Maltfield Log/2025 Q1: Difference between revisions

From Open Source Ecology
Jump to navigation Jump to search
No edit summary
(trying to get around 413 errors)
Line 8: Line 8:
# [[Special:Contributions/Maltfield]]
# [[Special:Contributions/Maltfield]]


=Mon Mar 17, 2025=
My work log from the first quarter of the year 2025. I intentionally made this verbose to make future admin's work easier when troubleshooting. The more keywords, error messages, etc that are listed in this log, the more helpful it will be for the future OSE Sysadmin.


# the wiki is throwing errors, so Catarina says she can't use it
__TOC__
# last month Marcin locked me out of hetzner. I just discovered this yesterday, and I may have locked Marcin out of hetzner trying to do the password reset. So I just did a reboot over ssh and told Catarina to retry
# ...
# after some time, Catarina sent me a message confirming that she was able to login with her new wiki account
# I sent her an email asking her to setup 2FA per https://www.mediawiki.org/wiki/Extension:OATHAuth
<pre>
Great! Can you please setup 2FA on your new account?


* https://wiki.opensourceecology.org/wiki/Special:OATHAuth
=See Also=
 
# [[Maltfield_Log]]
Reminder: 2FA is going to be enforced on the hetzner3 wiki for all admin accounts. The reason we're giving you an admin account is so that you can login and reset 2FA on Marcin's account if he ever gets locked-out. That way you two can self-help without needing my intervention.
# [[User:Maltfield]]
 
# [[Special:Contributions/Maltfield]]
Please make sure to make a backup of your 2FA credentials.
</pre>
# now that she's confirmed access to her account and reset her password, I upgrade the account to actually be a member of the admin group
# ...
# Catarina signed-up for matrix.
# I created a new keepass db file with an entry for her obi-specific dreamhost account and generated a password for her to change the account to use
# I emailed her the keepass db and sent her the decryption password in matrix
# she updated the password, but the OTP was setup with TOTP
# she couldn't export the secret key from her TOTP app (Google Authenticator), so she disabled & re-enabled 2FA. This time she wrote down the secret key and recovery codes into the notes field of the keepass DB
# she emailed me back the updated keepass file, and (now with both the TOTP secret + password), I was able to login!
# the dreamhost account lists two domains
## openbuildinginstitute.org
## openmaterials.org
# The Domain Name section of the account dashboard only showed options for transferring the domains to other registrars
# apparently DNS entries are managed within the "Websites" -> "Manage Websites" section https://help.dreamhost.com/hc/en-us/articles/360056012291-Editing-or-deleting-custom-DNS-records
# this section had a few more domains
## everywheretech.org
## openbuildinginstitute.org
## openmaterials.org
## opensourcewarehouse.org
## researchnotebook.cc
# I tried to view/edit the DNS records for OBI, but it was an empty set; I got an error
# I refreshed the page and now I see the entries
<pre>
@
A
138.201.84.223
 
