Musterfirma GmbH/Documentation: Unterschied zwischen den Versionen

(Markierung: 2017-Quelltext-Bearbeitung)
(Authentication and Security Levels)
(Markierung: 2017-Quelltext-Bearbeitung)

Seitenumbruch

Management Summary[Bearbeiten | Quelltext bearbeiten]

Musterfirma has organizational wikis.

The organization wikis vary in size, some have a size of only a few pages. About 5 wikis have a much larger size. All model company wikis have a total of about 400 users.

The following procedure has been defined:

  • Users are currently managed by SAML. In addition, access to the individual wikis should be controlled via SAML.

Seitenumbruch

Server Infrastructure[Bearbeiten | Quelltext bearbeiten]

Server environment[Bearbeiten | Quelltext bearbeiten]

Server Server name URL Configuration
Production System rz14.musterfirma.local https://wiki.musterfirma.de/ Ubuntu 16.04.

8 CPUs

32 GB RAM

Development System rz14.musterfirma.local https://wiki-a.musterfirma.de Ubuntu 16.04.

8 CPUs

32 GB RAM

Setup BlueSpice pro with WikiFarm[Bearbeiten | Quelltext bearbeiten]

BlueSpice pro Services:[Bearbeiten | Quelltext bearbeiten]

Services for the operation of BlueSpice pro:[Bearbeiten | Quelltext bearbeiten]
  • Webserver (Apache) with PHP
  • Database (MariaDB)
Additonal Services:[Bearbeiten | Quelltext bearbeiten]
Service required for
NodeJS/Parsoid VisualEditor
NodeJS/PhantomJS generating screenshots (e.g. recent changes)
Java Application Server (Jetty)/ Tomcat PDF export
Java Application Server (Jetty)/ VisualDiff compare versions of a page
Java Application Server (Jetty)/ TeX math formulas
Search Server (ElasticSearch) search
SVG-Renderer (Inkscape) .svg
Python/Pygmentize syntax highlighting source code in pages

Scheme Docker Container[Bearbeiten | Quelltext bearbeiten]

Seitenumbruch

Production Wiki[Bearbeiten | Quelltext bearbeiten]

History / Important Deployments[Bearbeiten | Quelltext bearbeiten]

Protocol by Horst Schreiber
First installation 2017-04-02
Update to current codebase 3.0.0 2018-11-26
Update to 3.0.1 2019-03-27
Update


Access[Bearbeiten | Quelltext bearbeiten]

Remote Access VPN -> SSH
ID a_exNNNNN
Username for SSH ICA\a_exNNNNN


Installed programs (applications)[Bearbeiten | Quelltext bearbeiten]

URL https://wiki.musterfirma.de
Domains
  • wiki.musterfirma.de
  • wikidocs.musterfirma.de
Server name rz14.musterfirma.local
Operating System Ubuntu 16.04.
BlueSpice Version 3.0.1 pro WikiFarm
MediaWiki Version 1.31.1
Deployment package Docker
Path to Docker files /data/bluespice/bluespice
Authentication SAML.php
Notes Group assignment to instances in 099-AdditionalPermissions.php


Please note for updates[Bearbeiten | Quelltext bearbeiten]

Since it is currently not possible to set the permissions properly, the delete permission has been withdrawn from the editor DefaultSettings.php.


Docker[Bearbeiten | Quelltext bearbeiten]

Starting Docker[Bearbeiten | Quelltext bearbeiten]

                    docker run -d -v /data/bluespice/certificates:/etc/apache2/ssl  -v 
/data/bluespice/bluespice/099-AdditionalPermissions.php:/var/www/bluespice/w/settings.d/099-
    AdditionalPermissions.php -v 
/data/bluespice/database:/var/lib/mysql -v 
/data/bluespice/elasticsearch:/var/lib/elasticsearch -v 
/data/bluespice/bluespice:/opt/bluespice-docker -v /data/bluespice/backup:/backup -v 
/data/backups-mediawiki:/import -e "TZ=Europe/musterfirma"  -lCE -t -p 80:80 -p 443:443 -p 8000:8000 
    -p 8001:8001 1d85e6a800e9

                

Docker IP[Bearbeiten | Quelltext bearbeiten]

                    cat /etc/doc ker/daemon.json
{
        "bip": "172.19.10.1/24",
        "fixed-cidr": "172.19.10.1/24"
}

                


Backup / Cronjobs[Bearbeiten | Quelltext bearbeiten]

