From be5701e5a5e3fbd4342e42635cb618bd34c87ee0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Soko=C5=82owski?= Date: Wed, 25 Sep 2024 14:58:11 +0200 Subject: [PATCH] add files from infra-office repo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jakub SokoĊ‚owski --- README.md | 61 +++++++++++ defaults/main.yml | 61 +++++++++++ tasks/backup.yml | 22 ++++ tasks/config.yml | 16 +++ tasks/consul.yml | 18 ++++ tasks/docker.yml | 24 +++++ tasks/extensions.yml | 42 ++++++++ tasks/init.yml | 38 +++++++ tasks/main.yml | 10 ++ tasks/scripts.yml | 28 +++++ templates/LocalSettings.php.j2 | 181 ++++++++++++++++++++++++++++++++ templates/app.env.j2 | 21 ++++ templates/db-admin.sh.j2 | 4 + templates/db.env.j2 | 5 + templates/docker-compose.yml.j2 | 45 ++++++++ templates/healthcheck.sh.j2 | 10 ++ templates/my.cnf.j2 | 6 ++ templates/nginx-proxy.conf.j2 | 9 ++ vars/extensions.yml | 35 ++++++ 19 files changed, 636 insertions(+) create mode 100644 README.md create mode 100644 defaults/main.yml create mode 100644 tasks/backup.yml create mode 100644 tasks/config.yml create mode 100644 tasks/consul.yml create mode 100644 tasks/docker.yml create mode 100644 tasks/extensions.yml create mode 100644 tasks/init.yml create mode 100644 tasks/main.yml create mode 100644 tasks/scripts.yml create mode 100644 templates/LocalSettings.php.j2 create mode 100644 templates/app.env.j2 create mode 100644 templates/db-admin.sh.j2 create mode 100644 templates/db.env.j2 create mode 100644 templates/docker-compose.yml.j2 create mode 100644 templates/healthcheck.sh.j2 create mode 100644 templates/my.cnf.j2 create mode 100644 templates/nginx-proxy.conf.j2 create mode 100644 vars/extensions.yml diff --git a/README.md b/README.md new file mode 100644 index 0000000..bfe6242 --- /dev/null +++ b/README.md @@ -0,0 +1,61 @@ +# Description + +This role deploys and instance of [MediaWiki](https://www.mediawiki.org/wiki/MediaWiki), which is a collaborative editing software written in PHP. + +# Configuration + +A bare minimum configuration would include: +```yaml +mediawiki_domain: 'wiki.example.org' +mediawiki_email: 'devops@example.org' +mediawiki_sitename: 'Logos' +mediawiki_bitnami_debug: false +mediawiki_admin_username: 'admin' +mediawiki_admin_password: 'super-secret-admin-password' +mediawiki_db_pass: 'super-secret-db-password' +mediawiki_secret_key: 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' +mediawiki_upgrade_key: 'bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb' +``` +You should also configure email sending: +```yaml +mediawiki_smtp_enabled: true +mediawiki_smtp_host: 'smtp.example.org' +mediawiki_smtp_port: 587 +mediawiki_smtp_user: 'username' +mediawiki_smtp_password: 'super-secret-password' +``` +In addition custom skinds and assets are installed using: +```yaml +mediawiki_skin_repo_url: 'https://github.com/example-org/mediawiki-skin.git' +``` +Unfortunately this does not support an actual skin repo but instead assumes the repo contains a folders called `Vector`, `languages` and `resources`. This of course makes absolutely no sense, but it is what it is. + +# Management + +## Service + +Deployment and management is done using [Docker Compose](https://docs.docker.com/compose/): +``` +admin@node-01.do-ams3.wiki.logos:/docker/mediawiki % docker-compose ps + Name Command State Ports +--------------------------------------------------------------------------------------------------- +mediawiki-app /opt/bitnami/scripts/media ... Up 0.0.0.0:8080->8080/tcp, 8443/tcp +mediawiki-db docker-entrypoint.sh --per ... Up (healthy) 127.0.0.1:3306->3306/tcp, 33060/tcp +``` + +## Users + +Two plugins have been installed to manage users: `` and `` + +They make available two special pages under: + +* https://wiki.example.org/wiki/Special:UserManager +* https://wiki.example.org/wiki/Special:GroupManager + +# Known Issues + +The [initialization scripts](https://github.com/bitnami/containers/blob/fd485db5011eca0c92b4d630c0328ae56236652c/bitnami/mediawiki/1/debian-11/rootfs/opt/bitnami/scripts/libmediawiki.sh#L113-L121) in `bitnami` Docker image do not run [`install.php`](https://github.com/wikimedia/mediawiki/blob/1.40.0/maintenance/install.php) if any volumes under `/bitnami/mediawiki` are mounted. For that reason we do not add the volumes at first startup, and allow the bootstrapping process - especially database schema creation - to run. Once that is done we can create and mount our own config and skins. + +# Links + +* https://github.com/status-im/infra-logos-office/issues/13 diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..ef8241c --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,61 @@ +--- +mediawiki_service_name: 'mediawiki' +mediawiki_service_path: '/docker/{{ mediawiki_service_name }}' +mediawiki_compose_file: '/docker/{{ mediawiki_service_name }}' +mediawiki_settings_path: '{{ mediawiki_app_cont_vol }}/LocalSettings.php' + +# Settings +#mediawiki_domain: 'wiki.example.org' +#mediawiki_sitename: 'Example Wiki' +mediawiki_email: 'noreply@example.org' +mediawiki_default_skin: 'vector-2022' +mediawiki_debug: false +# Secrets +#mediawiki_secret_key: 'super-secret-key' +#mediawiki_upgrade_key: 'super-secret-key' +# Admin User +mediawiki_admin_username: 'admin' +#mediawiki_admin_password: 'super-secret-password' +# Customizations +#mediawiki_skin_repo_url: ~ +mediawiki_skin_repo_path: '{{ mediawiki_app_cont_vol }}/skins' +# Extensions, list is loaded from vars. +mediawiki_extensions_path: '{{ mediawiki_app_cont_vol }}/extensions' +# Trusted proxy IPs +mediawiki_trusted_proxies: ['172.17.0.0/16'] +# SMTP Configuration +mediawiki_smtp_enabled: false +#mediawiki_smtp_host: ~ +#mediawiki_smtp_port: ~ +#mediawiki_smtp_user: ~ +#mediawiki_smtp_password: ~ + +# Containers - App +mediawiki_app_cont_name: '{{ mediawiki_service_name }}-app' +mediawiki_app_cont_vol: '{{ mediawiki_service_path }}/app' +mediawiki_app_cont_tag: '1.40.0' +mediawiki_app_cont_image: 'bitnami/mediawiki:{{ mediawiki_app_cont_tag }}' +mediawiki_app_cont_port: 8080 +mediawiki_app_cont_uid: 1001 +mediawiki_app_host_uid: '{{ 100000 + mediawiki_app_cont_uid | int }}' +# Containers - DB +mediawiki_db_cont_name: '{{ mediawiki_service_name }}-db' +mediawiki_db_cont_vol: '{{ mediawiki_service_path }}/db' +mediawiki_db_cont_tag: '8.1.0' +mediawiki_db_cont_image: 'mysql:{{ mediawiki_db_cont_tag }}' +mediawiki_db_cont_port: 3306 +mediawiki_db_cont_uid: 999 +mediawiki_db_host_uid: '{{ 100000 + mediawiki_db_cont_uid | int }}' +mediawiki_db_name: 'mediawiki' +mediawiki_db_user: 'mediawiki' +mediawiki_db_pass: 'changeIfYouCare' +# Backup +mediawiki_db_backup_service_name: 'dump-{{ mediawiki_service_name }}-db' +mediawiki_db_backup_user: 'root' +mediawiki_db_backup_frequency: 'daily' +mediawiki_db_backup_timeout: 600 + +# general container management +compose_recreate: 'smart' +compose_state: 'present' +compose_restart: false diff --git a/tasks/backup.yml b/tasks/backup.yml new file mode 100644 index 0000000..4b428d9 --- /dev/null +++ b/tasks/backup.yml @@ -0,0 +1,22 @@ +--- +- name: 'Create timer for MySQL backup' + include_role: name=systemd-timer + vars: + systemd_timer_description: 'Dump MediaWiki MySQL database.' + systemd_timer_name: '{{ mediawiki_db_backup_service_name }}' + systemd_timer_user: '{{ mediawiki_db_backup_user }}' + systemd_timer_frequency: '{{ mediawiki_db_backup_frequency }}' + systemd_timer_timeout_sec: '{{ mediawiki_db_backup_timeout }}' + systemd_timer_after_extra: 'docker.service' + systemd_timer_start_on_creation: false + systemd_timer_script_content: | + #!