chore: added wordpress (wip)

4 years ago · 736c89b6c1
parent 0e9c26e439
commit 736c89b6c1
21 changed files with 332 additions and 79 deletions
--- a/create-database.yml
+++ b/create-database.yml
@ -76,7 +76,7 @@
       - debug

  roles:
-    - role: connect-postgres
+    - role: postgres-container

 #############################################################
 # Sending smardigo management message to process
--- a/create-service.yml
+++ b/create-service.yml
@ -61,6 +61,9 @@

  roles:
    - role: connect
+      when: "'connect' in group_names"
+    - role: wordpress
+      when: "'wordpress' in group_names"

 #############################################################
 # run provisioning against newly created inventory
--- a/group_vars/all/plain.yml
+++ b/group_vars/all/plain.yml
@ -84,6 +84,7 @@ service_port_keycloak: "8080"
 service_port_kibana: "5601"
 service_port_logstash: "5044"
 service_port_mssql: "1433"
+service_port_mysql: "3306"
 service_port_node_exporter: "9100"
 service_port_postgres: "5432"
 service_port_portainer: "9000"
--- a/group_vars/connect/plain.yml
+++ b/group_vars/connect/plain.yml
@ -8,11 +8,13 @@ hetzner_server_type: cx21
 hetzner_server_labels: "stage={{ stage }} service={{ service }}"

 connect_client_id: "{{ cluster_name }}"
+connect_client_admin_username: "wordpress-admin"
+connect_client_admin_password: "wordpress-admin"

 current_realm_users: [
  {
-    "username": "connect-admin",
-    "password": "connect-admin",
+    "username": "{{ connect_client_admin_username }}",
+    "password": "{{ connect_client_admin_password }}",
  }
 ]

--- a/group_vars/wordpress/plain.yml
+++ b/group_vars/wordpress/plain.yml
@ -0,0 +1,40 @@
+---
+
+wordpress_mysql_root_password: "wordpress-mysql-root-password"
+wordpress_mysql_database: "wordpress-mysql"
+wordpress_mysql_username: "wordpress-mysql-admin"
+wordpress_mysql_password: "wordpress-mysql-admin"
+
+wordpress_domain_external: "{{ http_s }}://{{ stage_server_url_host }}"
+
+wordpress_client_id: "{{ cluster_name }}"
+wordpress_buergerportal_username: "wordpress-admin"
+wordpress_buergerportal_password: "wordpress-admin"
+
+current_realm_users: [
+  {
+    "username": "{{ wordpress_buergerportal_username }}",
+    "password": "{{ wordpress_buergerportal_password }}",
+  }
+]
+
+current_realm_clients: [
+  {
+    clientId: "{{ wordpress_client_id }}",
+    name: '{{ wordpress_client_id }}',
+    admin_url: '',
+    root_url: '',
+    redirect_uris: '
+      [
+        "https://{{ service_name }}.{{ domain }}/*",
+      ]',
+    secret: '{{ cluster_name }}',
+    web_origins: '
+      [
+        "https://{{ service_name }}.{{ domain }}/*",
+      ]',
+  }
+]
+
+wordpress_oidc_client_id: "{{ wordpress_client_id }}"
+wordpress_oidc_client_secret: "{{ cluster_name }}"
--- a/roles/connect-postgres/defaults/main.yml
+++ b/roles/connect-postgres/defaults/main.yml
@ -1,5 +0,0 @@
---
-
-connect_postgres_service_name: "{{ service_name }}-connectpostgres"
-
-connect_postgres_version: "12"
--- a/roles/connect-postgres/vars/main.yml
+++ b/roles/connect-postgres/vars/main.yml
@ -1,36 +0,0 @@
---
-
-connect_postgres_id: "{{ service_name }}-postgres-connect"
-
-connect_docker: {
-  networks: [
-    {
-      name: back-tier,
-      external: true,
-    }
-  ],
-  volumes: [
-    {
-      name: "{{ connect_postgres_id }}-data"
-    }
-  ],
-  services: [
-    {
-      name: "{{ connect_postgres_id }}",
-      image_name: "postgres",
-      image_version: "{{ connect_postgres_version }}",
-      environment: [
-        'POSTGRES_DB: "{{ connect_postgres_database }}"',
-        'POSTGRES_USER: "{{ connect_postgres_admin_username }}"',
-        'POSTGRES_PASSWORD: "{{ connect_postgres_admin_password }}"',
-      ],
-      volumes: [
-        '"{{ connect_postgres_id }}-data:/var/lib/postgresql/data"',
-      ],
-      networks: [
-        '"back-tier"',
-      ],
-      ports: "{{ connect_postgres_ports | default([]) }}",
-    },
-  ],
-}
--- a/roles/connect/defaults/main.yml
+++ b/roles/connect/defaults/main.yml
@ -1,10 +1,8 @@
 ---