Cronjobs[Bearbeiten | Quelltext bearbeiten]

runJobs daily

Backup[Bearbeiten | Quelltext bearbeiten]

BackupDatabases daily


Services[Bearbeiten | Quelltext bearbeiten]

Database[Bearbeiten | Quelltext bearbeiten]

Programm MariaDB
Version 10.1.37

PHP[Bearbeiten | Quelltext bearbeiten]

Version 7.0.30

Jetty[Bearbeiten | Quelltext bearbeiten]

Version 9

Caching[Bearbeiten | Quelltext bearbeiten]

opcache
memcached

Webserver[Bearbeiten | Quelltext bearbeiten]

Programm Apache
Version 2.4.18
Seitenumbruch

Development Wiki[Bearbeiten | Quelltext bearbeiten]

History / Important Deployments[Bearbeiten | Quelltext bearbeiten]

Protocol by Sarah Naumann
First Installation 2018-11-26
Update to 3.0.1 2019-03-26
Update

Access[Bearbeiten | Quelltext bearbeiten]

Remote Access VPN -> SSH
ID a_exNNNNN
Username for SSH ICA\a_exNNNNN

Installed programs (applications)[Bearbeiten | Quelltext bearbeiten]

URL https://wiki.musterfirma.de
Domains
  • wiki.musterfirma.de
  • wikidoc.musterfirma.de
Server Name rz17.musterfirma.local
Operating System Ubuntu 16.04.
BlueSpice Version 3.0.1 pro WikiFarm
MediaWiki Version 1.31.1
Deployment Package Docker
Path to Docker files /data/bluespice/bluespice
Authentication SAML.php
Notes Group assignment to instances in 099-AdditionalPermissions.php

Please note for updates[Bearbeiten | Quelltext bearbeiten]

Since it is currently not possible to set the permissions properly, the delete permission has been withdrawn from the editor DefaultSettings.php.

Docker[Bearbeiten | Quelltext bearbeiten]

Starting Docker[Bearbeiten | Quelltext bearbeiten]

                    docker run -d -v /data/bluespice/certificates:/etc/apache2/ssl  -v 
/data/bluespice/bluespice/099-AdditionalPermissions.php:/var/www/bluespice/w/settings.d/
	099-AdditionalPermissions.php -v 
/data/bluespice/database:/var/lib/mysql -v 
/data/bluespice/elasticsearch:/var/lib/elasticsearch -v 
/data/bluespice/bluespice:/opt/bluespice-docker -v /data/bluespice/backup:/backup -v 
/data/backups-mediawiki:/import -e "TZ=Europe/Berlin"  -lCE -t -p 80:80 -p 443:443 
	-p 8000:8000 -p 8001:8001 1d85e6a800e9

                

Docker IP[Bearbeiten | Quelltext bearbeiten]

                    cat /etc/doc ker/daemon.json
{
        "bip": "172.19.10.1/24",
        "fixed-cidr": "172.19.10.1/24"
}

                

Backup / Cronjobs[Bearbeiten | Quelltext bearbeiten]

Cronjobs[Bearbeiten | Quelltext bearbeiten]

runJobs daily

Backup[Bearbeiten | Quelltext bearbeiten]

BackupDatabases daily

Services[Bearbeiten | Quelltext bearbeiten]

Database[Bearbeiten | Quelltext bearbeiten]

Programm MariaDB
Version 10.1.37

PHP[Bearbeiten | Quelltext bearbeiten]

Version 7.0.30

Jetty[Bearbeiten | Quelltext bearbeiten]

Version 9

Caching[Bearbeiten | Quelltext bearbeiten]

opcache
memcached

Webserver[Bearbeiten | Quelltext bearbeiten]

Programm Apache
Version 2.4.18
Seitenumbruch

Authentication and Security Levels[Bearbeiten | Quelltext bearbeiten]

SAML/Prod[Bearbeiten | Quelltext bearbeiten]

The following domains are all connected to SAML:

  • wiki.musterfirma.de = Main Instance = WikiFarm Management
  • wiki.Musterfirma.de redirects to wiki.musterfirma.de/Musterfirma = Musterfirma Wiki
  • wikidocs.Musterfirma.de redirects to wiki.musterfirma.de/Musterfirma with local login


Security levels of wikis[Bearbeiten | Quelltext bearbeiten]

* = (all) = applies to every visitor of the wiki, including those who do not log in.

Public[Bearbeiten | Quelltext bearbeiten]

permissions
user group login required sys admin wiki maintain admin editor reader
[...]_Admin x x x x x
* --- --- --- x x

Protected[Bearbeiten | Quelltext bearbeiten]

permissions
user group login required sys admin wiki maintain admin editor reader
[...]_Admin x x x x x
[...]_Editeren x --- --- x x
* --- --- --- --- x

Private[Bearbeiten | Quelltext bearbeiten]

permissions
user group login required sys admin wiki maintain admin editor reader
[...]_Admin x x x x x
[...]_Editeren x --- --- x x
[...]_Lezen x --- --- --- x
* --- --- --- --- ---

Admin[Bearbeiten | Quelltext bearbeiten]

permissions
user group login required sys admin wiki maintain admin editor reader
[...]_Admin x x x x x
* --- --- --- --- ---


URL[Bearbeiten | Quelltext bearbeiten]

If the URL of a wiki does not exist (or there is a letter error because of case-sensitivity), the user is currently redirected to the farm management. Depending on the authorization level, the user might not have access. It is possible to redirect the user to a page of another instance. However, this can only be done once. Redirects always link to the same instance. On the target page you could, for example, store an overview of operating wikis.

{{CustomTOC|limit=3}}
        
        
        <bs:universalexport:pagebreak />
        
        ==Management Summary==
        
        Musterfirma has organizational wikis. 
        
        
        
        The organization wikis vary in size, some have a size of only a few pages. About 5 wikis have a much larger size. All model company wikis have a total of about 400 users. 
        
        
        
        The following procedure has been defined: 
        
        
        
            
            
        *Users are currently managed by SAML. In addition, access to the individual wikis should be controlled via SAML.
        
        
        <bs:universalexport:pagebreak />
        
        
        
        ==Server Infrastructure==
        
        ===Server environment===
        
        {| class="contenttable-blue" width="100%"
        
        |-
        
        ! style="width: 300px;" |Server
        
        !Server name
        
        !URL
        
        !Configuration
        
        |-
        
        ||Production System
        
        ||rz14.musterfirma.local
        
        |https://wiki.musterfirma.de/
        
        |Ubuntu 16.04.
        
        8 CPUs
        
        
        
        32 GB RAM
        
        |-
        
        ||Development System
        
        ||rz14.musterfirma.local
        
        |[https://wiki.musterfirma.de/ https://wiki-a.musterfirma.de]
        
        |Ubuntu 16.04.
        
        8 CPUs
        
        
        
        32 GB RAM
        
        |}
        
        
        
        ===Setup BlueSpice pro with WikiFarm===
        
        
        
        ====BlueSpice pro Services:====
        
        =====Services for the operation of BlueSpice pro:=====
        
        
        
        *Webserver (Apache) with PHP
        
        *Database (MariaDB)
        
        
        
        =====Additonal Services:=====
        
        {| class="contenttable-blue" width="100%"
        
        |-
        
        ! style="width: 300px;" |Service
        
        !required for
        
        |-
        
        ||NodeJS/Parsoid
        
        ||VisualEditor
        
        |-
        
        |NodeJS/PhantomJS
        
        |generating screenshots (e.g. recent changes)
        
        |-
        
        |Java Application Server (Jetty)/ Tomcat
        
        |PDF export
        
        |-
        
        |Java Application Server (Jetty)/ VisualDiff
        
        |compare versions of a page
        
        |-
        
        |Java Application Server (Jetty)/ TeX
        
        |math formulas
        
        |-
        
        |Search Server (ElasticSearch)
        
        |search
        
        |-
        
        |SVG-Renderer (Inkscape)
        
        |.svg
        
        |-
        
        |Python/Pygmentize
        
        |syntax highlighting source code in pages
        
        |}
        
        ====Scheme Docker Container====
        
        {{#drawio:Aufbau des Dockercontainers}}
        
        
        <bs:universalexport:pagebreak />
        
        
        
        ==Production Wiki==
            
            {{:Musterfirma_GmbH/Production_System}}<bs:universalexport:pagebreak />
            
            
            
            ==Development Wiki==
            
            {{:Musterfirma_GmbH/Development_System}}<bs:universalexport:pagebreak />
            
            
            
            ==Authentication and Security Levels==
        
        ===SAML/Prod===
        
        The following domains are all connected to SAML:
        
        
        
        *[https://wiki.musterfirma.de/w/index.php/Special:SimpleFarmer wiki.musterfirma.de] = Main Instance = WikiFarm Management
        
        *[https://wiki.musterfirma.de/Musterfirma wiki.Musterfirma.de] redirects to wiki.musterfirma.de/Musterfirma = Musterfirma Wiki
        
        *wikidocs.Musterfirma.de redirects to wiki.musterfirma.de/Musterfirma with local login
        
        
        
        
        <br>
        
        ===Security levels of wikis===
        
        
        <nowiki>*</nowiki> = (all) = applies to every visitor of the wiki, including those who do not log in.
        
        
        
        ====Public====
        
        {| class="wikitable" width="100%"
        
        ! colspan="2" |
        
        ! colspan="4" |permissions
        
        |-
        
        !user group
        
        !login required
        
        !sys admin
        
        !wiki maintain admin
        
        !editor
        
        !reader
        
        |-
        
        |[...]_Admin
        
        |x
        
        |x
        
        |x
        
        |x
        
        |x
        
        |-
        
        |*
        
        | ---
        
        |<nowiki>---</nowiki>
        
        |<nowiki>---</nowiki>
        
        |x
        
        |x
        
        |}
        
        
        
        ====Protected====
        
        {| class="wikitable" width="100%"
        
        ! colspan="2" |
        
        ! colspan="4" |permissions
        
        |-
        
        !user group
        
        !login required
        
        !sys admin
        
        !wiki maintain admin
        
        !editor
        
        !reader
        
        |-
        
        |[...]_Admin
        
        |x
        
        |x
        
        |x
        
        |x
        
        |x
        
        |-
        
        |[...]_Editeren
        
        |x
        
        | ---
        
        | ---
        
        |x
        
        |x
        
        |-
        
        |*
        
        | ---
        
        |<nowiki>---</nowiki>
        
        |<nowiki>---</nowiki>
        
        | ---
        
        |x
        
        |}
        
        
        
        ====Private====
        
        {| class="wikitable" width="100%"
        
        ! colspan="2" |
        
        ! colspan="4" |permissions
        
        |-
        
        !user group
        
        !login required
        
        !sys admin
        
        !wiki maintain admin
        
        !editor
        
        !reader
        
        |-
        
        |[...]_Admin
        
        |x
        
        |x
        
        |x
        
        |x
        
        |x
        
        |-
        
        |[...]_Editeren
        
        |x
        
        | ---
        
        | ---
        
        |x
        
        |x
        
        |-
        
        |[...]_Lezen
        
        |x
        
        | ---
        
        | ---
        
        | ---
        
        |x
        
        |-
        
        |*
        
        | ---
        
        |<nowiki>---</nowiki>
        
        |<nowiki>---</nowiki>
        
        | ---
        
        | ---
        
        |}
        
        
        
        ====Admin====
        
        {| class="wikitable" width="100%"
        
        ! colspan="2" |
        
        ! colspan="4" |permissions
        
        |-
        
        !user group
        
        !login required
        
        !sys admin
        
        !wiki maintain admin
        
        !editor
        
        !reader
        
        |-
        
        |[...]_Admin
        
        |x
        
        |x
        
        |x
        
        |x
        
        |x
        
        |-
        
        |*
        
        | ---
        
        |<nowiki>---</nowiki>
        
        |<nowiki>---</nowiki>
        
        | ---
        
        | ---
        
        |}
        
        
        <br>
        
        ===URL===
        
        If the URL of a wiki does not exist (or there is a letter error because of case-sensitivity), the user is currently redirected to the farm management. Depending on the authorization level, the user might not have access. It is possible to redirect the user to a page of another instance. However, this can only be done '''once'''. Redirects always link to the same instance. On the target page you could, for example, store an overview of operating wikis.
Zeile 7: Zeile 7:
  
 
The following procedure has been defined:  
 
The following procedure has been defined:  
 +
 
*Users are currently managed by SAML. In addition, access to the individual wikis should be controlled via SAML.
 
*Users are currently managed by SAML. In addition, access to the individual wikis should be controlled via SAML.
 
<bs:universalexport:pagebreak />
 
<bs:universalexport:pagebreak />
Zeile 77: Zeile 78:
 
{{#drawio:Aufbau des Dockercontainers}}
 
{{#drawio:Aufbau des Dockercontainers}}
 
<bs:universalexport:pagebreak />
 
<bs:universalexport:pagebreak />
 +
 +
==Production Wiki==
 +
{{:Musterfirma_GmbH/Production_System}}<bs:universalexport:pagebreak />
 +
 +
==Development Wiki==
 +
{{:Musterfirma_GmbH/Development_System}}<bs:universalexport:pagebreak />
  
 
==Authentication and Security Levels==
 
==Authentication and Security Levels==

Anhänge

Diskussionen