From a8c73fedce7aa866246864e4c04067bb6921df4c Mon Sep 17 00:00:00 2001 From: "Ketelsen, Sven" Date: Wed, 21 Jun 2023 07:39:41 +0000 Subject: [PATCH] DEV-1096 fixed wordpress with pmci --- group_vars/all/connect.yml | 4 + group_vars/connect_wordpress/main.yml | 6 - host_vars/prodnso-mobene-cusprod-01/plain.yml | 14 --- host_vars/prodnso-mobene-cusprod-01/vault.yml | 10 -- host_vars/prodnso-mobene-cusqa-01/plain.yml | 14 --- host_vars/prodnso-mobene-cusqa-01/vault.yml | 10 -- import-database.yml | 26 ++-- roles/connect_wordpress/defaults/main.yml | 2 +- roles/connect_wordpress/vars/main.yml | 118 ++++++++---------- roles/keycloak/tasks/_create_realm_users.yml | 2 +- 10 files changed, 70 insertions(+), 136 deletions(-) delete mode 100644 host_vars/prodnso-mobene-cusprod-01/plain.yml delete mode 100644 host_vars/prodnso-mobene-cusprod-01/vault.yml delete mode 100644 host_vars/prodnso-mobene-cusqa-01/plain.yml delete mode 100644 host_vars/prodnso-mobene-cusqa-01/vault.yml diff --git a/group_vars/all/connect.yml b/group_vars/all/connect.yml index 2e6d82b..1888aab 100644 --- a/group_vars/all/connect.yml +++ b/group_vars/all/connect.yml @@ -11,3 +11,7 @@ wordpress_base_url: "{{ wordpress_id }}.{{ domain }}" smardigo_auth_token_name: "Smardigo-User-Token" smardigo_default_theme: "/themes/netgo.json" + +connect_wordpress_buergerportal_username: "buergerportal" +# initial credentials, keycloak forces password update on first login +connect_wordpress_buergerportal_password: "Buerger?P0rtal." diff --git a/group_vars/connect_wordpress/main.yml b/group_vars/connect_wordpress/main.yml index c157565..551ddc3 100644 --- a/group_vars/connect_wordpress/main.yml +++ b/group_vars/connect_wordpress/main.yml @@ -1,10 +1,4 @@ --- - connect_wordpress_maria_database: "{{ stage }}_{{ tenant_id }}_{{ cluster_name }}_connect_wordpress" connect_wordpress_maria_username: "{{ connect_wordpress_maria_database }}" connect_wordpress_maria_password: "connect-wordpress-maria-admin" - -connect_wordpress_oidc_issuer: "{{ http_s }}://{{ shared_service_hostname_keycloak }}/auth/realms/{{ current_realm_name }}" -connect_wordpress_oidc_provider_url: "{{ http_s }}://{{ shared_service_hostname_keycloak }}/auth/realms/{{ current_realm_name }}" -connect_wordpress_oidc_client_id: "{{ cluster_name }}" -connect_wordpress_oidc_client_secret: "{{ cluster_name }}" diff --git a/host_vars/prodnso-mobene-cusprod-01/plain.yml b/host_vars/prodnso-mobene-cusprod-01/plain.yml deleted file mode 100644 index 2697090..0000000 --- a/host_vars/prodnso-mobene-cusprod-01/plain.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- - -wordpress_image_version: latest - -connect_mail_protocol: "smtp" -connect_mail_host: "smtp.office365.com" -connect_mail_port: "587" -connect_mail_user: "{{ connect_mail_user_vault }}" -connect_mail_password: "{{ connect_mail_password_vault }}" -connect_mail_properties_sender: "Info@egeld24.de" -connect_mail_properties_sender_alias: "noreply" -connect_mail_properties_smtp_auth: "true" -connect_mail_properties_smtp_starttls_enable: "true" -connect_mail_properties_smtp_starttls_required: "true" diff --git a/host_vars/prodnso-mobene-cusprod-01/vault.yml b/host_vars/prodnso-mobene-cusprod-01/vault.yml deleted file mode 100644 index 62b6179..0000000 --- a/host_vars/prodnso-mobene-cusprod-01/vault.yml +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -63313634313235623162373139646237316436336364376237333463303339636135303036323135 -3339326265343539663634353235306436383963666162370a313862376337663239663162396163 -38636336646465636339353032636161613034363434346436326364653165323632303666323464 -3162336233343635380a626664376232653734316334383561333963343266616163356430653361 -32353934613365303464653938626536656337363039326237633835643662653032363633653263 -62333935353365653039383638353266633632656638346332633563323566306532336538336462 -62386634323937626662313964313933616336323935616231623637363663626231356533303063 -30326266363334643431336233376462303637303863656138333763633361346335643533336134 -36363231376638376433353061343334356238313464343266396537663630363430 diff --git a/host_vars/prodnso-mobene-cusqa-01/plain.yml b/host_vars/prodnso-mobene-cusqa-01/plain.yml deleted file mode 100644 index 2697090..0000000 --- a/host_vars/prodnso-mobene-cusqa-01/plain.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- - -wordpress_image_version: latest - -connect_mail_protocol: "smtp" -connect_mail_host: "smtp.office365.com" -connect_mail_port: "587" -connect_mail_user: "{{ connect_mail_user_vault }}" -connect_mail_password: "{{ connect_mail_password_vault }}" -connect_mail_properties_sender: "Info@egeld24.de" -connect_mail_properties_sender_alias: "noreply" -connect_mail_properties_smtp_auth: "true" -connect_mail_properties_smtp_starttls_enable: "true" -connect_mail_properties_smtp_starttls_required: "true" diff --git a/host_vars/prodnso-mobene-cusqa-01/vault.yml b/host_vars/prodnso-mobene-cusqa-01/vault.yml deleted file mode 100644 index 1c69fa2..0000000 --- a/host_vars/prodnso-mobene-cusqa-01/vault.yml +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -34656337303930343532386532646463353864653937633637303733346462666333303034323037 -6633333162376661313838366334313034336162623164630a336132396361353431386135303439 -38383366616163363865366137316238666638383263326430653236383532303232636531323431 -3563623830303665610a356336363438373938373863663738633661616366323334323661346666 -61343632663635376264356263346430383236663363373331613639323065396533613635386531 -30646135333638343461386436663763393663313266363434623837373562636166393033396163 -65356633383732313034363965353162323230353263373537656539336364383935633436633334 -64633461336431353532323939303761653534313134326335363732623032306161653437353330 -38306561643033373033313963336164383235653639386261646134353237313639 diff --git a/import-database.yml b/import-database.yml index 3eb8c3b..c4f47a9 100644 --- a/import-database.yml +++ b/import-database.yml @@ -76,18 +76,20 @@ - always roles: - - role: import_maria_database - when: - - "'connect_wordpress' in group_names" - - "target_database is defined" - - "database_backup_file is defined" - - - role: import_maria_database - vars: - target_database: "{{ connect_wordpress_maria_database }}" - when: - - "'connect_wordpress' in group_names" - - "database_backup_file is defined" +# TODO deactivate mags flavored wordpress for now +# - role: import_maria_database +# when: +# - "'connect_wordpress' in group_names" +# - "target_database is defined" +# - "database_backup_file is defined" + +# TODO deactivate mags flavored wordpress for now +# - role: import_maria_database +# vars: +# target_database: "{{ connect_wordpress_maria_database }}" +# when: +# - "'connect_wordpress' in