Mediawiki extensions

As I have written elsewhere a good deal of the power and pain of implementing a Wiki with Mediawiki is in the use and deployment of extensions.

At the moment I am suffering from the interaction of two extensions

I am using the Ldap authentication extension to authenticate the users against the company's Microsoft Windows 2003 Active Directory. This is working very well and generated a great deal of kudos when it was deployed. Not actually single sign on, but a small step in that direction for us. Actually, after slogging through the documentation, it wasn't so difficult to install and configure. Not withstanding anything else I may have written elsewhere on this blog.

I am using the "My Blog" extension to allow the users to create simple blog pages. The blog pages are simply ordinary wiki pages, which are aggregated very much in the manner of templates.

Although users login successfully, they receive a message which suggests that they do not because their cookie settings are incorrect and they are presented with another login box. However, if they just traverse away from the login page everything is fine. But everyone had to be told that they could.


OK, I was wrong above. After further investigation, it appears that the problem originates in the PasswordProtected extension. Having checked and re-checked the source code it is far from clear exactly why it should be causing the problem. Luckily, having reviewed the functionality, it doesn't work in quite the way we'd like so I was able to remove the extension from the LocalSettings.php file.

No sooner was I was congratulating myself on the implementation of the Ldap authentication extension against 3 internal Microsoft Active Directory Domains, than I was asked to add authentication against the Ldap service of our Lotus Notes installation. Having already configured the MS AD Domain authentication this was actually quite simple. In fact I've been able to comparing the two, the ldap authentication against Lotus Notes is simpler than MS AD Domains! In fact, I've re-ordered the Domain login list, so that Lotus Notes is the first option, and left the MS AD domain login option for only a restricted group of users.

There was one thing that surprised me about the user management side of Mediawiki. And this may be a result of our using the Ldap authentication plugin, especially against multiple domains. When A N User from Domain A logged in and a local User called A n user was created. If later on A N User from Domain B logged in, then the Domain B user would be mapped to the same local A n user account as the Domain A user.

Now, in my environment, this is exactly what I want. In fact, if it didn't I'd probably have to be scrabbling through the source code to try and mangle the usernames to try and achieve that result.

Mediawiki VMware appliances

In general I really like downloading appliances from the VMware Community website. However, when I had to provision a Wiki for the entire company I quickly moved away from the appliances you can download.

The Jumpbox appliance is wonderful if you do not need or want anything further.

The rPath appliance is a bit is a bit more functional for an enterprise deployment. There is afterall a console that can be logged into. However the built-in OS upgrade didn't work. Via the website, it just hung. Via the commandline it ended up in an inconsistent state from which it could no longer be updated. D'Oh!

In the end I rolled my own from a CentOS Linux v5.1 Virtual Machine. I installed the latest MySQL, Apache, PHP (& loads of php libraries) and Mediawiki v1.12.0 - much further on than the v1.6.x version that the rPath appliance provided.

Part of the power and frustration of Mediawiki is the ability to extend the functionality using extensions.

I added a number of extensions to the instalation:

• Ldap Authentication (to the company MS 2003 AD)
• ImageMap
• WhosOnline
• etc

However, I battled the Ldap Authentication extension for most of a day and the ImageMap extension for most of an afternoon. The slightest mistake in the LocalSettings.php configuration file for Mediawiki or a missing library or misspelled filename would cause everything to fall apart. In contrast, WhosOnline was a dream to install. Its special page just loads and just works. Huzzah!

Trying to make the result pretty, like the Wikipedia homepage, is a whole different story. There is still knowledge required of the dhtml, css, etc.

The Initial Cost of VMware

I've written elsewhere abut the incremental cost of a VMware licence at the firm at which I work. But what about the initial cost?

There is the cost of:

• the new hardware
• training
• VMware software
• OS Licences
• additional Application Licences
• Administrator time!?!?

I try and use CentOS Linux for everything these days, but sometimes you need to use Windows. It takes just 5 to 10 minutes to create a new Windows VM from a template. However, just because you can doesn't mean you should. Each one of those Windows VMs will need a licence.

How do you factor in the cost of the mistakes you'll make with new technologies?

Some of these mistakes you will hope to avoid. Who makes mistakes? Or admits to them anyway?


Administrator time is a constant surely? I'm joking, but sometimes it does seem like there is a belief that a finite group can undertake infinite work.

There is also the opportunity cost of your Administrators not just improving and optimizing your existing infrastructure.