/usr/bin/env bash + BKP_PATH='{{ mediawiki_db_cont_vol }}/backup/{{ mediawiki_db_name }}.sql' + /usr/bin/docker exec -i {{ mediawiki_db_cont_name }} \ + mysqldump \ + -u {{ mediawiki_db_user }} \ + --password='{{ mediawiki_db_pass }}' \ + {{ mediawiki_db_name }} \ + > "${BKP_PATH}" + chgrp dockremap "${BKP_PATH}" + chmod 0640 "${BKP_PATH}" diff --git a/tasks/config.yml b/tasks/config.yml new file mode 100644 index 0000000..d937974 --- /dev/null +++ b/tasks/config.yml @@ -0,0 +1,16 @@ +--- +- name: 'Wait for the app to start' + wait_for: + port: '{{ mediawiki_app_cont_port }}' + delay: 5 + +# This file is created by install.php script at first start. +# We re-create it because we want control over its contents. +- name: 'Template MediaWiki config' + register: mediawiki_config_file + template: + src: 'LocalSettings.php.j2' + dest: '{{ mediawiki_settings_path }}' + owner: 'dockremap' + group: 'dockremap' + mode: 0644 diff --git a/tasks/consul.yml b/tasks/consul.yml new file mode 100644 index 0000000..d673447 --- /dev/null +++ b/tasks/consul.yml @@ -0,0 +1,18 @@ +--- +- name: Create Consul service definition + include_role: name=consul-service + vars: + consul_config_name: '{{ mediawiki_service_name }}' + consul_services: + - id: '{{ mediawiki_service_name }}' + name: '{{ mediawiki_service_name }}' + port: '{{ mediawiki_app_cont_port }}' + address: '{{ ansible_local.wireguard.address }}' + tags: ['ssl-proxy-backend', 'site', 'mediawiki'] + meta: + proxy_fqdn: '{{ mediawiki_domain | mandatory }}' + checks: + - id: '{{ mediawiki_service_name }}-health' + name: 'MediaWiki Healthcheck' + type: 'http' + http: 'http://localhost:{{ mediawiki_app_cont_port }}/FAQ' diff --git a/tasks/docker.yml b/tasks/docker.yml new file mode 100644 index 0000000..7f9df67 --- /dev/null +++ b/tasks/docker.yml @@ -0,0 +1,24 @@ +--- +- name: Check if configuration file exists + register: mediawiki_config_file_stat + stat: + path: '{{ mediawiki_settings_path }}' + +- name: 'Create compose file' + template: + src: 'docker-compose.yml.j2' + dest: '{{ mediawiki_service_path }}/docker-compose.yml' + owner: 'dockremap' + group: 'docker' + mode: 0644 + +- name: 'Create containers' + docker_compose: + project_src: '{{ mediawiki_service_path }}' + pull: true + state: '{{ compose_state }}' + restarted: '{{ compose_restart }}' + recreate: |- + {{ (mediawiki_skin_repo.changed + or (mediawiki_config_file is defined and mediawiki_config_file.changed)) + | ternary("always", compose_recreate) }} diff --git a/tasks/extensions.yml b/tasks/extensions.yml new file mode 100644 index 0000000..19423df --- /dev/null +++ b/tasks/extensions.yml @@ -0,0 +1,42 @@ +--- +- name: 'Load extensions list' + include_vars: + file: 'extensions.yml' + +- name: 'Download extensions' + with_items: '{{ mediawiki_extensions }}' + loop_control: + label: '{{ item.name }}' + get_url: + url: '{{ item.url }}' + dest: '{{ mediawiki_extensions_path }}' + checksum: 'sha256:{{ item.sha256 }}' + +- name: 'Unpack extensions' + with_items: '{{ mediawiki_extensions }}' + loop_control: + label: '{{ item.name }}' + unarchive: + src: '{{ mediawiki_extensions_path }}/{{ item.url | basename }}' + dest: '{{ mediawiki_extensions_path }}' + owner: 'dockremap' + group: 'docker' + mode: 0755 + remote_src: true + +- name: 'Remove extension tarballs' + with_items: '{{ mediawiki_extensions }}' + loop_control: + label: '{{ item.name }}' + file: + path: '{{ mediawiki_extensions_path }}/{{ item.url | basename }}' + state: 'absent' + +# HACK-FIX: Extensions expect to be in the same folder as the app. +# https://github.com/bitnami/containers/issues/48162 +- name: 'Symlink maintenance folder' + file: + src: '/opt/bitnami/mediawiki/maintenance' + dest: '{{ mediawiki_app_cont_vol }}/maintenance' + state: 'link' + force: true diff --git a/tasks/init.yml b/tasks/init.yml new file mode 100644 index 0000000..b668039 --- /dev/null +++ b/tasks/init.yml @@ -0,0 +1,38 @@ +--- +- name: 'Create data folder' + file: + dest: '{{ item.path }}' + owner: '{{ item.get("owner", "dockremap") }}' + group: 'docker' + state: 'directory' + mode: 0775 + recurse: true + with_items: + - { path: '{{ mediawiki_service_path }}' } + - { path: '{{ mediawiki_app_cont_vol }}' } + - { path: '{{ mediawiki_app_cont_vol }}/images', owner: '{{ mediawiki_app_host_uid }}' } + - { path: '{{ mediawiki_extensions_path }}', owner: '{{ mediawiki_app_host_uid }}' } + - { path: '{{ mediawiki_db_cont_vol }}/data', owner: '{{ mediawiki_db_host_uid }}' } + - { path: '{{ mediawiki_db_cont_vol }}/backup', owner: '{{ mediawiki_db_host_uid }}' } + +- name: 'Template container env files' + template: + src: '{{ item }}.j2' + dest: '{{ mediawiki_service_path }}/{{ item }}' + owner: 'dockremap' + group: 'dockremap' + mode: 0644 + with_items: + - 'db.env' + - 'app.env' + +# WARNING: This is not a normal skin repo, it's a monorepo. +- name: 'Clone skin repository' + register: mediawiki_skin_repo + when: mediawiki_skin_repo_url is defined + become_user: 'dockremap' + git: + repo: '{{ mediawiki_skin_repo_url | mandatory }}' + dest: '{{ mediawiki_skin_repo_path }}' + version: '{{ mediawiki_skin_repo_rev }}' + force: true diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..abba085 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,10 @@ +--- +- include_tasks: init.yml +- include_tasks: scripts.yml +- include_tasks: docker.yml +- include_tasks: extensions.yml +- include_tasks: config.yml +- include_tasks: docker.yml + when: mediawiki_config_file.changed +- include_tasks: backup.yml +- include_tasks: consul.yml diff --git a/tasks/scripts.yml b/tasks/scripts.yml new file mode 100644 index 0000000..e6a2288 --- /dev/null +++ b/tasks/scripts.yml @@ -0,0 +1,28 @@ +--- +- name: 'Instal MySQL client' + apt: + name: 'mysql-client' + +- name: 'Template database client config' + template: + src: 'my.cnf.j2' + dest: '{{ mediawiki_service_path }}/.my.cnf' + owner: 'root' + group: 'admin' + mode: 0640 + +- name: 'Template database admin script' + template: + src: 'db-admin.sh.j2' + dest: '{{ mediawiki_service_path }}/db-admin.sh' + owner: 'root' + group: 'admin' + mode: 0750 + +- name: 'Template app healthcheck script' + template: + src: 'healthcheck.sh.j2' + dest: '{{ mediawiki_app_cont_vol }}/healthcheck.sh' + owner: 'dockremap' + group: 'admin' + mode: 0755 diff --git a/templates/LocalSettings.php.j2 b/templates/LocalSettings.php.j2 new file mode 100644 index 0000000..0d3827c --- /dev/null +++ b/templates/LocalSettings.php.j2 @@ -0,0 +1,181 @@ + "$wgResourceBasePath/skins/resources/assets/change-your-logo.svg", + 'icon' => "$wgResourceBasePath/skins/resources/assets/change-your-logo-icon.svg", +]; + +## UPO means: this is also a user preference option + +$wgEnableEmail = true; +$wgEnableUserEmail = true; # UPO + +$wgEmergencyContact = "{{ mediawiki_email | mandatory }}"; +$wgPasswordSender = "{{ mediawiki_email | mandatory }}"; + +$wgEnotifUserTalk = false; # UPO +$wgEnotifWatchlist = false; # UPO +$wgEmailAuthentication = true; + +## Database settings +$wgDBtype = "mysql"; +$wgDBserver = "db"; +$wgDBname = "{{ mediawiki_db_name | mandatory }}"; +$wgDBuser = "{{ mediawiki_db_user | mandatory }}"; +$wgDBpassword = "{{ mediawiki_db_pass | mandatory }}"; + +# MySQL specific settings +$wgDBprefix = ""; + +# MySQL table options to use during installation or update +$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary"; + +## Shared memory settings +$wgMainCacheType = CACHE_NONE; +$wgMemCachedServers = []; + +## To enable image uploads, make sure the 'images' directory +## is writable, then set this to true: +$wgEnableUploads = true; +$wgUploadDirectory = "$wgResourceBasePath/images"; +#$wgUseImageMagick = true; +#$wgImageMagickConvertCommand = "/usr/bin/convert"; + +# InstantCommons