seguente template nella pagina utente della persona mancante:

{{Accesso|Wikina|RUOLO}}

Accessi a: Fornitore vh

Elenco di tutti i ruoli e le relative utenze che possono accedere a Fornitore vh:

Per aggiungere un ruolo o una utenza, aggiungere il seguente template nella pagina utente della persona mancante:

{{Accesso|Fornitore vh|RUOLO}}

Contact

Infrastruttura#Contatti

Thank you for your contributions to this page and on the WMIT infrastructure in general ❤️