User:Revansx/meza/enterprise installation walk-through

MEZA Installation and Configuration Journal
Notice - I discovered that my RHEL environment has a security policy that asserts a UMASK setting of 077 to my system. This has causes a lot of trouble with my installation process and "meza deploy .. " commands. I will attempt to draw attention to it in my walk through, but, please know that the FIRST thing I do after logging in to my bash shell through PuTTY is to execute the command "Umask 022" to relax the umask setting while I am working. This has to be done at the beginning of every login. .. just fyi

Pre-Install Notes

 * 1) Clean RHEL7 system - nothing except what my organization's security team deamed essential
 * 2) had to ensure that my RHEL7 box was subscribed to the epel repositories that would find git, etc..
 * 3) configured PuTTy to connect to the server and create a text file log of all console activity
 * 4) logged in to the server with PuTTy
 * 5) cd'd to
 * 6) ran
 * 7) saved the putty log file for reference

Meza Install

 * 1) performed MEZA install per: https://www.mediawiki.org/wiki/Meza/Install_on_existing_server
 * 2) ** used my full system host name referred to here as:
 * 3) ** supplied my own password referred to here as
 * 4) * The first time I tried this I did have some issues with the way my systems default "unmask" settings were due to my organizations security requirements, but this was resolved by Meza developers (Thanks James) and the second attempt went perfectly.
 * 5) Visited my server in the browser at:
 * 6) * Note: it set *everything* including a self-signed cert, so I got the usual warning from my browser.
 * 7) cleared the putty log and re-ran   and saved it for reference
 * 8) cleared the putty log and ran   to see what was installed and saved it for reference
 * 1) Visited my server in the browser at:
 * 2) * Note: it set *everything* including a self-signed cert, so I got the usual warning from my browser.
 * 3) cleared the putty log and re-ran   and saved it for reference
 * 4) cleared the putty log and ran   to see what was installed and saved it for reference

SSL Certs
Working with my organization to install a *valid* cert purchased by my organization
 * Note: discovered that SSL is handled by Meza's load balancer, which is called HAProxy
 * Note: keys are at  as   and
 * my organization uses chain certs (trusted cert -> intermediate cert -> star/wildcard cert
 * 1) had my server admin generate the certs on the system and named the wildcard/star cert to meza.cert
 * 2) ran
 * this is NOT YET WORKING .. the HAProxy doesn't seem to like the cert chain.. deferring this for now

Updating the Logo

 * 1) cd'd to:   and changed the   file
 * 2) ran   to re-deploy only what was needed to update the landing page

Adding SAML Auth
using the instruction here: https://www.mediawiki.org/wiki/Meza/Setup_SAML_authentication
 * 1) Step 1: Set secret config
 * 2) run   and paste the 32 character output to a scratch pad (notepad or whatever) as the salt code to be used below when needed
 * 3) run   and paste the 16 character output to a scratch pad (notepad or whatever) as the adminpassword to be used below when needed
 * 4) discovered that   is encrypted,   so the solution is provided to me as:
 * 5) run   to set the variable   to   (my environment)
 * 6) then run    which will de-crypt the file   automatically launching it in readable text in the infamous "vi" editor.
 * 7) Now to edit using the vi editor (vi notes)
 * 8) down arrow to the last character of the end of the and type   which will put you in "insert" mode and allow you to add new lines.
 * 9) copy the text from the SAML link above into the secret.yml file at the end  (  to copy it from notepad and   to past it into "vi")
 * 10) cursor up to the line that reads:    and replace the    with the salt code created above in step 1.1
 * 11) cursor down to the line that reads:   and replace   with the adminpassword created in step 1.2 above
 * 12) Type   to save and exit vi
 * 13) exiting vi from the ansible-vault edit command automatically re-encrypts the file
 * 14) you should now be back at the system cli
 * 15) Step 2: Set public config

Added more Wikis

 * 1) added new wikis using
 * 2) * note: was surprised that this did not create any users, but apparently this is normal
 * 3) looking in to how to create sysop users.. my hope is to get the SAML e-auth working and have users added automatically by e-auth from my organizations identity provider