Training!? Choosing the right training first off for a new technology is difficult. For VMware, I'd recommend Elias Khnaser's Training DVDs. Having used VMware for nearly two years now, there are holes in his coverage. However, he also covers some topics I've yet to need to get involved with.

And new hardware! Well that wasn't a road we went down. To start with our development box was an IBM 366 with an EXP400 that had been forklifted from site to site to site. The downside, which we've had to explore extensively, is that as it originated in California IBM are unable supply a replacement motherboard in this country - a 366 in this country has different part numbers! In the long run, completely new hardware might have been the cheaper option, simply in Administrator time. Whilst we were getting the server back up, we weren't doing other more productive work!

So it goes.

Vizioncore vRanger configuration

Ensure that you have modified the System Resource Reservation parameters, which reserves resources for the backup process to utilize.


Foreach ESX Server:
On the Configuration-> Ststem Resource Reservation->Simple Tab, set
CPU : 1500Mhz
Memory : 800MB


The Simple setting equates to the host->system setting under the Advanced tab!

After changing these settings, it is necessary to reboot the ESX server, before they take effect. Consequently, it is a good idea to set this all up before you start serving Virtual Machines.

Then

1. Verify that the ssh client service has been enabled on the ESX hosts to be backed up.
2. Enter all ESX hosts into Ranger by IP or FQDN.
3. Create a backup user on the ESX hosts. N.B. root ssh access is required for vmfs --> vmfs backups & restores.
4. To verify correct configuration, it is recommended that initial attempts should be undertaken using Ranger's legacy mode.

The Incremental Cost of a VMware Licence

A VMware Infrastructure 3 Enterprise licence for 2 processors costs £2948.00.
Gold Support for for the same costs £619.46

However, at least at my company, there is additional software used in the VMware deployment. So the incremental cost of a VMware license isn't just £3567.46

Veeam Reporter is used for Infrastructure Reporting, which costs $150, which includes the first years support charge. An additional year's support is $25.

Vizioncore vCharter is used for Consolodated Performance Monitoring. vCharter costs £169.00 per CPU/year incl 1 year support.

VMware Consolodated Backup & Vizioncore vRanger Pro are used for Virtual Machine Backup. VCB is part and parcel of the VI 3 Enterprise Licence. vRanger costs £279.00 per CPU.

All that comes to £523.00, making a grand total of £4090.46.

Obviously specific prices are only correct at time of going to press and where foreign companies were involved probably subject to the vagaries of exchange rate movements! However, the general point that your costs are not only limited to the cost of the VMware licence remains.

N.B. all prices in this blog are quoted without VAT - UK Sales tax.

keyboard setting on rPath VMware appliances

rPath VMware appliances are set up for a US audience. Perhaps unsurprisingly.

So their keyboard setting are always for US keyboards. TO change that for a UK keyboard, just change the contents of the /etc/sysconfig/keyboard file from

KEYBOARDTYPE="pc"
KEYTABLE="us"

to

KEYBOARDTYPE="pc"
KEYTABLE="uk"

Lotus Notes install on CentOS Linux

Actually this is a case where my mileage didn't vary at all.

I needed to install IBM's Lotus Domino server software onto a Linux machine - for once these days real iron not a virtual machine.

Obviously, I started with the latest version of CentOS - v5.1. I had no choice on the version of Lotus Domino - it had to be v6.5.5. It had to match our windows servers.

I ran into the problem of libstdc++-libc6.1.1.so.2 being missing which I resolved by loading the compat-libstdc++-296.2.96 rpm and linking the missing library to the later library provided by that rpm.

This still didn't resolve the problem. I still had a missing library: libXp.so! A quick yum install -y libXP resolved that. However, the Lotus Domino java installation program now just hung trying to create a session.

I ran out of time. A swift look at the IBM website for OS requirements for Lotus Domino installation and I conceded defeat. Next step I downloaded the CentOS v2.1 !! That was another 20 to 30 minutes to install and then it was back to the Lotus Domino install.

The only alternative would have been to use version 8 of the Lotus domino software. Something that just wasn't possible. Sigh!

An additional thought about whitespace and LDAP

I will have to test it, but it could be that the problem I have with using

ldapclient -v manual \
-a credentialLevel=self \
-a authenticationMethod=sasl/gssapi \
...

is that as all the users are in Active Directory OUs named things like "EMEA ENG" or "APR ENG".

As I reported earlier I had a number of problems with whitespace in the ldapclient command line. It could be that this was another problem with whitespace. However, this problem was masked by occurring at a stage where it appeared everything was working successfully.

Hopefully I can rename the OUs to be EMEA, APR, etc and resolve the issue.