awstats
A
138.201.84.223
 
seedhome
A
138.201.84.223
 
staging
A
138.201.84.243
 
www
A
138.201.84.223
</pre>
# there's also another 6 A records + 4 MX records  + 1 CNAME record + 2 TXT records + 1 SRV record + 3 NS records
# so either I update these IP addresses in this dreamhost account directly
# ...or I *could* update the NS to just use the OSE (or some new OBI) cloudflare DNS
## that would avoid this issue in the future, but either merge obi and ose infra or make things more complicated
# I tried to check the settings for all of the 5 domains linked to this account, but the WUI was super buggy and two of them just refused to load at all
# this shitty website is too painful to work with; I'm just going to update the dns entry at CHG-time directly in the dreamhost account. hopefully it won't break then
# so we'll just have to change the ip address of 5x entries
# ...
# Catarina also sent me her new ssh public key
<pre>
catarina@catarina-MS-7C37:~/.ssh$ cat ~/.ssh/id_rsa.pub
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAACAQC/YEbUUrdgd9shaTU9gKfofVek6Hn6VDxLBgPw6am+qiKVgsD8jQpBApQu3qhuige7NpUkFTWEA/Ir+/NQaBHqqYbqkgtHfeIxx7QvDkojFQoHcJWpofNhcSZDax+EiY8L+OofOgdUcY+iwSnu/7/+hkOUA2vTUMfwqd23iA8mrrvrQWOHeFVKT7rLgMnd3zKG3pwRTHU51O3Gk4au0rhcHmQJscTCLjGD12BY8rO+Ua6zhjgahGRQ6lWPruWO2RL3IZT1oqcas8DUau1w5MiMqW1gQf328uav6WdgeMu4UahMp7RUXZz7B5qWGbQJO7SkM9+MM0we+24fwQBMP5FetHwu2yDij6AumXssyr+5hGBn7kcpZvpUPKnlXl7EftYPCvsJAEzO+VanFQPr1wmqouAJTujz+sQGjMiqBqvLObjehr6tfdaF3kgfvlI8vKXhIWgW0uRJ0Qk+8DKyGyOEi22zUNKTqp0fB5Az6Bb7op8iRq17Xfz2rI3H30ywhn8a/iuLraPkeUpzWvFuZ6c9OoRlQGTNhZ7qK5+tuDjLISICXNx6j1dLL0+6ga4Tzc5F4HYtKFFP/jWqT3AJgesvSY4RIMiS/IK7T+pd4ycOOOPeRxWTTBxyHLiVE0OdsFUy4YmHrx2/pHNZv17F3qEUw8DuYQW/jd5E3NMGpNnGUw==
catarina@catarina-MS-7C37
catarina@catarina-MS-7C37:~/.ssh$
</pre>
# I sent her an email (and also matrix) asking her to make backups of the .ssh directory
# ...
# I got no new mail from hetzner support
# I asked Marcin for our client number
# ...
# Catarina confirmed that she got the email sent to the obi-dreamhost-specfiic account
# I asked her to go ahead and update the email address associated with that account to the new email I created
# ...
# I still can't proceed with osemain or obi's new snapshot migration test – because I can't order that second IPv4 address as I'm still locked-out of hetzner
# ...
# here's TOFU 3/3 (ISP, exit in Ecuador)
<pre>
Ecuador
2025-03-17
INFO: Determining Latest Version of Wordpress Core
INFO: Determining Latest Version of Wordpress Themes
.
 
 
https://extdist.wmflabs.org/dist/extensions/DeleteBatch-REL1_43-59ffc3f.tar.gz
########################################################################## 100.0%
https://extdist.wmflabs.org/dist/extensions/SmiteSpam-REL1_43-d45b08a.tar.gz
########################################################################## 100.0%
https://github.com/edwardspec/mediawiki-moderation/archive/refs/tags/v1.8.22.tar.gz
  -=O=-#    #    #    #                                                   
https://downloads.wordpress.org/release/wordpress-6.7.2.zip
########################################################################## 100.0%
https://downloads.wordpress.org/theme/twentytwentyfive.1.1.zip
########################################################################## 100.0%
2025-03-17
120K DeleteBatch-REL1_43-59ffc3f.tar.gz
104K SmiteSpam-REL1_43-d45b08a.tar.gz
7.7M twentytwentyfive.1.1.zip
336K v1.8.22.tar.gz
28M wordpress-6.7.2.zip
2d0080dac51ead0c72f3e2ed06c47357ee8ea09f253dc4804f2a26ced6341b91  DeleteBatch-REL1_43-59ffc3f.tar.gz
8cc71c8aa28084babc0f0f5d5616aea2d4a8f8d309cc9ee3c3a3a1fc013498cf  SmiteSpam-REL1_43-d45b08a.tar.gz
7d588be49c9ad32bf47f83828756a9bb3f49b675a69a9f4daadf5b3daacd1455  twentytwentyfive.1.1.zip
dfaed40766bedcbf1879949e1a60abf816104725d5c416c1e97a4f2edcf9b7c2  v1.8.22.tar.gz
b6acbc116aabdc5a7c9bc4e861647148a1b444c1f2beec5440261b88f02c3a6e  wordpress-6.7.2.zip
</pre>
# great, all 5 files are identical for all 3 TOFUs
# I added all these files to hetzner3
# I updated the wiki CHG to include adding these 2 new extensions https://wiki.opensourceecology.org/wiki/CHG-2025-XX-XX_migrate_wiki_to_hetzner3
# I updated the obi CHG to include adding new themes, including the newly 3TOFU'd twentytwentyfive https://wiki.opensourceecology.org/wiki/CHG-2025-XX-XX_migrate_obi_to_hetzner3
 
=Sun Mar 16, 2025=
 
# I sent a follow-up email to Tom to confirm that his new ssh key was
## generated following our best-practices as documented on the wiki and https://wiki.opensourceecology.org/wiki/OSE_Server#SSH
## probably backed-up on his veracrypt-encrypted usb drive
# ...
# Here's TOFU 2/3 (VPN, exit in Germany)
<pre>
Germany
2025-03-16
INFO: Determining Latest Version of Wordpress Core
INFO: Determining Latest Version of Wordpress Themes
.
 
 
https://extdist.wmflabs.org/dist/extensions/DeleteBatch-REL1_43-59ffc3f.tar.gz
######################################################################### 100.0%
https://extdist.wmflabs.org/dist/extensions/SmiteSpam-REL1_43-d45b08a.tar.gz
######################################################################### 100.0%
https://github.com/edwardspec/mediawiki-moderation/archive/refs/tags/v1.8.22.tar.gz
-=O=-                        #    #    #    #                 
https://downloads.wordpress.org/release/wordpress-6.7.2.zip
######################################################################### 100.0%
https://downloads.wordpress.org/theme/twentytwentyfive.1.1.zip
######################################################################### 100.0%
2025-03-16
120K DeleteBatch-REL1_43-59ffc3f.tar.gz
104K SmiteSpam-REL1_43-d45b08a.tar.gz
7.7M twentytwentyfive.1.1.zip
336K v1.8.22.tar.gz
28M wordpress-6.7.2.zip
2d0080dac51ead0c72f3e2ed06c47357ee8ea09f253dc4804f2a26ced6341b91  DeleteBatch-REL1_43-59ffc3f.tar.gz
8cc71c8aa28084babc0f0f5d5616aea2d4a8f8d309cc9ee3c3a3a1fc013498cf  SmiteSpam-REL1_43-d45b08a.tar.gz
7d588be49c9ad32bf47f83828756a9bb3f49b675a69a9f4daadf5b3daacd1455  twentytwentyfive.1.1.zip
dfaed40766bedcbf1879949e1a60abf816104725d5c416c1e97a4f2edcf9b7c2  v1.8.22.tar.gz
b6acbc116aabdc5a7c9bc4e861647148a1b444c1f2beec5440261b88f02c3a6e  wordpress-6.7.2.zip
user@disp8402:/tmp/tmp.rUpogE2lis$
</pre>
# ...
# I tried to load the wiki (on hetzner2), but I got a varnish error
<pre>
 
Error 503 Backend fetch failed
 
Backend fetch failed
Guru Meditation:
 
XID: 58196320
 
Varnish cache server
</pre>
# I'm still able to ssh-in
# I restarted apache, but--wow--it took maybe 2 minutes for this command to finish
<pre>
[root@opensourceecology ~]# systemctl restart httpd
[root@opensourceecology ~]#
</pre>
# ...
# I updated the OBI CHG wiki article for the migration to hetzter3 to include both [a] a static site *and* [b] a broken wordpress site https://wiki.opensourceecology.org/wiki/CHG-2025-XX-XX_migrate_obi_to_hetzner3
# in order to test this, I need a new IP address and I'll need to update the ansible configs with a new vhost that binds to this new IP addres
# I tried to login to the hetzner account using the password in the OSE shared keepass, but I kept getting "Invalid credentials."
# I launched a new VM in chromium (to ensure it wasn't some b& due to my hardened firefox), and I the same error; including the account being locked
<pre>
Invalid credentials.
 
There have been too many login attempts! Please wait for 600 seconds before trying to log in again.
</pre>
# unfortunately, the credentials for the email address for this hetzner account is not listed in our ose shared keepass
# I logged-in as my google admin account, reset the password, and added the password to our keepass
# I then tried to login to the email account, but google demanded an OTP sent to some phone number.
# I sent an email to Marcin asking if he changed the creds, and asking what is the phone number
# I found that I could remove the phone number associated with the account from the Google Workspace admin panel
# then it said it sent an email with an otp to – the email I'm trying to login into!?
# I found a button next to "login challenge" to disable login challenges for 10 minutes
# that worked; I'm in.
# I discovered that this email account has a *lot* of emails, and many are banking related. So I decided *not* to set it up to foward to the shared operations google group list
# I see an email from Feb 19 indicating that the hetzner password changed
# I tried to reset the password several times. It never sends the email! Part of the issue is that it requires us to enter both [a] the "client number or login" and [b] the "email address"
## the only thing we have entered in our keepass is the email address, which is what we use for login
## there's also several distinct login portals for hetzner. One for hetnzer1. One for the cloud. One for the decdicated servers. We have a client ID for hetzner1, but it's alphanumeric. And we have a distinct client ID that was included in the email from hetzner last month about the password change, but that's also alphanumeric. I tried everything I could think-of for the "client number or login", including stripping the alpha characters (so it's truly just a "number"), but the email never came and eventually I got an error indicating that the account is now disabled
<pre>
Account is disabled.
 
