DEV-1096 fixed wordpress with pmci

3 years ago · a8c73fedce
parent 95a097af9c
commit a8c73fedce
10 changed files with 70 additions and 136 deletions
--- a/group_vars/all/connect.yml
+++ b/group_vars/all/connect.yml
@ -11,3 +11,7 @@ wordpress_base_url: "{{ wordpress_id }}.{{ domain }}"
 smardigo_auth_token_name: "Smardigo-User-Token"

 smardigo_default_theme: "/themes/netgo.json"
+
+connect_wordpress_buergerportal_username: "buergerportal"
+# initial credentials, keycloak forces password update on first login
+connect_wordpress_buergerportal_password: "Buerger?P0rtal."
--- a/group_vars/connect_wordpress/main.yml
+++ b/group_vars/connect_wordpress/main.yml
@ -1,10 +1,4 @@
 ---
-
 connect_wordpress_maria_database: "{{ stage }}_{{ tenant_id }}_{{ cluster_name }}_connect_wordpress"
 connect_wordpress_maria_username: "{{ connect_wordpress_maria_database }}"
 connect_wordpress_maria_password: "connect-wordpress-maria-admin"
-
-connect_wordpress_oidc_issuer: "{{ http_s }}://{{ shared_service_hostname_keycloak }}/auth/realms/{{ current_realm_name }}"
-connect_wordpress_oidc_provider_url: "{{ http_s }}://{{ shared_service_hostname_keycloak }}/auth/realms/{{ current_realm_name }}"
-connect_wordpress_oidc_client_id: "{{ cluster_name }}"
-connect_wordpress_oidc_client_secret: "{{ cluster_name }}"
--- a/host_vars/prodnso-mobene-cusprod-01/plain.yml
+++ b/host_vars/prodnso-mobene-cusprod-01/plain.yml
@ -1,14 +0,0 @@
---
-
-wordpress_image_version: latest
-
-connect_mail_protocol: "smtp"
-connect_mail_host: "smtp.office365.com"
-connect_mail_port: "587"
-connect_mail_user: "{{ connect_mail_user_vault }}"
-connect_mail_password: "{{ connect_mail_password_vault }}"
-connect_mail_properties_sender: "Info@egeld24.de"
-connect_mail_properties_sender_alias: "noreply"
-connect_mail_properties_smtp_auth: "true"
-connect_mail_properties_smtp_starttls_enable: "true"
-connect_mail_properties_smtp_starttls_required: "true"
--- a/host_vars/prodnso-mobene-cusprod-01/vault.yml
+++ b/host_vars/prodnso-mobene-cusprod-01/vault.yml
@ -1,10 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-63313634313235623162373139646237316436336364376237333463303339636135303036323135
-3339326265343539663634353235306436383963666162370a313862376337663239663162396163
-38636336646465636339353032636161613034363434346436326364653165323632303666323464
-3162336233343635380a626664376232653734316334383561333963343266616163356430653361
-32353934613365303464653938626536656337363039326237633835643662653032363633653263
-62333935353365653039383638353266633632656638346332633563323566306532336538336462
-62386634323937626662313964313933616336323935616231623637363663626231356533303063
-30326266363334643431336233376462303637303863656138333763633361346335643533336134
-36363231376638376433353061343334356238313464343266396537663630363430
--- a/host_vars/prodnso-mobene-cusqa-01/plain.yml
+++ b/host_vars/prodnso-mobene-cusqa-01/plain.yml
@ -1,14 +0,0 @@
---
-
-wordpress_image_version: latest
-
-connect_mail_protocol: "smtp"
-connect_mail_host: "smtp.office365.com"
-connect_mail_port: "587"
-connect_mail_user: "{{ connect_mail_user_vault }}"
-connect_mail_password: "{{ connect_mail_password_vault }}"
-connect_mail_properties_sender: "Info@egeld24.de"
-connect_mail_properties_sender_alias: "noreply"
-connect_mail_properties_smtp_auth: "true"
-connect_mail_properties_smtp_starttls_enable: "true"
-connect_mail_properties_smtp_starttls_required: "true"
--- a/host_vars/prodnso-mobene-cusqa-01/vault.yml
+++ b/host_vars/prodnso-mobene-cusqa-01/vault.yml
@ -1,10 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-34656337303930343532386532646463353864653937633637303733346462666333303034323037
-6633333162376661313838366334313034336162623164630a336132396361353431386135303439
-38383366616163363865366137316238666638383263326430653236383532303232636531323431
-3563623830303665610a356336363438373938373863663738633661616366323334323661346666
-61343632663635376264356263346430383236663363373331613639323065396533613635386531
-30646135333638343461386436663763393663313266363434623837373562636166393033396163
-65356633383732313034363965353162323230353263373537656539336364383935633436633334
-64633461336431353532323939303761653534313134326335363732623032306161653437353330
-38306561643033373033313963336164383235653639386261646134353237313639
--- a/import-database.yml
+++ b/import-database.yml
@ -76,18 +76,20 @@
        - always