group_names" +# - "database_backup_file is defined" ############################################################# # Sending smardigo management message to process diff --git a/roles/connect_wordpress/defaults/main.yml b/roles/connect_wordpress/defaults/main.yml index 9377a55..1535c9a 100644 --- a/roles/connect_wordpress/defaults/main.yml +++ b/roles/connect_wordpress/defaults/main.yml @@ -1,4 +1,4 @@ --- wordpress_image_name: "{{ shared_service_hostname_harbor }}/smardigo/wordpress" -wordpress_image_version: '1.3.1' +wordpress_image_version: "6.1.0.1" diff --git a/roles/connect_wordpress/vars/main.yml b/roles/connect_wordpress/vars/main.yml index 23cbedb..96f16e2 100644 --- a/roles/connect_wordpress/vars/main.yml +++ b/roles/connect_wordpress/vars/main.yml @@ -1,71 +1,53 @@ --- -wordpress_labels: [ - '"traefik.enable=true"', - '"traefik.http.routers.{{ wordpress_id }}.service={{ wordpress_id }}"', - '"traefik.http.routers.{{ wordpress_id }}.rule=Host(`{{ wordpress_base_url }}`)"', - '"traefik.http.routers.{{ wordpress_id }}.entrypoints=websecure"', - '"traefik.http.routers.{{ wordpress_id }}.tls=true"', - '"traefik.http.routers.{{ wordpress_id }}.tls.certresolver=letsencrypt"', - '"traefik.http.services.{{ wordpress_id }}.loadbalancer.server.port=80"', -] +wordpress_labels: + - '"traefik.enable=true"' + - '"traefik.http.routers.{{ wordpress_id }}.service={{ wordpress_id }}"' + - '"traefik.http.routers.{{ wordpress_id }}.rule=Host(`{{ wordpress_base_url }}`)"' + - '"traefik.http.routers.{{ wordpress_id }}.entrypoints=websecure"' + - '"traefik.http.routers.{{ wordpress_id }}.tls=true"' + - '"traefik.http.routers.{{ wordpress_id }}.tls.certresolver=letsencrypt"' + - '"traefik.http.services.{{ wordpress_id }}.loadbalancer.server.port=80"' -wordpress_docker: { - networks: [ - { - name: back-tier, - external: true, - }, - { - name: front-tier, - external: true, - }, - ], - volumes: [ - { - name: "{{ wordpress_id }}-content" - }, - ], - services: [ - { - name: "{{ wordpress_id }}", - image_name: "{{ wordpress_image_name }}", - image_version: "{{ wordpress_image_version }}", - labels: "{{ wordpress_labels + ( wordpress_labels_additional | default([])) }}", - environment: [ - "WORDPRESS_DB_HOST: \"{{ shared_service_maria_primary }}:{{ wordpress_mysql_port | default('3306') }}\"", - "WORDPRESS_DB_USER: \"{{ connect_wordpress_maria_username }}\"", - "WORDPRESS_DB_PASSWORD: \"{{ connect_wordpress_maria_password }}\"", - "WORDPRESS_DB_NAME: \"{{ connect_wordpress_maria_database }}\"", - "WORDPRESS_DEBUG: \"{{ wordpress_debug | default(1) }}\"", - "WORDPRESS_DOMAIN: \"{{ http_s }}://{{ wordpress_base_url }}\"", - "WORDPRESS_CONFIG_EXTRA: |", - " define( 'WP_HOME', 'https://{{ wordpress_base_url }}' );", - " define( 'WP_SITEURL', 'https://{{ wordpress_base_url }}' );", - " define( 'MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL | MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT );", - "AUTH_API: \"https://{{ shared_service_hostname_keycloak }}\"", - "RESOURCE_API: \"https://{{ connect_base_url }}\"", - "REALM_ID: \"{{ current_realm_name }}\"", - "REGISTRATION_ID: \"{{ connect_wordpress_oidc_client_id }}\"", - "CLIENT_ID: \"{{ connect_wordpress_oidc_client_id }}\"", - "CLIENT_SECRET: \"{{ connect_wordpress_oidc_client_secret }}\"", - "CLIENT_USERNAME: \"{{ connect_wordpress_buergerportal_username }}\"", - "CLIENT_PASSWORD: \"{{ connect_wordpress_buergerportal_password }}\"", - "SK_NRW_ISSUER: \"{{ connect_wordpress_oidc_issuer }}\"", - "SK_NRW_PROVIDER_URL: \"{{ connect_wordpress_oidc_provider_url }}\"", - "SK_NRW_CLIENT_ID: \"{{ connect_wordpress_oidc_client_id }}\"", - "SK_NRW_CLIENT_SECRET: \"{{ connect_wordpress_oidc_client_secret }}\"", - "SMARDIGO_AUTH_TOKEN_NAME: \"{{ smardigo_auth_token_name }}\"", - "SMARDIGO_AUTH_TOKEN_VALUE: \"{{ smardigo_auth_token_value }}\"", - ], - volumes: [ - '"{{ wordpress_id }}-content:/var/www/html/wp-content"', - ], - networks: [ - '"back-tier"', - '"front-tier"', - ], - extra_hosts: "{{ wordpress_extra_hosts | default([]) }}", - }, - ], -} + - '"traefik.http.routers.{{ wordpress_id }}-admin.service={{ wordpress_id }}-admin"' + - '"traefik.http.routers.{{ wordpress_id }}-admin.rule=Host(`{{ wordpress_base_url }}`)&&(Path(`/wp-login.php`)||PathPrefix(`/wp-admin/`))"' + - '"traefik.http.routers.{{ wordpress_id }}-admin.entrypoints=websecure"' + - '"traefik.http.routers.{{ wordpress_id }}-admin.tls=true"' + - '"traefik.http.routers.{{ wordpress_id }}-admin.tls.certresolver=letsencrypt"' + - '"traefik.http.services.{{ wordpress_id }}-admin.loadbalancer.server.port=80"' + - '"traefik.http.routers.{{ wordpress_id }}-admin.middlewares={{ wordpress_id }}-admin-ipwhitelist"' + - '"traefik.http.middlewares.{{ wordpress_id }}-admin-ipwhitelist.ipwhitelist.sourcerange={{ ip_whitelist | join(",") }}"' + +wordpress_docker: + networks: + - name: back-tier + external: true + - name: front-tier + external: true + volumes: + - name: "{{ wordpress_id }}-content" + services: + - name: "{{ wordpress_id }}" + image_name: "{{ wordpress_image_name }}" + image_version: "{{ wordpress_image_version }}" + labels: "{{ wordpress_labels + ( wordpress_labels_additional | default([])) }}" + environment: + - "WORDPRESS_DB_HOST: \"{{ shared_service_maria_primary }}:{{ wordpress_mysql_port | default('3306') }}\"" + - "WORDPRESS_DB_USER: \"{{ connect_wordpress_maria_username }}\"" + - "WORDPRESS_DB_PASSWORD: \"{{ connect_wordpress_maria_password }}\"" + - "WORDPRESS_DB_NAME: \"{{ connect_wordpress_maria_database }}\"" + - "WORDPRESS_DEBUG: \"{{ wordpress_debug | default(1) }}\"" + - "WORDPRESS_DOMAIN: \"{{ http_s }}://{{ wordpress_base_url }}\"" + - "WORDPRESS_CONFIG_EXTRA: |" + - " define( 'WP_HOME', 'https://{{ wordpress_base_url }}' );" + - " define( 'WP_SITEURL', 'https://{{ wordpress_base_url }}' );" + - " define( 'MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL | MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT );" + - "RESOURCE_API: \"https://{{ connect_base_url }}\"" + - "SMARDIGO_AUTH_TOKEN_NAME: \"{{ smardigo_auth_token_name }}\"" + - "SMARDIGO_AUTH_TOKEN_VALUE: \"{{ smardigo_auth_token_value }}\"" + volumes: + - '"{{ wordpress_id }}-content:/var/www/html/wp-content"' + networks: + - '"back-tier"' + - '"front-tier"' + extra_hosts: "{{ wordpress_extra_hosts | default([]) }}" diff --git a/roles/keycloak/tasks/_create_realm_users.yml b/roles/keycloak/tasks/_create_realm_users.yml index 603301e..5d6fcdd 100644 --- a/roles/keycloak/tasks/_create_realm_users.yml +++ b/roles/keycloak/tasks/_create_realm_users.yml @@ -16,7 +16,7 @@ delegate_to: 127.0.0.1 become: false when: - - debug + - debug - name: "Saving users of realm {{ current_realm_name }} as variable (fact)" set_fact: