DEV-1096 fixed wordpress with pmci

3 years ago · a8c73fedce
parent 95a097af9c
commit a8c73fedce
10 changed files with 70 additions and 136 deletions
--- a/group_vars/all/connect.yml
+++ b/group_vars/all/connect.yml
@ -11,3 +11,7 @@ wordpress_base_url: "{{ wordpress_id }}.{{ domain }}"
 smardigo_auth_token_name: "Smardigo-User-Token"
 smardigo_default_theme: "/themes/netgo.json"
 connect_wordpress_buergerportal_username: "buergerportal"
 # initial credentials, keycloak forces password update on first login
 connect_wordpress_buergerportal_password: "Buerger?P0rtal."
--- a/group_vars/connect_wordpress/main.yml
+++ b/group_vars/connect_wordpress/main.yml
@ -1,10 +1,4 @@
 ---
 connect_wordpress_maria_database: "{{ stage }}_{{ tenant_id }}_{{ cluster_name }}_connect_wordpress"
 connect_wordpress_maria_username: "{{ connect_wordpress_maria_database }}"
 connect_wordpress_maria_password: "connect-wordpress-maria-admin"
 connect_wordpress_oidc_issuer: "{{ http_s }}://{{ shared_service_hostname_keycloak }}/auth/realms/{{ current_realm_name }}"
 connect_wordpress_oidc_provider_url: "{{ http_s }}://{{ shared_service_hostname_keycloak }}/auth/realms/{{ current_realm_name }}"
 connect_wordpress_oidc_client_id: "{{ cluster_name }}"
 connect_wordpress_oidc_client_secret: "{{ cluster_name }}"
--- a/host_vars/prodnso-mobene-cusprod-01/plain.yml
+++ b/host_vars/prodnso-mobene-cusprod-01/plain.yml
@ -1,14 +0,0 @@
 ---
 wordpress_image_version: latest
 connect_mail_protocol: "smtp"
 connect_mail_host: "smtp.office365.com"
 connect_mail_port: "587"
 connect_mail_user: "{{ connect_mail_user_vault }}"
 connect_mail_password: "{{ connect_mail_password_vault }}"
 connect_mail_properties_sender: "Info@egeld24.de"
 connect_mail_properties_sender_alias: "noreply"
 connect_mail_properties_smtp_auth: "true"
 connect_mail_properties_smtp_starttls_enable: "true"
 connect_mail_properties_smtp_starttls_required: "true"
--- a/host_vars/prodnso-mobene-cusprod-01/vault.yml
+++ b/host_vars/prodnso-mobene-cusprod-01/vault.yml
@ -1,10 +0,0 @@
 $ANSIBLE_VAULT;1.1;AES256
 63313634313235623162373139646237316436336364376237333463303339636135303036323135
 3339326265343539663634353235306436383963666162370a313862376337663239663162396163
 38636336646465636339353032636161613034363434346436326364653165323632303666323464
 3162336233343635380a626664376232653734316334383561333963343266616163356430653361
 32353934613365303464653938626536656337363039326237633835643662653032363633653263
 62333935353365653039383638353266633632656638346332633563323566306532336538336462
 62386634323937626662313964313933616336323935616231623637363663626231356533303063
 30326266363334643431336233376462303637303863656138333763633361346335643533336134
 36363231376638376433353061343334356238313464343266396537663630363430
--- a/host_vars/prodnso-mobene-cusqa-01/plain.yml
+++ b/host_vars/prodnso-mobene-cusqa-01/plain.yml
@ -1,14 +0,0 @@
 ---
 wordpress_image_version: latest
 connect_mail_protocol: "smtp"
 connect_mail_host: "smtp.office365.com"
 connect_mail_port: "587"
 connect_mail_user: "{{ connect_mail_user_vault }}"
 connect_mail_password: "{{ connect_mail_password_vault }}"
 connect_mail_properties_sender: "Info@egeld24.de"
 connect_mail_properties_sender_alias: "noreply"
 connect_mail_properties_smtp_auth: "true"
 connect_mail_properties_smtp_starttls_enable: "true"
 connect_mail_properties_smtp_starttls_required: "true"
--- a/host_vars/prodnso-mobene-cusqa-01/vault.yml
+++ b/host_vars/prodnso-mobene-cusqa-01/vault.yml
@ -1,10 +0,0 @@
 $ANSIBLE_VAULT;1.1;AES256
 34656337303930343532386532646463353864653937633637303733346462666333303034323037
 6633333162376661313838366334313034336162623164630a336132396361353431386135303439
 38383366616163363865366137316238666638383263326430653236383532303232636531323431
 3563623830303665610a356336363438373938373863663738633661616366323334323661346666
 61343632663635376264356263346430383236663363373331613639323065396533613635386531
 30646135333638343461386436663763393663313266363434623837373562636166393033396163