-connect_service_name: "{{ service_name }}-connect"
-
 connect_image_name: "{{ shared_service_docker_registry_hostname }}/smardigo/connect-whitelabel-app"
+connect_image_version: 'latest'

-connect_version: 'latest'
 connect_admin_username: "connect-admin"
 connect_admin_password: "connect-admin"

--- a/roles/connect/tasks/main.yml
+++ b/roles/connect/tasks/main.yml
@ -16,7 +16,7 @@
  when:
    - send_status_messages

- name: "Setup DNS configuration for {{ connect_service_name }}"
+- name: "Setup DNS configuration for {{ connect_id }}"
  include_role:
    name: _digitalocean
    tasks_from: domain
@ -24,42 +24,42 @@
    record_data: "{{ stage_server_ip }}"
    record_name: "{{ service_name }}"

- name: "Check if {{ connect_service_name }}/docker-compose.yml exists"
+- name: "Check if {{ connect_id }}/docker-compose.yml exists"
  stat:
-    path: '{{ service_base_path }}/{{ connect_service_name }}/docker-compose.yml'
+    path: '{{ service_base_path }}/{{ connect_id }}/docker-compose.yml'
  register: check_docker_compose_file
  tags:
    - update_deployment

- name: "Stop {{ connect_service_name }}"
+- name: "Stop {{ connect_id }}"
  shell: docker-compose down
  args:
-    chdir: '{{ service_base_path }}/{{ connect_service_name }}'
+    chdir: '{{ service_base_path }}/{{ connect_id }}'
  when: check_docker_compose_file.stat.exists
  ignore_errors: yes
  tags:
    - update_deployment

- name: "Deploy docker templates for {{ connect_service_name }}"
+- name: "Deploy docker templates for {{ connect_id }}"
  include_role:
    name: _deploy
    tasks_from: templates
  vars:
    current_config: "_docker"
    current_base_path: "{{ service_base_path }}"
-    current_destination: "{{ connect_service_name }}"
+    current_destination: "{{ connect_id }}"
    current_owner: "{{ docker_owner }}"
    current_group: "{{ docker_group }}"
    current_docker: "{{ connect_docker }}"

- name: "Deploy service templates for {{ connect_service_name }}"
+- name: "Deploy service templates for {{ connect_id }}"
  include_role:
    name: _deploy
    tasks_from: templates
  vars:
    current_config: "connect"
    current_base_path: "{{ service_base_path }}"
-    current_destination: "{{ connect_service_name }}"
+    current_destination: "{{ connect_id }}"
    current_owner: "{{ docker_owner }}"
    current_group: "{{ docker_group }}"

@ -70,34 +70,34 @@
  vars:
    current_config: "elastic-certs/certs"
    current_base_path: "{{ service_base_path }}"
-    current_destination: "{{ connect_service_name }}/certs"
+    current_destination: "{{ connect_id }}/certs"
    current_owner: "{{ docker_owner }}"
    current_group: "{{ docker_group }}"