There have been too many login attempts! Please wait for 600 seconds before trying to log in again.
</pre>
# there's no phone number to call on this page
# I found a phone number, but it's a +49. I can only call +1 for free from my Google Voice account :/ https://www.hetzner.com/support-form/
# I used the form on the above page to send a cryptographically signed message to hetzner asking them to please send us our "client number" to the email address associated with our account
# ...
# while I'm blocked and locked-out of the hetzner wui and I'm logged into the Google Workspace, I'll work on creating those accounts
# crap, I just realized that the shared keepass db doesn't have an entry for the hcaptcha-specific email account that I created on 2025-02-08
## I clearly stated in my log of that day that I added this entry to the keepass db. Is it possible that the file became corrupt somehow? Or maybe I accidentally updated it on hetzner3? https://wiki.opensourceecology.org/wiki/Maltfield_Log/2025_Q1#Sat_Feb_08.2C_2025
# no, the file doesn't even exist on hetzner3 yet
<pre>
root@hetzner3 ~ # ls -lah /etc/keepass
ls: cannot access '/etc/keepass': No such file or directory
root@hetzner3 ~ #
</pre>
# the file is on hetzner2, and says it's last updated today – but for some reason only I have write permissions?
<pre>
[maltfield@opensourceecology ~]$ ls -lah /etc/keepass/
total 180K
drwxrwx---    2 root      keepass  4.0K Mar 16 22:55 .
drwxr-xr-x. 104 root      root      12K Dec 30 22:33 ..
-rw-r-----    1 maltfield maltfield  45K Mar 16 22:55 passwords.kdbx
-rw-rw----    1 root      keepass  4.5K Jul 29  2017 passwords.kdbx.20170728.bak
-rw-rw----    1 root      keepass  4.5K Jul 13  2017 passwords.kdbx.20170804.bak
-rw-rw----    1 root      keepass    33K Aug 20  2019 passwords.kdbx.20190820.bak
-rw-rw----    1 maltfield maltfield  34K Sep  9  2019 passwords.kdbx.20190909.bak
-rw-rw----    1 root      keepass    27K May 26  2018 passwords.kdbxs.20180525.bak
[maltfield@opensourceecology ~]$
</pre>
# according to the wiki https://wiki.opensourceecology.org/wiki/OSE_Server#Keepass
<pre>
The passwords.kdbx file should be owned by the user 'root' and the group 'keepass'. It should have the file permissions of 660 (such that it can be read & written by 'root' and users in the 'keepass' group, but not accessible in any way from anyone else).
</pre>
# so I fixed this
<pre>
[root@opensourceecology keepass]# ls -lah
total 180K
drwxrwx---    2 root      keepass  4.0K Mar 16 22:55 .
drwxr-xr-x. 104 root      root      12K Dec 30 22:33 ..
-rw-r-----    1 maltfield maltfield  45K Mar 16 22:55 passwords.kdbx
-rw-rw----    1 root      keepass  4.5K Jul 29  2017 passwords.kdbx.20170728.bak
-rw-rw----    1 root      keepass  4.5K Jul 13  2017 passwords.kdbx.20170804.bak
-rw-rw----    1 root      keepass    33K Aug 20  2019 passwords.kdbx.20190820.bak
-rw-rw----    1 maltfield maltfield  34K Sep  9  2019 passwords.kdbx.20190909.bak
-rw-rw----    1 root      keepass    27K May 26  2018 passwords.kdbxs.20180525.bak
[root@opensourceecology keepass]#
[root@opensourceecology keepass]# chown root:keepass passwords.kdbx
[root@opensourceecology keepass]# chmod 0660 passwords.kdbx
[root@opensourceecology keepass]#
[root@opensourceecology keepass]# ls -lah
total 180K
drwxrwx---    2 root      keepass  4.0K Mar 16 22:55 .
drwxr-xr-x. 104 root      root      12K Dec 30 22:33 ..
-rw-rw----    1 root      keepass    45K Mar 16 22:55 passwords.kdbx
-rw-rw----    1 root      keepass  4.5K Jul 29  2017 passwords.kdbx.20170728.bak
-rw-rw----    1 root      keepass  4.5K Jul 13  2017 passwords.kdbx.20170804.bak
-rw-rw----    1 root      keepass    33K Aug 20  2019 passwords.kdbx.20190820.bak
-rw-rw----    1 maltfield maltfield  34K Sep  9  2019 passwords.kdbx.20190909.bak
-rw-rw----    1 root      keepass    27K May 26  2018 passwords.kdbxs.20180525.bak
[root@opensourceecology keepass]#
</pre>
# I also went ahead and made a backup now
<pre>
[root@opensourceecology keepass]# cp passwords.kdbx passwords.kdbx.20250316.bak
[root@opensourceecology keepass]#  
[root@opensourceecology keepass]# ls -lah
total 228K