 65356633383732313034363965353162323230353263373537656539336364383935633436633334
 64633461336431353532323939303761653534313134326335363732623032306161653437353330
 38306561643033373033313963336164383235653639386261646134353237313639
--- a/import-database.yml
+++ b/import-database.yml
@ -76,18 +76,20 @@
        - always
  roles:
-    - role: import_maria_database
+# TODO deactivate mags flavored wordpress for now
-      when:
+#    - role: import_maria_database
-        - "'connect_wordpress' in group_names"
+#      when:
-        - "target_database is defined"
+#        - "'connect_wordpress' in group_names"
-        - "database_backup_file is defined"
+#        - "target_database is defined"
-
+#        - "database_backup_file is defined"
-    - role: import_maria_database
+
-      vars:
+# TODO deactivate mags flavored wordpress for now
-        target_database: "{{ connect_wordpress_maria_database }}"
+#    - role: import_maria_database
-      when:
+#      vars:
-        - "'connect_wordpress' in group_names"
+#        target_database: "{{ connect_wordpress_maria_database }}"
-        - "database_backup_file is defined"
+#      when:
 #        - "'connect_wordpress' in group_names"
 #        - "database_backup_file is defined"
 #############################################################
 #   Sending smardigo management message to process
--- a/roles/connect_wordpress/defaults/main.yml
+++ b/roles/connect_wordpress/defaults/main.yml
@ -1,4 +1,4 @@
 ---
 wordpress_image_name: "{{ shared_service_hostname_harbor }}/smardigo/wordpress"
-wordpress_image_version: '1.3.1'
+wordpress_image_version: "6.1.0.1"
--- a/roles/connect_wordpress/vars/main.yml
+++ b/roles/connect_wordpress/vars/main.yml
@ -1,71 +1,53 @@
 ---
-wordpress_labels: [
+wordpress_labels:
-  '"traefik.enable=true"',
+  - '"traefik.enable=true"'
-  '"traefik.http.routers.{{ wordpress_id }}.service={{ wordpress_id }}"',
+  - '"traefik.http.routers.{{ wordpress_id }}.service={{ wordpress_id }}"'
-  '"traefik.http.routers.{{ wordpress_id }}.rule=Host(`{{ wordpress_base_url }}`)"',
+  - '"traefik.http.routers.{{ wordpress_id }}.rule=Host(`{{ wordpress_base_url }}`)"'
-  '"traefik.http.routers.{{ wordpress_id }}.entrypoints=websecure"',
+  - '"traefik.http.routers.{{ wordpress_id }}.entrypoints=websecure"'
-  '"traefik.http.routers.{{ wordpress_id }}.tls=true"',
+  - '"traefik.http.routers.{{ wordpress_id }}.tls=true"'
-  '"traefik.http.routers.{{ wordpress_id }}.tls.certresolver=letsencrypt"',
+  - '"traefik.http.routers.{{ wordpress_id }}.tls.certresolver=letsencrypt"'
-  '"traefik.http.services.{{ wordpress_id }}.loadbalancer.server.port=80"',
+  - '"traefik.http.services.{{ wordpress_id }}.loadbalancer.server.port=80"'
 ]
-wordpress_docker: {
+  - '"traefik.http.routers.{{ wordpress_id }}-admin.service={{ wordpress_id }}-admin"'
-  networks: [
+  - '"traefik.http.routers.{{ wordpress_id }}-admin.rule=Host(`{{ wordpress_base_url }}`)&&(Path(`/wp-login.php`)||PathPrefix(`/wp-admin/`))"'
-    {
+  - '"traefik.http.routers.{{ wordpress_id }}-admin.entrypoints=websecure"'
-      name: back-tier,
+  - '"traefik.http.routers.{{ wordpress_id }}-admin.tls=true"'
-      external: true,
+  - '"traefik.http.routers.{{ wordpress_id }}-admin.tls.certresolver=letsencrypt"'
-    },
+  - '"traefik.http.services.{{ wordpress_id }}-admin.loadbalancer.server.port=80"'
-    {
+  - '"traefik.http.routers.{{ wordpress_id }}-admin.middlewares={{ wordpress_id }}-admin-ipwhitelist"'
-      name: front-tier,
+  - '"traefik.http.middlewares.{{ wordpress_id }}-admin-ipwhitelist.ipwhitelist.sourcerange={{ ip_whitelist | join(",") }}"'
-      external: true,
+
-    },
+wordpress_docker:
-  ],
+  networks:
-  volumes: [
+    - name: back-tier
-    {
+      external: true
-      name: "{{ wordpress_id }}-content"
+    - name: front-tier
-    },
+      external: true
-  ],
+  volumes:
-  services: [
+    - name: "{{ wordpress_id }}-content"
-    {
+  services:
-      name: "{{ wordpress_id }}",
+    - name: "{{ wordpress_id }}"
-      image_name: "{{ wordpress_image_name }}",
+      image_name: "{{ wordpress_image_name }}"
-      image_version: "{{ wordpress_image_version }}",
+      image_version: "{{ wordpress_image_version }}"
-      labels: "{{ wordpress_labels + ( wordpress_labels_additional | default([])) }}",
+      labels: "{{ wordpress_labels + ( wordpress_labels_additional | default([])) }}"
-      environment: [
+      environment:
-        "WORDPRESS_DB_HOST: \"{{ shared_service_maria_primary }}:{{ wordpress_mysql_port | default('3306') }}\"",
+        - "WORDPRESS_DB_HOST: \"{{ shared_service_maria_primary }}:{{ wordpress_mysql_port | default('3306') }}\""
-        "WORDPRESS_DB_USER: \"{{ connect_wordpress_maria_username }}\"",
+        - "WORDPRESS_DB_USER: \"{{ connect_wordpress_maria_username }}\""
-        "WORDPRESS_DB_PASSWORD: \"{{ connect_wordpress_maria_password }}\"",
+        - "WORDPRESS_DB_PASSWORD: \"{{ connect_wordpress_maria_password }}\""
-        "WORDPRESS_DB_NAME: \"{{ connect_wordpress_maria_database }}\"",
+        - "WORDPRESS_DB_NAME: \"{{ connect_wordpress_maria_database }}\""
-        "WORDPRESS_DEBUG: \"{{ wordpress_debug | default(1) }}\"",
+        - "WORDPRESS_DEBUG: \"{{ wordpress_debug | default(1) }}\""
-        "WORDPRESS_DOMAIN: \"{{ http_s }}://{{ wordpress_base_url }}\"",
+        - "WORDPRESS_DOMAIN: \"{{ http_s }}://{{ wordpress_base_url }}\""
-        "WORDPRESS_CONFIG_EXTRA: |",
+        - "WORDPRESS_CONFIG_EXTRA: |"
-        "  define( 'WP_HOME', 'https://{{ wordpress_base_url }}' );",
+        - "  define( 'WP_HOME', 'https://{{ wordpress_base_url }}' );"
-        "  define( 'WP_SITEURL', 'https://{{ wordpress_base_url }}' );",
+        - "  define( 'WP_SITEURL', 'https://{{ wordpress_base_url }}' );"
-        "  define( 'MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL | MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT );",
+        - "  define( 'MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL | MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT );"
-        "AUTH_API: \"https://{{ shared_service_hostname_keycloak }}\"",
+        - "RESOURCE_API: \"https://{{ connect_base_url }}\""
-        "RESOURCE_API: \"https://{{ connect_base_url }}\"",
+        - "SMARDIGO_AUTH_TOKEN_NAME: \"{{ smardigo_auth_token_name }}\""
-        "REALM_ID: \"{{ current_realm_name }}\"",
+        - "SMARDIGO_AUTH_TOKEN_VALUE: \"{{ smardigo_auth_token_value }}\""
-        "REGISTRATION_ID: \"{{ connect_wordpress_oidc_client_id }}\"",
+      volumes:
-        "CLIENT_ID: \"{{ connect_wordpress_oidc_client_id }}\"",
+        - '"{{ wordpress_id }}-content:/var/www/html/wp-content"'
-        "CLIENT_SECRET: \"{{ connect_wordpress_oidc_client_secret }}\"",
+      networks:
-        "CLIENT_USERNAME: \"{{ connect_wordpress_buergerportal_username }}\"",
+        - '"back-tier"'
-        "CLIENT_PASSWORD: \"{{ connect_wordpress_buergerportal_password }}\"",
+        - '"front-tier"'
-        "SK_NRW_ISSUER: \"{{ connect_wordpress_oidc_issuer }}\"",
+      extra_hosts: "{{ wordpress_extra_hosts | default([]) }}"
        "SK_NRW_PROVIDER_URL: \"{{ connect_wordpress_oidc_provider_url }}\"",
        "SK_NRW_CLIENT_ID: \"{{ connect_wordpress_oidc_client_id }}\"",
        "SK_NRW_CLIENT_SECRET: \"{{ connect_wordpress_oidc_client_secret }}\"",
        "SMARDIGO_AUTH_TOKEN_NAME: \"{{ smardigo_auth_token_name }}\"",
        "SMARDIGO_AUTH_TOKEN_VALUE: \"{{ smardigo_auth_token_value }}\"",
      ],
      volumes: [
        '"{{ wordpress_id }}-content:/var/www/html/wp-content"',
      ],
      networks: [
        '"back-tier"',
        '"front-tier"',
      ],
      extra_hosts: "{{ wordpress_extra_hosts | default([]) }}",
    },
  ],
 }
--- a/roles/keycloak/tasks/_create_realm_users.yml
+++ b/roles/keycloak/tasks/_create_realm_users.yml
@ -16,7 +16,7 @@
  delegate_to: 127.0.0.1
  become: false
  when:
-   - debug
+    - debug
 - name: "Saving users of realm {{ current_realm_name }} as variable (fact)"
  set_fact: