[Mageia-sysadm] Forum installation (almost) complete

Michael Scherer misc at zarb.org
Tue Feb 22 13:42:34 CET 2011


I finished the most part of the puppet deployment of the forum this
night, as those who were idling on #mageia-sysadmin know.

So thanks to the work of Maat and ashledombos, we do have :
- a git repository on git://git.mageia.org/forum/ ( write access :
ssh://git.mageia.org/git/forum/ for them, as they requested ). Filled
with what was sent to me last week.

- the friteuse vm that hold the forum is hosted on alamut, for the
moment, with a reverse proxy, on both http and https

- the database is hosted on alamut, on pgsql. 

- a git snapshot of the current code that was sent is deployed, along
with puppet stuff to deploy it more than once ( hosting for more than
one forum was on the TODO list after all )

- I had to remove ./install/, as asked by phpbb who refused to work. I
do not know if there was something needed, it is still in git, just
removed on the snapshot with rm ( I kept in git to ease the merge of
code later ).

What is left to do :

- There is likely missing write permissions ( I have started to lock
down and opened ./cache/, and it was sufficient to have something to
see )

- As using .htaccess cause performance penalty, I have not enabled them,
but maybe part of them are required. In any case, we need to review them
and add them to the apache configuration if needed. IIRC, most are just
"do not go to this directory".

- https has to be forced for the login, and cleartext has to be disabled
( as cleartext passwords for sysadmins and people with ldap admin rights
is IMHO 'niet', and we cannot rely on people never forgetting this to
always log using SSL )

- ssl certs should be corrected ( as I discovered during the night ),
but that should be quick ( when I mean corrected, I speak of the wrong
host, not of the fact they are self signed ).

- IMHO, a clearer separation of code and theme should be done, as for
now, we do have everything in the same git repository

- Various things would IMHO have to be adjusted ( like email, etc ). 

- for sysadmin, the git hosting has to be completed ( mail notification,
web interface, various commits hooks, etc )

- php deployment should also be hardened and fixed ( fixed because php
complain about some timezone issue ).

- registration on the forum without using identity, as we decided in
this thread
( https://www.mageia.org/pipermail/mageia-sysadm/2010-November/000897.html ) should be disabled. I didn't went further but it didn't seemed to be the case ( at least, not in the interface ).

- prepare the migration to the vm at nfrance ( once it is ready ). This
will requires some adjustments to some puppet modules, as we assumed
that only one db server would be used.

For now, the forum is locked ( using the builtin forum facility ) until
I do a quick review of the .htaccess stuff, and because I think people
didn't want to have it opened without knowing it was installed. Forum
admin should be able to unlock it if they want ( unless I was wrong
about the way phpbb work )

Michael Scherer

More information about the Mageia-sysadm mailing list