drwxrwx---    2 root      keepass  4.0K Mar 16 23:42 .
drwxr-xr-x. 104 root      root      12K Dec 30 22:33 ..
-rw-rw----    1 root      keepass    45K Mar 16 22:55 passwords.kdbx
-rw-rw----    1 root      keepass  4.5K Jul 29  2017 passwords.kdbx.20170728.bak
-rw-rw----    1 root      keepass  4.5K Jul 13  2017 passwords.kdbx.20170804.bak
-rw-rw----    1 root      keepass    33K Aug 20  2019 passwords.kdbx.20190820.bak
-rw-rw----    1 maltfield maltfield  34K Sep  9  2019 passwords.kdbx.20190909.bak
-rw-r-----    1 root      root      45K Mar 16 23:42 passwords.kdbx.20250316.bak
-rw-rw----    1 root      keepass    27K May 26  2018 passwords.kdbxs.20180525.bak
[root@opensourceecology keepass]# chown root:keepass passwords.kdbx.20250316.bak
[root@opensourceecology keepass]# ls -lah
total 228K
drwxrwx---    2 root      keepass  4.0K Mar 16 23:42 .
drwxr-xr-x. 104 root      root      12K Dec 30 22:33 ..
-rw-rw----    1 root      keepass    45K Mar 16 22:55 passwords.kdbx
-rw-rw----    1 root      keepass  4.5K Jul 29  2017 passwords.kdbx.20170728.bak
-rw-rw----    1 root      keepass  4.5K Jul 13  2017 passwords.kdbx.20170804.bak
-rw-rw----    1 root      keepass    33K Aug 20  2019 passwords.kdbx.20190820.bak
-rw-rw----    1 maltfield maltfield  34K Sep  9  2019 passwords.kdbx.20190909.bak
-rw-r-----    1 root      keepass    45K Mar 16 23:42 passwords.kdbx.20250316.bak
-rw-rw----    1 root      keepass    27K May 26  2018 passwords.kdbxs.20180525.bak
[root@opensourceecology keepass]#
</pre>
# my best-guess/hope is that the entry for hcapcha just somehow failed to get added due to a network issue.
# I went ahead and reset the password on the hcapctha-specific google account and added it to keepass (again)
# ok, omg, wtf. I just realized the ops entry is missing. I *definitely* just added that today! What's happening!?!
# I created 3 new entries in keepass
## operations-specific email
## obi-dreamhost-specific email
## hetzner-specific email
# I generated random passwords for each, but I didn't set them to be used in the actual accounts yet.
# then I saved keepass, closed keepass, and shutdown my ose vm
# I restated my ose vm, mounted & unlocked the keepass
# the new entries are absent! What's happening!?
# I do see an error from the keepass terminal
<pre>
user@ose:~$ keepassxc
Maximum depth of replacement has been reached. Entry uuid: {REDACTED}
</pre>
# quick google shows this error; not sure if relevant https://github.com/keepassxreboot/keepassxc/issues/1741
# omg, actually, the ops and hcaptcha entries are back. So it's like the last save is now opening, but the one before it is not. I added the other two accounts, saved, restarted, and reunlocked
# I wonder if somehow there's a local copy that's being put in the mounted dir, which gets written-to during network issues
# yeah, on reboot I do see a file before I mount it!
<pre>
user@ose:~$ ls -lah mnt/ose/keepass/passwords.kdbx
-rw------- 1 user user 44K Mar 16 18:48 mnt/ose/keepass/passwords.kdbx
user@ose:~$
</pre>
# and, yeah, that local copy has the entries that I had added before. I'm just going to move this out of the way, mount the *real* one on hetnzer2, and confirm my new entries are finally saved
<pre>
user@ose:~$ mv mnt/ose/keepass/passwords.kdbx passwords.fail.20250316.kdbx
user@ose:~$
user@ose:~$ sshfs -p 32415 maltfield@138.201.84.223:/etc/keepass /home/user/mnt/ose/keepass -o IdentityFile=/home/user/.ssh/id_rsa.ose -o uid=1000
Enter passphrase for key '/home/user/.ssh/id_rsa.ose':
user@ose:~$ ls -lah mnt/ose/keepass/passwords.kdbx
-rw-rw---- 1 user 1005 45K Mar 16 18:57 mnt/ose/keepass/passwords.kdbx
user@ose:~$
</pre>
# ok, all the entries are present again. Now that I'm sure the passwords are durably saved in the shared keepass file on the server, I created the two new accounts (for hetzner and obi dreamhost)
# I also added catarina's personal gmail to the ops google group list
# I sent a test email to the new obi-specific-dreamhost account email to confirm that Catarina is new getting forwarded those emails
# I confirmed that *I* got the email forwarded to me; I'll wait for Catarina's reply
 