  roles:
-    - role: import_maria_database
-      when:
-        - "'connect_wordpress' in group_names"
-        - "target_database is defined"
-        - "database_backup_file is defined"
-
-    - role: import_maria_database
-      vars:
-        target_database: "{{ connect_wordpress_maria_database }}"
-      when:
-        - "'connect_wordpress' in group_names"
-        - "database_backup_file is defined"
+# TODO deactivate mags flavored wordpress for now
+#    - role: import_maria_database
+#      when:
+#        - "'connect_wordpress' in group_names"
+#        - "target_database is defined"
+#        - "database_backup_file is defined"
+
+# TODO deactivate mags flavored wordpress for now
+#    - role: import_maria_database
+#      vars:
+#        target_database: "{{ connect_wordpress_maria_database }}"
+#      when:
+#        - "'connect_wordpress' in group_names"
+#        - "database_backup_file is defined"

 #############################################################
 #   Sending smardigo management message to process
--- a/roles/connect_wordpress/defaults/main.yml
+++ b/roles/connect_wordpress/defaults/main.yml
@ -1,4 +1,4 @@
 ---

 wordpress_image_name: "{{ shared_service_hostname_harbor }}/smardigo/wordpress"
-wordpress_image_version: '1.3.1'
+wordpress_image_version: "6.1.0.1"
--- a/roles/connect_wordpress/vars/main.yml
+++ b/roles/connect_wordpress/vars/main.yml
@ -1,71 +1,53 @@
 ---

-wordpress_labels: [
-  '"traefik.enable=true"',
-  '"traefik.http.routers.{{ wordpress_id }}.service={{ wordpress_id }}"',
-  '"traefik.http.routers.{{ wordpress_id }}.rule=Host(`{{ wordpress_base_url }}`)"',
-  '"traefik.http.routers.{{ wordpress_id }}.entrypoints=websecure"',
-  '"traefik.http.routers.{{ wordpress_id }}.tls=true"',
-  '"traefik.http.routers.{{ wordpress_id }}.tls.certresolver=letsencrypt"',
-  '"traefik.http.services.{{ wordpress_id }}.loadbalancer.server.port=80"',
-]
+wordpress_labels:
+  - '"traefik.enable=true"'
+  - '"traefik.http.routers.{{ wordpress_id }}.service={{ wordpress_id }}"'
+  - '"traefik.http.routers.{{ wordpress_id }}.rule=Host(`{{ wordpress_base_url }}`)"'
+  - '"traefik.http.routers.{{ wordpress_id }}.entrypoints=websecure"'
+  - '"traefik.http.routers.{{ wordpress_id }}.tls=true"'
+  - '"traefik.http.routers.{{ wordpress_id }}.tls.certresolver=letsencrypt"'
+  - '"traefik.http.services.{{ wordpress_id }}.loadbalancer.server.port=80"'