- name: "Update {{ connect_service_name }}"
+- name: "Update {{ connect_id }}"
  shell: docker-compose pull
  args:
-    chdir: '{{ service_base_path }}/{{ connect_service_name }}'
+    chdir: '{{ service_base_path }}/{{ connect_id }}'
  tags:
    - update_deployment

- name: "Start {{ connect_service_name }}"
+- name: "Start {{ connect_id }}"
  shell: docker-compose up -d
  args:
-    chdir: '{{ service_base_path }}/{{ connect_service_name }}'
+    chdir: '{{ service_base_path }}/{{ connect_id }}'
  tags:
    - update_deployment

- name: "Update landing page entries for {{ connect_service_name }}"
+- name: "Update landing page entries for {{ connect_id }}"
  include_role:
    name: _deploy
    tasks_from: caddy_landing_page
  vars:
    current_services: [
      {
-        current_name: "{{ connect_service_name }}",
+        current_name: "{{ connect_id }}",
        current_url: "{{ http_s }}://{{ connect_id }}.{{ domain }}",
-        current_version: "{{ connect_version }}",
+        current_version: "{{ connect_image_version }}",
        current_date: "{{ ansible_date_time.iso8601 }}",
        management: "{{ http_s }}://{{ connect_id }}.{{ domain }}:{{ monitor_port_service }}/management",
      },
--- a/roles/connect/vars/main.yml
+++ b/roles/connect/vars/main.yml
@ -1,7 +1,7 @@
 ---

 connect_id: "{{ service_name }}-connect"
-connect_postgres_id: "{{ service_name }}-postgres-connect"
+connect_postgres_id: "{{ service_name }}-postgres_connect"

 connect_labels: [
  '"traefik.enable=true"',
@ -102,7 +102,7 @@ connect_docker: {
    {
      name: "{{ connect_id }}",
      image_name: "{{ connect_image_name }}",
-      image_version: "{{ connect_version }}",
+      image_version: "{{ connect_image_version }}",
      labels: "{{ connect_labels + ( connect_labels_additional | default([])) }}",
      restart: "{{ connect_service_restart | default('always') }}",
      environment: "{{ connect_environment + ( connect_environment_additional | default([])) }}",
--- a/roles/postgres-container/defaults/main.yml
+++ b/roles/postgres-container/defaults/main.yml
@ -0,0 +1,4 @@
+---
+
+postgres_image_name: "postgres"
+postgres_image_version: "12"
--- a/roles/postgres-container/handlers/main.yml
+++ b/roles/postgres-container/handlers/main.yml
--- a/roles/postgres-container/meta/main.yml
+++ b/roles/postgres-container/meta/main.yml
--- a/roles/postgres-container/tasks/main.yml
+++ b/roles/postgres-container/tasks/main.yml
@ -16,56 +16,56 @@
  when:
    - send_status_messages

- name: "Check if {{ connect_postgres_service_name }}/docker-compose.yml exists"
+- name: "Check if {{ postgres_id }}/docker-compose.yml exists"
  stat:
-    path: '{{ service_base_path }}/{{ connect_postgres_service_name }}/docker-compose.yml'
+    path: '{{ service_base_path }}/{{ postgres_id }}/docker-compose.yml'
  register: check_docker_compose_file
  tags:
    - update_deployment

- name: "Stop {{ connect_postgres_service_name }}"
+- name: "Stop {{ postgres_id }}"
  shell: docker-compose down
  args:
-    chdir: '{{ service_base_path }}/{{ connect_postgres_service_name }}'
+    chdir: '{{ service_base_path }}/{{ postgres_id }}'
  when: check_docker_compose_file.stat.exists
  ignore_errors: yes
  tags:
    - update_deployment

- name: "Deploy docker templates for {{ connect_postgres_service_name }}"
+- name: "Deploy docker templates for {{ postgres_id }}"
  include_role:
    name: _deploy
    tasks_from: templates
  vars:
    current_config: "_docker"
    current_base_path: "{{ service_base_path }}"
-    current_destination: "{{ connect_postgres_service_name }}"
+    current_destination: "{{ postgres_id }}"
    current_owner: "{{ docker_owner }}"
    current_group: "{{ docker_group }}"
-    current_docker: "{{ connect_docker }}"
+    current_docker: "{{ postgres_docker }}"

