Wiki Upgrade

This is the beginning of the wiki upgrade page....

1. https by letsencrypt
2. debian 9
3. no snowflakes, all our (known) devops culture at nb is ansible
4. salt the passwords correctly

1. Ansible
2. Debian 9
3. Caddy
4. Letsencrypt / Certbot

Noisebridge already has an ansible infrastructure repo, please join the Noisebridge github group and hack this: https://github.com/noisebridge/ansible/

1. Certbot - https://github.com/geerlingguy/ansible-role-certbot
2. Semantic Mediawiki - Mediawiki maintains some: https://phabricator.wikimedia.org/diffusion/1881/
   1. It may be useful to look at this one: https://github.com/yongxinL/ansible-mediawiki

We need to upgrade a really old version of mediawiki and will likely need to futz with the database.

1. Migrate to postgresql?
   1. make a git repo to store migration sql and other sql used for massaging the database contents
2. Delete old passwords (md5 with no salt) and expire all user passwords?
   1. Write/publish public sql script to clean up the production database for public publishing
3. Clean the database of spam/cruft?
   1. publish these scripts to the same sql script repo

This potentially is a good environment for testing and migrating the database: https://www.mediawiki.org/wiki/MediaWiki-Vagrant

(more OpenStack Semantic MediaWiki images: https://wikitech.wikimedia.org/wiki/Portal:Cloud_VPS)

You'll need to follow this guide to get a dump of our database up and running: https://www.mediawiki.org/wiki/Manual:Moving_a_wiki

Here is the mediawiki default user table data dictionary: https://www.mediawiki.org/wiki/Manual:User_table

We need to delete the password column and expire everyone's password. The old mediawiki only stores md5 hashed passwords with no salts, so we'll have to delete the whole thing

user_password_expires

MediaWiki version: ≥ 1.23

Date when user's password expires; null for no expiration date. Can also be set manually by calling User->expirePassword().

This is a log of what we did to a local copy of Noisebridge wiki database. These changes were not propogated to the live/production Noisebridge MediaWiki instance.

1. 1. purged password hashes - noisebridge_mediawikiuser.user_password all set to (empty string)
      1. update set <column>=;
      2. purged user emails - noisebridge_mediawikiuser.user_email all set to (empty string)
         1. update
      set <column>=;

      
      

      1. 1. purged noisebridge_mediawikiipblocks.ipb_address - replaced the composite primary key column with a sequence as follows: https://stackoverflow.com/questions/2643371/how-to-renumber-primary-index
      1. 1. truncated user watchlists (these are private)
            1. truncate table noisebridge_mediawikiwatchlist;
      1. 1. truncated all protected tables (these might give private info on who protected the page?)
            1. truncate table noisebridge_mediawikiprotected_titles;

      
      

      FUTURE Database Hacking Plans

      FUTURE ACTION: After Upgrading we can expire everyone's password

      details here: https://noisebridge.net/wiki/Wiki_Upgrade and here: https://www.mediawiki.org/wiki/Manual:User_table#user_password_expires

      FUTURE ACTIONS

      1. reduce permissions for inactive moderators, admins, etc, to "user".
         1. really drop everyone and add current people back, to make it an intentional process
         2. be very restrictive about CURRENT active users