=Sat Mar 15, 2025=
 
# Marcin generated a new ssh key for me to auth his access
# I sent him an email asking him to confirm that the key was
## generated following our best-practices as documented on the wiki and https://wiki.opensourceecology.org/wiki/OSE_Server#SSH
## probably backed-up on his veracrypt-encrypted usb drive
# once he confirms, I'll add it to his authorized_keys file, and then we can confirm access is working
# ...
# Marcin sent me an email that seemed to suggest that we should delay the content fixes of osemain until after we migrate to hetzner3. I sent an email asking to confirm if that's his intention
# ...
# Catarina sent me output of `ls -lah ~/.ssh` which showed she has no ssh keypair
# I sent her the commands to generate a new keypair and asked if she has a backup solution in-place
# ...
# Catarina said she found the links to login to her new wiki admin account, but the password didn't work (maybe it expired)
# I logged-into the wiki today and tried to reset the password, but I got an error when trying to query for the username https://wiki.opensourceecology.org/index.php?title=Special%3AUserCredentials&target=CatarinaAdmin
<pre>
No credentials found for this user. Check that the name is spelled correctly.
</pre>
# I checked the list of users in the admin group, and it includes the ones I thought I had deleted!?
# According to my notes, I did this already on 2025-02-16 https://wiki.opensourceecology.org/wiki/Maltfield_Log/2025_Q1#Sun_Feb_16.2C_2025
# my best-guess is that I accidentally made the change on hetzner3, not hetzner2
# again, I edited these accounts, removing the 'administrator' role
## https://wiki.opensourceecology.org/index.php?title=Special%3AUserRights&user=Audrey+Rampone
## https://wiki.opensourceecology.org/index.php?title=Special%3AUserRights&user=Elifarley
## https://wiki.opensourceecology.org/index.php?title=Special%3AUserRights&user=Hart
## https://wiki.opensourceecology.org/index.php?title=Special%3AUserRights&user=Will
# I then tried to create the "CatarinaAdmin" user, but it said it already exists!
<pre>
Username entered already in use. Please choose a different name.
</pre>
# It looks like CatarinaAdmin isn't in the admin group yet, though
# first I confirmed her email address is correct. Ugh, she has 3x accounts already with the same email address
<pre>
MariaDB [osewiki_db]> select user_name,user_email from wiki_user where user_name like '%Catarina%';
+---------------+--------------------------+
| user_name    | user_email              |
+---------------+--------------------------+
| Catarina Mota | REDACTED |
| Catarina      | REDACTED |
| Catarinamota  | REDACTED |
| CatarinaAdmin | REDACTED |
+---------------+--------------------------+
4 rows in set (0.00 sec)
 
MariaDB [osewiki_db]>
 
</pre>
# I used this special page to send her a new password https://wiki.opensourceecology.org/wiki/Special:PasswordReset
# once she's able to confirm access, I'll grant it admin and ask her to setup 2FA.
# ...
# Catarina responded to my email about wordpress themes, asking me to install all of them on the new osemain site on hetzner3 – including twentytwentyfive
## https://wordpress.org/themes/twentytwentyfive/
## https://wordpress.org/themes/twentytwentyfour/
## https://wordpress.org/themes/generatepress/
## https://wordpress.org/themes/astra/
## https://wordpress.org/themes/oceanwp/
## https://wordpress.org/themes/hestia/
## https://wordpress.org/themes/neve/
# time for a new 3TOFU; I needed to do one for a few of the mediawiki plugins I suggested for Marcin earlier, anyway
<pre>
################################################################################
# File:    3tofu.sh
# Purpose: Execute these commands on 3 distinct machines (or VMs) on 3 distinct
#          days using 3 distinct networks exiting from 3 distinct countries
#
#          For more info on 3TOFU (and why this is important), see:
#          * https://tech.michaelaltfied.net/3tofu
#
# Authors: Michael Altfield <michael@michaelaltfield.net>
# Created: 2025-01-01 21:21:18+00:00
################################################################################
 
JQ=$(which jq) || (echo "ERROR: Cannot find 'jq'"; exit 1)
CURL="$(which curl) --location --retry 5 --retry-all-errors" || (echo "ERROR: Cannot find 'curl'"; exit 1)
GREP=$(which grep) || (echo "ERROR: Cannot find 'grep'"; exit 1)
 
REMOTE_FILES="https://extdist.wmflabs.org/dist/extensions/DeleteBatch-REL1_43-59ffc3f.tar.gz https://extdist.wmflabs.org/dist/extensions/SmiteSpam-REL1_43-d45b08a.tar.gz https://github.com/edwardspec/mediawiki-moderation/archive/refs/tags/v1.8.22.tar.gz"
WARNINGS=""
 
# in tails, we must torify
if  "`whoami`" == "amnesia"  ; then
CURL="/usr/bin/torify ${CURL}"
PYTHON="/usr/bin/torify ${PYTHON}"
fi
 
tmpDir=`mktemp -d`
pushd "${tmpDir}"
 
# first get some info about our internet connection
${CURL} -s https://ifconfig.co/country | head -n1
${CURL} -s https://check.torproject.org | grep Congratulations | head -n1
 
# and today's date
date -u +"%Y-%m-%d"
 
echo "INFO: Determining Latest Version of Wordpress Core"
json=$($CURL -s "https://api.wordpress.org/core/version-check/1.7/")
 
REMOTE_FILES="${REMOTE_FILES} $(echo "${json}" | $JQ -r '[.offers[]|select(.response=="upgrade")][0].download')"
 
themes='twentytwentyfive'
echo -ne "INFO: Determining Latest Version of Wordpress Themes \n\t"
for theme in $themes; do
echo -n '. '
json=$($CURL -s "https://api.wordpress.org/themes/info/1.2/?action=theme_information&slug=${theme}")
 
latest_version=$(echo $json | $JQ -r .version)
if [ "${latest_version}" = "null" ]; then
error=$(echo $json | $JQ -r .error);
description=$(echo $json | $JQ -r .description);
WARNINGS="${WARNINGS}\n\nWARNING: Failed to download theme ${theme}"
WARNINGS="${WARNINGS}\n\t$error"
WARNINGS="${WARNINGS}\n\t$description"
else
REMOTE_FILES="${REMOTE_FILES} $(echo $json | $JQ -r ".download_link")"
fi
done
echo
 
echo -e "${WARNINGS}"
echo
 
# get the file
for file in ${REMOTE_FILES}; do
echo "${file}"
${CURL} --progress-bar -O "${file}"
done
 
# checksum
date -u +"%Y-%m-%d"
du -sh *
sha256sum *
</pre>
# Here's TOFU 1/3 (Exit in Germany)
<pre>
Congratulations. This browser is configured to use Tor.
2025-03-16
INFO: Determining Latest Version of Wordpress Core
INFO: Determining Latest Version of Wordpress Themes
.
 
 
https://extdist.wmflabs.org/dist/extensions/DeleteBatch-REL1_43-59ffc3f.tar.gz
######################################################################### 100.0%
https://extdist.wmflabs.org/dist/extensions/SmiteSpam-REL1_43-d45b08a.tar.gz
######################################################################### 100.0%
https://github.com/edwardspec/mediawiki-moderation/archive/refs/tags/v1.8.22.tar.gz
  -=O=-              #    #    #    #                                   
https://downloads.wordpress.org/release/wordpress-6.7.2.zip
####################                                                      27.6%Crash Annotation GraphicsCriticalError: |[0][GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt (t=51.5764) [GFX1-]: RenderCompositorSWGL failed mapping default framebuffer, no dt
######################################################################### 100.0%
[1]+  Done                    torbrowser  (wd: ~)
(wd now: /tmp/user/1000/tmp.sHf2RQALl0)
https://downloads.wordpress.org/theme/twentytwentyfive.1.1.zip
######################################################################### 100.0%
2025-03-16
120K DeleteBatch-REL1_43-59ffc3f.tar.gz

Revision as of 22:29, 11 April 2025

My work log from the first quarter of the year 2025. I intentionally made this verbose to make future admin's work easier when troubleshooting. The more keywords, error messages, etc that are listed in this log, the more helpful it will be for the future OSE Sysadmin.

See Also

  1. Maltfield_Log
  2. User:Maltfield
  3. Special:Contributions/Maltfield

My work log from the first quarter of the year 2025. I intentionally made this verbose to make future admin's work easier when troubleshooting. The more keywords, error messages, etc that are listed in this log, the more helpful it will be for the future OSE Sysadmin.


See Also

  1. Maltfield_Log
  2. User:Maltfield
  3. Special:Contributions/Maltfield
Retrieved from "https://wiki.opensourceecology.org/index.php?title=Maltfield_Log/2025_Q1&oldid=304933"