- name: "Deploy service templates for {{ connect_postgres_service_name }}"
+- name: "Deploy service templates for {{ postgres_id }}"
  include_role:
    name: _deploy
    tasks_from: templates
  vars:
    current_config: "connect"
    current_base_path: "{{ service_base_path }}"
-    current_destination: "{{ connect_postgres_service_name }}"
+    current_destination: "{{ postgres_id }}"
    current_owner: "{{ docker_owner }}"
    current_group: "{{ docker_group }}"

- name: "Update {{ connect_postgres_service_name }}"
+- name: "Update {{ postgres_id }}"
  shell: docker-compose pull
  args:
-    chdir: '{{ service_base_path }}/{{ connect_postgres_service_name }}'
+    chdir: '{{ service_base_path }}/{{ postgres_id }}'
  tags:
    - update_deployment

- name: "Start {{ connect_postgres_service_name }}"
+- name: "Start {{ postgres_id }}"
  shell: docker-compose up -d
  args:
-    chdir: '{{ service_base_path }}/{{ connect_postgres_service_name }}'
+    chdir: '{{ service_base_path }}/{{ postgres_id }}'
  tags:
    - update_deployment

--- a/roles/postgres-container/vars/main.yml
+++ b/roles/postgres-container/vars/main.yml
@ -0,0 +1,36 @@
+---
+
+postgres_id: "{{ service_name }}-postgres_{{ cluster_service }}"
+
+postgres_docker: {
+  networks: [
+    {
+      name: back-tier,
+      external: true,
+    }
+  ],
+  volumes: [
+    {
+      name: "{{ postgres_id }}-data"
+    }
+  ],
+  services: [
+    {
+      name: "{{ postgres_id }}",
+      image_name: "{{ postgres_image_name }}",
+      image_version: "{{ postgres_image_version }}",
+      environment: [
+        "POSTGRES_DB: \"{{ hostvars[inventory_hostname][cluster_service + '_postgres_database'] | default('postgres') }}\"",
+        "POSTGRES_USER: \"{{ hostvars[inventory_hostname][cluster_service + '_postgres_admin_username'] | default('postgres-admin') }}\"",
+        "POSTGRES_PASSWORD: \"{{ hostvars[inventory_hostname][cluster_service + '_postgres_admin_password'] | default('postgres-admin') }}\"",
+      ],
+      volumes: [
+        '"{{ postgres_id }}-data:/var/lib/postgresql/data"',
+      ],
+      networks: [
+        '"back-tier"',
+      ],
+      ports: "{{ postgres_ports | default([]) }}",
+    },
+  ],
+}
--- a/roles/wordpress/defaults/main.yml
+++ b/roles/wordpress/defaults/main.yml
@ -0,0 +1,10 @@
+---
+
+wordpress_image_name: "wordpress"
+wordpress_image_version: '5.7.2'
+
+wordpress_mysql_image_name:  "mysql"
+wordpress_mysql_image_version: "8.0.22"
+
+wordpress_admin_username: "wordpress-admin"
+wordpress_admin_password: "wordpress-admin"
--- a/roles/wordpress/handlers/main.yml
+++ b/roles/wordpress/handlers/main.yml
@ -0,0 +1 @@
+---
--- a/roles/wordpress/meta/main.yml
+++ b/roles/wordpress/meta/main.yml
@ -0,0 +1 @@
+---
--- a/roles/wordpress/tasks/main.yml
+++ b/roles/wordpress/tasks/main.yml
@ -0,0 +1,108 @@
+---
+
+### tags:
+###   update_deployment
+
+- name: "Send mattermost message"
+  uri:
+    url: "{{ mattermost_hook_smardigo }}"
+    method: POST
+    body: "{{ lookup('template','mattermost-deploy-start.json.j2') }}"
+    body_format: json
+    headers:
+      Content-Type: "application/json"
