1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-sysadm] Forum installation (almost) complete
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Forum%20installation%20%28almost%29%20complete&In-Reply-To=%3C1298378554.30254.46.camel%40akroma.ephaone.org%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="002897.html">
<LINK REL="Next" HREF="002818.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-sysadm] Forum installation (almost) complete</H1>
<B>Michael Scherer</B>
<A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Forum%20installation%20%28almost%29%20complete&In-Reply-To=%3C1298378554.30254.46.camel%40akroma.ephaone.org%3E"
TITLE="[Mageia-sysadm] Forum installation (almost) complete">misc at zarb.org
</A><BR>
<I>Tue Feb 22 13:42:34 CET 2011</I>
<P><UL>
<LI>Previous message: <A HREF="002897.html">[Mageia-sysadm] Cron <root at krampouezh> /usr/sbin/urpmi.update -a -q
</A></li>
<LI>Next message: <A HREF="002818.html">[Mageia-sysadm] [Mageia-webteam] Forum installation (almost) complete
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#2816">[ date ]</a>
<a href="thread.html#2816">[ thread ]</a>
<a href="subject.html#2816">[ subject ]</a>
<a href="author.html#2816">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Hi,
I finished the most part of the puppet deployment of the forum this
night, as those who were idling on #mageia-sysadmin know.
So thanks to the work of Maat and ashledombos, we do have :
- a git repository on <A HREF="git://git.mageia.org/forum/">git://git.mageia.org/forum/</A> ( write access :
<A HREF="ssh://git.mageia.org/git/forum/">ssh://git.mageia.org/git/forum/</A> for them, as they requested ). Filled
with what was sent to me last week.
- the friteuse vm that hold the forum is hosted on alamut, for the
moment, with a reverse proxy, on both http and https
- the database is hosted on alamut, on pgsql.
- a git snapshot of the current code that was sent is deployed, along
with puppet stuff to deploy it more than once ( hosting for more than
one forum was on the TODO list after all )
- I had to remove ./install/, as asked by phpbb who refused to work. I
do not know if there was something needed, it is still in git, just
removed on the snapshot with rm ( I kept in git to ease the merge of
code later ).
What is left to do :
- There is likely missing write permissions ( I have started to lock
down and opened ./cache/, and it was sufficient to have something to
see )
- As using .htaccess cause performance penalty, I have not enabled them,
but maybe part of them are required. In any case, we need to review them
and add them to the apache configuration if needed. IIRC, most are just
"do not go to this directory".
- https has to be forced for the login, and cleartext has to be disabled
( as cleartext passwords for sysadmins and people with ldap admin rights
is IMHO 'niet', and we cannot rely on people never forgetting this to
always log using SSL )
- ssl certs should be corrected ( as I discovered during the night ),
but that should be quick ( when I mean corrected, I speak of the wrong
host, not of the fact they are self signed ).
- IMHO, a clearer separation of code and theme should be done, as for
now, we do have everything in the same git repository
- Various things would IMHO have to be adjusted ( like email, etc ).
- for sysadmin, the git hosting has to be completed ( mail notification,
web interface, various commits hooks, etc )
- php deployment should also be hardened and fixed ( fixed because php
complain about some timezone issue ).
- registration on the forum without using identity, as we decided in
this thread
( <A HREF="https://www.mageia.org/pipermail/mageia-sysadm/2010-November/000897.html">https://www.mageia.org/pipermail/mageia-sysadm/2010-November/000897.html</A> ) should be disabled. I didn't went further but it didn't seemed to be the case ( at least, not in the interface ).
- prepare the migration to the vm at nfrance ( once it is ready ). This
will requires some adjustments to some puppet modules, as we assumed
that only one db server would be used.
For now, the forum is locked ( using the builtin forum facility ) until
I do a quick review of the .htaccess stuff, and because I think people
didn't want to have it opened without knowing it was installed. Forum
admin should be able to unlock it if they want ( unless I was wrong
about the way phpbb work )
--
Michael Scherer
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="002897.html">[Mageia-sysadm] Cron <root at krampouezh> /usr/sbin/urpmi.update -a -q
</A></li>
<LI>Next message: <A HREF="002818.html">[Mageia-sysadm] [Mageia-webteam] Forum installation (almost) complete
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#2816">[ date ]</a>
<a href="thread.html#2816">[ thread ]</a>
<a href="subject.html#2816">[ subject ]</a>
<a href="author.html#2816">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm
mailing list</a><br>
</body></html>
|
