Difference between revisions of "Educaship MediaWiki"
(→Postponed upgrades) |
|||
(75 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | [[ | + | [[Educaship MediaWiki]] (formerly known as [[CNM Wikiware]]; hereinafter, the ''Soft'') is the [[CNM stable app]] that is based on [[MediaWiki]], which is a [[commercial off-the-shelf]] ([[COTS]]) [[wiki engine]]. In addition, the ''Soft'' deploys [[Educaship MariaDB]] as its [[database management system]] and [[Educaship LDAP]] for its [[authentication]] and [[authorization]]. |
− | + | The ''Soft'' is configured to power [[CNM Wiki]], [[WikiHandsOn]], or [[WikiNext]], which are both [[CNMCyber service]]s and parts of [[Opplet]]. | |
− | |||
− | |||
− | |||
+ | ==Challenges== | ||
+ | Guys, we are looking for one or more MediaWiki experts to resolve one or more of the challenges that are best described below. | ||
+ | * Screening question: Have you found the description of the challenges? May you resolve one or more of them? Which one or ones? | ||
+ | * We are open to teams. LDAP-MediaWiki and MediaWiki itself may require experts with different skill sets. We are interested in WSO2 IS - MediaWiki as well since we plan to add WSO2 IS. So, WSO2 IS-MediaWiki expert may be another freelancer. | ||
+ | |||
+ | ===LDAP integration (urgent task)=== | ||
+ | : ''Main wikipage: [[CNM MediaWiki IAM]]'' | ||
+ | |||
+ | ===File repository=== | ||
+ | : [[Software repository]]: | ||
+ | :# Currently, the ''Soft'' itself is used as the repository; no federated repository is available. Because [[Opplet]] includes a few [[end-user application]]s, there is an idea to create one under the [[Warehouse for CNM Cloud]] project. Similarly, [[Wikipedia]] utilizes [[Wikimedia Commons]] as its repository. | ||
+ | :# In addition, a few problems with pictures occurred in the past. As of early 2023, no problems are observed, but the quantity of stored files are about to increase significantly. | ||
+ | :# [[SVG]] file support is another issue of the ''Soft'' development. The overwhelming majority of corporate files are in the [[SVG]] format, but, because the ''Soft'' doesn't support SVG, they need to be converted in the [[PNG]] one. | ||
+ | |||
+ | : So, the team looks for moving the ''Soft's'' files into a new repository. Under the most desired solution, (a) its files shall be available to various applications within [[Opplet]] and (b) SVG-files shall be stored there and displayed properly by the ''Soft's'' instances. If the most desired solution is not feasible, under an acceptable solution various instances of the ''Soft'' shall display the repository's files. The team will provide the hired expert with full access to two virtual machines; on the one ''Soft's'' instance is installed and on the second one a new repository should be installed. | ||
+ | |||
+ | ===Mail=== | ||
+ | : [[Opplet]], which part the ''Soft'' is, has a dedicated email server; the team wonders whether we can plug a ''Soft'' email client, which is currently unused, into that server. So, the most desired solution would be integration to our Postfix/Dovecot server; if the most desired solution is not available, internal email functioning would be accepted. The team will provide the hired expert with full access to the virtual machine on which ''Soft's'' instance is installed. | ||
+ | |||
+ | ===SOP=== | ||
+ | : Currently, [[CNM Farms]] policies are utilized for archive, backup, monitoring, security, snapshot, and restoration policies. However, there could be some ''Soft's'' useful plugins or policies that the team is unaware of. Specifically to its security, the team hasn't done pretty much anything. So, the team looks for (a) the updated ''Soft's'' [[standing operating procedure]] ([[standing operating procedure|SOP]]) and (b) a the ''Soft'' instance that would be built using the new ''SOP''. The team will provide the hired expert with full access to a virtual machine on which ''Soft's'' instance can be installed. | ||
+ | |||
+ | ===Guided tour=== | ||
+ | : We use the [[CNMCyber Guided Tours]] format and need someone to organize an event that would present the ''Soft''. The event should feature: | ||
+ | :# A speaker and/or presenter who would demonstrate a separate, so-called experiential, instance of the ''Soft'', while following its description. The participants shall follow the presentation, try the ''Soft'' instance on their own, ask questions, and get the speaker/presenter answers. | ||
+ | :# Recording that would be published online by the team. | ||
+ | |||
+ | ===Markup specification=== | ||
+ | |||
+ | ===Talk-page rename=== | ||
==Business functionality== | ==Business functionality== | ||
Line 12: | Line 39: | ||
===System-user roles=== | ===System-user roles=== | ||
− | :[[Opplet]] handles [[identity and access management]] for the '' | + | :[[Opplet]] handles [[identity and access management]] ([[identity and access management|IAM]]) for the ''Soft's'' instances (including "create account" and "change other users' rights" functions). Thus, the [[system-user role]]s of the ''Soft's'' users are those [[Opplet role]]s that are specifically based on rights of groups granted by [[MediaWiki]]. The software-defined rights can be found at [https://www.mediawiki.org/wiki/Manual:User_rights#List_of_groups MediaWiki's list of groups]. |
− | |||
− | |||
− | |||
===Platform=== | ===Platform=== | ||
− | :''Main wikipage: [[CNM Farms]]'' | + | : ''Main wikipage: [[CNM Farms]]'' |
− | :[[CNM Farms]] shall provide the '' | + | : [[CNM Farms]] shall provide every instance of the ''Soft'' with all resources that the ''Soft'' needs in order to run smoothly, including: |
− | :*'''[[PHP]]'''-language support; | + | :* '''[[PHP]]'''-language support; |
− | :*'''[[OpenLDAP]]''' that [[ | + | :* '''[[HA]]''', with a target that the ''Soft'' is available 99.99% of the time for any 24-hour period; |
− | :*'''[[MariaDB]]''' as the [[database management system]] | + | :* '''[[OpenLDAP]]''' that [[Opplet]] uses for [[identity and access management]]; |
− | :Particularly, the platform shall | + | :* '''[[TLS]]''', and |
− | + | :* '''[[MariaDB]]''' as the [[database management system]]. | |
− | + | : Particularly, the platform shall not store any confidential information, so such information cannot be accessed by anyone. | |
==Security== | ==Security== | ||
Line 40: | Line 64: | ||
*[https://www.mediawiki.org/wiki/Manual:Security/en#File_permissions File_permissions] | *[https://www.mediawiki.org/wiki/Manual:Security/en#File_permissions File_permissions] | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
===Maintenance scripts=== | ===Maintenance scripts=== | ||
===Upload security=== | ===Upload security=== | ||
Line 61: | Line 74: | ||
To create a special group called "uploadaccess", and allow members of that group to upload files: | To create a special group called "uploadaccess", and allow members of that group to upload files: | ||
$wgGroupPermissions['uploadaccess']['upload'] = true; | $wgGroupPermissions['uploadaccess']['upload'] = true; | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
==See also== | ==See also== | ||
Line 168: | Line 80: | ||
===Related lectures=== | ===Related lectures=== | ||
− | :* [[CNM Apps]]. | + | :* [[CNM Apps]]. |
[[Category:CNM COTS products]][[Category: CNM Cyber Orientation]][[Category: Articles]] | [[Category:CNM COTS products]][[Category: CNM Cyber Orientation]][[Category: Articles]] |
Latest revision as of 06:23, 15 April 2024
Educaship MediaWiki (formerly known as CNM Wikiware; hereinafter, the Soft) is the CNM stable app that is based on MediaWiki, which is a commercial off-the-shelf (COTS) wiki engine. In addition, the Soft deploys Educaship MariaDB as its database management system and Educaship LDAP for its authentication and authorization.
The Soft is configured to power CNM Wiki, WikiHandsOn, or WikiNext, which are both CNMCyber services and parts of Opplet.
Challenges
Guys, we are looking for one or more MediaWiki experts to resolve one or more of the challenges that are best described below.
- Screening question: Have you found the description of the challenges? May you resolve one or more of them? Which one or ones?
- We are open to teams. LDAP-MediaWiki and MediaWiki itself may require experts with different skill sets. We are interested in WSO2 IS - MediaWiki as well since we plan to add WSO2 IS. So, WSO2 IS-MediaWiki expert may be another freelancer.
LDAP integration (urgent task)
- Main wikipage: CNM MediaWiki IAM
File repository
- Software repository:
- Currently, the Soft itself is used as the repository; no federated repository is available. Because Opplet includes a few end-user applications, there is an idea to create one under the Warehouse for CNM Cloud project. Similarly, Wikipedia utilizes Wikimedia Commons as its repository.
- In addition, a few problems with pictures occurred in the past. As of early 2023, no problems are observed, but the quantity of stored files are about to increase significantly.
- SVG file support is another issue of the Soft development. The overwhelming majority of corporate files are in the SVG format, but, because the Soft doesn't support SVG, they need to be converted in the PNG one.
- So, the team looks for moving the Soft's files into a new repository. Under the most desired solution, (a) its files shall be available to various applications within Opplet and (b) SVG-files shall be stored there and displayed properly by the Soft's instances. If the most desired solution is not feasible, under an acceptable solution various instances of the Soft shall display the repository's files. The team will provide the hired expert with full access to two virtual machines; on the one Soft's instance is installed and on the second one a new repository should be installed.
- Opplet, which part the Soft is, has a dedicated email server; the team wonders whether we can plug a Soft email client, which is currently unused, into that server. So, the most desired solution would be integration to our Postfix/Dovecot server; if the most desired solution is not available, internal email functioning would be accepted. The team will provide the hired expert with full access to the virtual machine on which Soft's instance is installed.
SOP
- Currently, CNM Farms policies are utilized for archive, backup, monitoring, security, snapshot, and restoration policies. However, there could be some Soft's useful plugins or policies that the team is unaware of. Specifically to its security, the team hasn't done pretty much anything. So, the team looks for (a) the updated Soft's standing operating procedure (SOP) and (b) a the Soft instance that would be built using the new SOP. The team will provide the hired expert with full access to a virtual machine on which Soft's instance can be installed.
Guided tour
- We use the CNMCyber Guided Tours format and need someone to organize an event that would present the Soft. The event should feature:
- A speaker and/or presenter who would demonstrate a separate, so-called experiential, instance of the Soft, while following its description. The participants shall follow the presentation, try the Soft instance on their own, ask questions, and get the speaker/presenter answers.
- Recording that would be published online by the team.
Markup specification
Talk-page rename
Business functionality
Besides supporting CNM Wiki, the App serves as a practice tool in the learning that is delivered by Bracka School and related to knowledge management software.
System-user roles
- Opplet handles identity and access management (IAM) for the Soft's instances (including "create account" and "change other users' rights" functions). Thus, the system-user roles of the Soft's users are those Opplet roles that are specifically based on rights of groups granted by MediaWiki. The software-defined rights can be found at MediaWiki's list of groups.
Platform
- Main wikipage: CNM Farms
- CNM Farms shall provide every instance of the Soft with all resources that the Soft needs in order to run smoothly, including:
- PHP-language support;
- HA, with a target that the Soft is available 99.99% of the time for any 24-hour period;
- OpenLDAP that Opplet uses for identity and access management;
- TLS, and
- MariaDB as the database management system.
- Particularly, the platform shall not store any confidential information, so such information cannot be accessed by anyone.
Security
Vulnerability alerts
Extensions
- Extensions
- Sendmail is required in order for the system to be able to send e-mails.
- Shell access is required to run maintenance scripts; upgrading MediaWiki may be more difficult without it.
File permissions
- Main wikipage: File permission
Maintenance scripts
Upload security
Main wikipage: Upload_security
Upload permissions Per default, all registered users can upload files. To restrict this, you have to change $wgGroupPermissions: To prevent normal users from uploading files: $wgGroupPermissions['user']['upload'] = false; To create a special group called "uploadaccess", and allow members of that group to upload files: $wgGroupPermissions['uploadaccess']['upload'] = true;
See also
Development
- Development of the Soft occurs under the MediaWiki for CNM Cloud project.