+  delegate_to: 127.0.0.1
+  become: false
+  when:
+    - send_status_messages
+
+- name: "Setup DNS configuration for {{ wordpress_id }}"
+  include_role:
+    name: _digitalocean
+    tasks_from: domain
+  vars:
+    record_data: "{{ stage_server_ip }}"
+    record_name: "{{ service_name }}"
+
+- name: "Check if {{ wordpress_id }}/docker-compose.yml exists"
+  stat:
+    path: '{{ service_base_path }}/{{ wordpress_id }}/docker-compose.yml'
+  register: check_docker_compose_file
+  tags:
+    - update_deployment
+
+- name: "Stop {{ wordpress_id }}"
+  shell: docker-compose down
+  args:
+    chdir: '{{ service_base_path }}/{{ wordpress_id }}'
+  when: check_docker_compose_file.stat.exists
+  ignore_errors: yes
+  tags:
+    - update_deployment
+
+- name: "Deploy docker templates for {{ wordpress_id }}"
+  include_role:
+    name: _deploy
+    tasks_from: templates
+  vars:
+    current_config: "_docker"
+    current_base_path: "{{ service_base_path }}"
+    current_destination: "{{ wordpress_id }}"
+    current_owner: "{{ docker_owner }}"
+    current_group: "{{ docker_group }}"
+    current_docker: "{{ wordpress_docker }}"
+
+- name: "Deploy service templates for {{ wordpress_id }}"
+  include_role:
+    name: _deploy
+    tasks_from: templates
+  vars:
+    current_config: "wordpress"
+    current_base_path: "{{ service_base_path }}"
+    current_destination: "{{ wordpress_id }}"
+    current_owner: "{{ docker_owner }}"
+    current_group: "{{ docker_group }}"
+
+- name: "Update {{ wordpress_id }}"
+  shell: docker-compose pull
+  args:
+    chdir: '{{ service_base_path }}/{{ wordpress_id }}'
+  tags:
+    - update_deployment
+
+- name: "Start {{ wordpress_id }}"
+  shell: docker-compose up -d
+  args:
+    chdir: '{{ service_base_path }}/{{ wordpress_id }}'
+  tags:
+    - update_deployment
+
+- name: "Update landing page entries for {{ wordpress_id }}"
+  include_role:
+    name: _deploy
+    tasks_from: caddy_landing_page
+  vars:
+    current_services: [
+      {
+        current_name: "{{ wordpress_id }}",
+        current_url: "{{ http_s }}://{{ wordpress_id }}.{{ domain }}",
+        current_version: "{{ wordpress_image_version }}",
+        current_date: "{{ ansible_date_time.iso8601 }}",
+        management: "{{ http_s }}://{{ wordpress_id }}.{{ domain }}:{{ monitor_port_service }}/management",
+      },
+    ]
+  tags:
+    - update_deployment
+
+- name: "Send mattermost messsge"
+  uri:
+    url: "{{ mattermost_hook_smardigo }}"
+    method: POST
+    body: "{{ lookup('template','mattermost-deploy-end.json.j2') }}"
+    body_format: json
+    headers:
+      Content-Type: "application/json"
+  delegate_to: 127.0.0.1
+  become: false
+  when:
+    - send_status_messages
--- a/roles/wordpress/vars/main.yml
+++ b/roles/wordpress/vars/main.yml
@ -0,0 +1,88 @@
+---
+
+wordpress_id: "{{ service_name }}-wordpress"
+wordpress_mysql_id: "{{ service_name }}-mysql_wordpress"
+
+wordpress_labels: [
+  '"traefik.enable=true"',
+  '"traefik.http.routers.{{ wordpress_id }}.service={{ wordpress_id }}"',
+  '"traefik.http.routers.{{ wordpress_id }}.rule=Host(`{{ stage_server_url_host }}`)"',
+  '"traefik.http.routers.{{ wordpress_id }}.entrypoints=websecure"',
+  '"traefik.http.routers.{{ wordpress_id }}.tls=true"',
+  '"traefik.http.routers.{{ wordpress_id }}.tls.certresolver=letsencrypt"',
+  '"traefik.http.services.{{ wordpress_id }}.loadbalancer.server.port=80"',
+]
+
+wordpress_docker: {
+  networks: [
+    {
+      name: back-tier,
+      external: true,
+    },
+    {
+      name: front-tier,
+      external: true,
+    },
+  ],
+  volumes: [
+    {
+      name: "{{ wordpress_id }}-content"
+    },
+    {
+      name: "{{ wordpress_mysql_id }}-data"
+    }
+  ],
+  services: [
+    {
+      name: "{{ wordpress_id }}",
+      image_name: "{{ wordpress_image_name }}",
+      image_version: "{{ wordpress_image_version }}",
+      labels: "{{ wordpress_labels + ( wordpress_labels_additional | default([])) }}",
+      environment: [
+        "WORDPRESS_DB_HOST: \"{{ wordpress_mysql_id }}:{{ service_port_mysql }}\"",
+        "WORDPRESS_DB_USER: \"{{ wordpress_mysql_username }}\"",
+        "WORDPRESS_DB_PASSWORD: \"{{ wordpress_mysql_password }}\"",
+        "WORDPRESS_DB_NAME: \"{{ wordpress_mysql_database }}\"",
+        "WORDPRESS_DEBUG: \"{{ wordpress_debug | default(1) }}\"",
+        "WORDPRESS_DOMAIN: \"{{ wordpress_domain_external }}\"",
+        "WORDPRESS_CONFIG_EXTRA: |",
+        "  define( 'WP_HOME', 'https://dev-sken-test04-01.smardigo.digital' );",
+        "  define( 'WP_SITEURL', 'https://dev-sken-test04-01.smardigo.digital' );",
+        "AUTH_API: \"{{ http_s }}://{{ shared_service_keycloak_hostname }}\"",
+        "RESOURCE_API: \"{{ http_s }}://{{ stage_server_url_host }}\"",
+        "REALM_ID: \"{{ current_realm_name }}\"",
+        "REGISTRATION_ID: \"{{ wordpress_oidc_client_id }}\"",
+        "CLIENT_ID: \"{{ wordpress_oidc_client_id }}\"",
+        "CLIENT_SECRET: \"{{ wordpress_oidc_client_secret }}\"",
+        "CLIENT_USERNAME: \"{{ wordpress_buergerportal_username }}\"",
+        "CLIENT_PASSWORD: \"{{ wordpress_buergerportal_password }}\"",
+      ],
+      volumes: [
+        '"{{ wordpress_id }}-content:/var/www/html/wp-content"',
+      ],
+      networks: [
+        '"back-tier"',
+        '"front-tier"',
+      ],
+      extra_hosts: "{{ wordpress_extra_hosts | default([]) }}",
+    },
+    {
+      name: "{{ wordpress_mysql_id }}",
+      image_name: "{{ wordpress_mysql_image_name }}",
+      image_version: "{{ wordpress_mysql_image_version }}",
+      environment: [
+        "MYSQL_ROOT_PASSWORD: \"{{ wordpress_mysql_root_password }}\"",
+        "MYSQL_DATABASE: \"{{ wordpress_mysql_database }}\"",
+        "MYSQL_USER: \"{{ wordpress_mysql_username }}\"",
+        "MYSQL_PASSWORD: \"{{ wordpress_mysql_password }}\"",
+      ],
+      volumes: [
+        '"{{ wordpress_mysql_id }}-data:/var/lib/mysql"',
+      ],
+      networks: [
+        '"back-tier"',
+      ],
+      ports: "{{ wordpress_mysql_ports | default([]) }}",
+    },
+  ],
+}
--- a/templates/wordpress/data/plugins/index.php
+++ b/templates/wordpress/data/plugins/index.php
@ -0,0 +1,2 @@
+<?php
+// Silence is golden.