-wordpress_docker: {
-  networks: [
-    {
-      name: back-tier,
-      external: true,
-    },
-    {
-      name: front-tier,
-      external: true,
-    },
-  ],
-  volumes: [
-    {
-      name: "{{ wordpress_id }}-content"
-    },
-  ],
-  services: [
-    {
-      name: "{{ wordpress_id }}",
-      image_name: "{{ wordpress_image_name }}",
-      image_version: "{{ wordpress_image_version }}",
-      labels: "{{ wordpress_labels + ( wordpress_labels_additional | default([])) }}",
-      environment: [
-        "WORDPRESS_DB_HOST: \"{{ shared_service_maria_primary }}:{{ wordpress_mysql_port | default('3306') }}\"",
-        "WORDPRESS_DB_USER: \"{{ connect_wordpress_maria_username }}\"",
-        "WORDPRESS_DB_PASSWORD: \"{{ connect_wordpress_maria_password }}\"",
-        "WORDPRESS_DB_NAME: \"{{ connect_wordpress_maria_database }}\"",
-        "WORDPRESS_DEBUG: \"{{ wordpress_debug | default(1) }}\"",
-        "WORDPRESS_DOMAIN: \"{{ http_s }}://{{ wordpress_base_url }}\"",
-        "WORDPRESS_CONFIG_EXTRA: |",
-        "  define( 'WP_HOME', 'https://{{ wordpress_base_url }}' );",
-        "  define( 'WP_SITEURL', 'https://{{ wordpress_base_url }}' );",
-        "  define( 'MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL | MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT );",
-        "AUTH_API: \"https://{{ shared_service_hostname_keycloak }}\"",
-        "RESOURCE_API: \"https://{{ connect_base_url }}\"",
-        "REALM_ID: \"{{ current_realm_name }}\"",
-        "REGISTRATION_ID: \"{{ connect_wordpress_oidc_client_id }}\"",
-        "CLIENT_ID: \"{{ connect_wordpress_oidc_client_id }}\"",
-        "CLIENT_SECRET: \"{{ connect_wordpress_oidc_client_secret }}\"",
-        "CLIENT_USERNAME: \"{{ connect_wordpress_buergerportal_username }}\"",
-        "CLIENT_PASSWORD: \"{{ connect_wordpress_buergerportal_password }}\"",
-        "SK_NRW_ISSUER: \"{{ connect_wordpress_oidc_issuer }}\"",
-        "SK_NRW_PROVIDER_URL: \"{{ connect_wordpress_oidc_provider_url }}\"",
-        "SK_NRW_CLIENT_ID: \"{{ connect_wordpress_oidc_client_id }}\"",
-        "SK_NRW_CLIENT_SECRET: \"{{ connect_wordpress_oidc_client_secret }}\"",
-        "SMARDIGO_AUTH_TOKEN_NAME: \"{{ smardigo_auth_token_name }}\"",
-        "SMARDIGO_AUTH_TOKEN_VALUE: \"{{ smardigo_auth_token_value }}\"",
-      ],
-      volumes: [
-        '"{{ wordpress_id }}-content:/var/www/html/wp-content"',
-      ],
-      networks: [
-        '"back-tier"',
-        '"front-tier"',
-      ],
-      extra_hosts: "{{ wordpress_extra_hosts | default([]) }}",
-    },
-  ],
-}
+  - '"traefik.http.routers.{{ wordpress_id }}-admin.service={{ wordpress_id }}-admin"'
+  - '"traefik.http.routers.{{ wordpress_id }}-admin.rule=Host(`{{ wordpress_base_url }}`)&&(Path(`/wp-login.php`)||PathPrefix(`/wp-admin/`))"'
+  - '"traefik.http.routers.{{ wordpress_id }}-admin.entrypoints=websecure"'
+  - '"traefik.http.routers.{{ wordpress_id }}-admin.tls=true"'
+  - '"traefik.http.routers.{{ wordpress_id }}-admin.tls.certresolver=letsencrypt"'
+  - '"traefik.http.services.{{ wordpress_id }}-admin.loadbalancer.server.port=80"'
+  - '"traefik.http.routers.{{ wordpress_id }}-admin.middlewares={{ wordpress_id }}-admin-ipwhitelist"'
+  - '"traefik.http.middlewares.{{ wordpress_id }}-admin-ipwhitelist.ipwhitelist.sourcerange={{ ip_whitelist | join(",") }}"'
+
+wordpress_docker:
+  networks:
+    - name: back-tier
+      external: true
+    - name: front-tier
+      external: true
+  volumes:
+    - name: "{{ wordpress_id }}-content"
+  services:
+    - name: "{{ wordpress_id }}"
+      image_name: "{{ wordpress_image_name }}"
+      image_version: "{{ wordpress_image_version }}"
+      labels: "{{ wordpress_labels + ( wordpress_labels_additional | default([])) }}"
+      environment:
+        - "WORDPRESS_DB_HOST: \"{{ shared_service_maria_primary }}:{{ wordpress_mysql_port | default('3306') }}\""
+        - "WORDPRESS_DB_USER: \"{{ connect_wordpress_maria_username }}\""
+        - "WORDPRESS_DB_PASSWORD: \"{{ connect_wordpress_maria_password }}\""
+        - "WORDPRESS_DB_NAME: \"{{ connect_wordpress_maria_database }}\""
+        - "WORDPRESS_DEBUG: \"{{ wordpress_debug | default(1) }}\""
+        - "WORDPRESS_DOMAIN: \"{{ http_s }}://{{ wordpress_base_url }}\""
+        - "WORDPRESS_CONFIG_EXTRA: |"
+        - "  define( 'WP_HOME', 'https://{{ wordpress_base_url }}' );"
+        - "  define( 'WP_SITEURL', 'https://{{ wordpress_base_url }}' );"
+        - "  define( 'MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL | MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT );"
+        - "RESOURCE_API: \"https://{{ connect_base_url }}\""
+        - "SMARDIGO_AUTH_TOKEN_NAME: \"{{ smardigo_auth_token_name }}\""
+        - "SMARDIGO_AUTH_TOKEN_VALUE: \"{{ smardigo_auth_token_value }}\""
+      volumes:
+        - '"{{ wordpress_id }}-content:/var/www/html/wp-content"'
+      networks:
+        - '"back-tier"'
+        - '"front-tier"'
+      extra_hosts: "{{ wordpress_extra_hosts | default([]) }}"
--- a/roles/keycloak/tasks/_create_realm_users.yml
+++ b/roles/keycloak/tasks/_create_realm_users.yml
@ -16,7 +16,7 @@
  delegate_to: 127.0.0.1
  become: false
  when:
-   - debug
+    - debug

 - name: "Saving users of realm {{ current_realm_name }} as variable (fact)"
  set_fact: