This space was in a networking cage thats going away and all the
machines there are old and out of warentee.
This space was intended for disaster recovery purposes.
For that now we have a internal vm that can access our mirrored netapp
storage, so we can sync anything off it we need to when iad2 is down.
I will be resetting up a batcave13 in another datacenter to allow us a
backup ansible/dns control host. bastion13/ns13/proxy13 will likely just
go away forever. download-rdu01 should be replaced by the new
download-cc-rdu01 once we have the new hardware in place for that.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Right now by default users are logged out after 1 hour of inactivity on
the wiki. This is anoying for people who do a number of edits during the
day. So, lets increase this timeout to 10 hours.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Sometimes folks are unable to login to the wiki because there have been
too many login attempts from the proxy they happen to be hitting the
wiki from. Lets just disable this throttle entirely, as brute force
won't work ever anyhow.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
mediawiki deprecated the NS_IMAGE constants in favor of the NS_FILE
constants back in 1.14. They were removed in 1.34, so now we change
them.
c429074687/RELEASE-NOTES-1.34 (L225)
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
mediawiki-OpenIDConnect and mediawiki-PluggableAuth are updated to newer
versions, and the config setup has changed. this tweaks it for the wiki
stage.
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
We don't use talk pages, people often add notes to them and no one ever
sees them. We want discussion of things on our lists or matrix, not in a
talk page no one reads.
This disables editing talk pages by using the lockdown plugin and only
granting permissions to edit talk pages to 'noone'. Since that group
doesn't exist, no one can edit them.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Updates the wiki OIDC scopes settings to point to the new agreements
scope rather than the CLA one from the FAS days
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
This still had all the phx2 local servers, adjust them to the new iad2
ips and see if that helps the wiki stop thowing so many 503's.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Since we no longer have any machines in phx2, I have tried to remove
them from ansible. Note that there are still some places where we need
to remove them still: nagios, dhcp, named were not touched, and in cases
where it wasn't pretty clear what a conditional was doing I left it to
be cleaned up later.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
The ParserFunctions extension (which we already use) has some
string functions which I would like to use, but they aren't
enabled by default. Per the documentation, just adding this
config setting should turn them on.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
We will need to check these services after pushing this out and confirm
that they are still emitting or hearing messages they need to.
Many thanks Karsten!
Move IP setting to apache
Load modules the new one for ones that support it.
Undefine db prefix that was confusing mysql
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