allows wiki to use images from https://commons.wikimedia.org +$wgUseInstantCommons = false; + +# Periodically send a pingback to https://www.mediawiki.org/ with basic data +# about this MediaWiki instance. The Wikimedia Foundation shares this data +# with MediaWiki developers to help guide future development efforts. +$wgPingback = false; + +# Site language code, should be one of the list in ./includes/languages/data/Names.php +$wgLanguageCode = "en"; + +# Time zone +$wgLocaltimezone = "UTC"; + +## Set $wgCacheDirectory to a writable directory on the web server +## to make your wiki go slightly faster. The directory should not +## be publicly accessible from the web. +#$wgCacheDirectory = "$IP/cache"; + +$wgSecretKey = "{{ mediawiki_secret_key | mandatory }}"; + +# Changing this will log out all existing sessions. +$wgAuthenticationTokenVersion = "1"; + +# Site upgrade key. Must be set to a string (default provided) to turn on the +# web installer while LocalSettings.php is in place +$wgUpgradeKey = "{{ mediawiki_upgrade_key | mandatory }}"; + +## For attaching licensing metadata to pages, and displaying an +## appropriate copyright notice / icon. GNU Free Documentation +## License and Creative Commons licenses are supported so far. +$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright +$wgRightsUrl = ""; +$wgRightsText = ""; +$wgRightsIcon = ""; + +# Path to the GNU diff3 utility. Used for conflict resolution. +$wgDiff3 = "/usr/bin/diff3"; + +## Default skin: you can change the default skin. Use the internal symbolic +## names, e.g. 'vector' or 'monobook': +$wgDefaultSkin = "{{ mediawiki_default_skin | mandatory }}"; + +$wgShowExceptionDetails = true; +$wgShowDBErrorBacktrace = true; + +# Enabled skins. +# The following skins were automatically enabled: +wfLoadSkin( 'Vector' ); + +# Enable extensions. +{% for extension in mediawiki_extensions %} +wfLoadExtension( '{{ extension.name }}' ); +{% endfor %} + +# Enable OAUth for users. +$wgGroupPermissions['user']['oathauth-enable'] = true; + +# Accept client IPs from X-Forwarded-For +$wgUsePrivateIPs = true; +$wgCdnServersNoPurge = []; +{% for proxy_addr in mediawiki_trusted_proxies %} +$wgCdnServersNoPurge[] = '{{ proxy_addr }}'; +{% endfor %} + +{% if mediawiki_smtp_enabled %} +# SMTP Configuration +$wgSMTP = [ + 'IDHost' => '{{ mediawiki_domain | mandatory }}', + 'localhost' => '{{ mediawiki_domain | mandatory }}', + 'host' => '{{ mediawiki_smtp_host | mandatory }}', + 'port' => {{ mediawiki_smtp_port | mandatory }}, + 'username' => '{{ mediawiki_smtp_user | mandatory }}', + 'password' => '{{ mediawiki_smtp_password | mandatory }}', + 'auth' => true, +]; + +{% endif %} +# End of automatically generated settings. +# Add more configuration options below. +$wgArticlePath = "/wiki/$1"; +$wgUsePathInfo = true; +{% if mediawiki_debug %} + +# Enable debug logging +$wgShowDebug = true; +$wgDebugDumpSql = true; + +error_reporting( -1 ); +ini_set( 'display_errors', 1 ); + +if ( !defined( 'STDERR' ) ) { + define( 'STDERR', fopen( 'php://stderr', 'w' ) ); +} + +if ( !isset( $maintClass ) || ( isset( $maintClass ) && $maintClass !== 'PHPUnitMaintClass' ) ) { + $wgMWLoggerDefaultSpi = [ + 'class' => \MediaWiki\Logger\ConsoleSpi::class, + ]; +} +{% endif %} diff --git a/templates/app.env.j2 b/templates/app.env.j2 new file mode 100644 index 0000000..cdc3f67 --- /dev/null +++ b/templates/app.env.j2 @@ -0,0 +1,21 @@ +BITNAMI_DEBUG='{{ mediawiki_debug }}' +MEDIAWIKI_USERNAME='{{ mediawiki_admin_username | mandatory }}' +MEDIAWIKI_PASSWORD='{{ mediawiki_admin_password | mandatory }}' +MEDIAWIKI_EMAIL='{{ mediawiki_email | mandatory }}' +MEDIAWIKI_HOST='{{ mediawiki_domain | mandatory }}' +MEDIAWIKI_WIKI_NAME='{{ mediawiki_sitename | mandatory }}' +MEDIAWIKI_ENABLE_HTTPS='true' +MEDIAWIKI_DATABASE_HOST='db' +MEDIAWIKI_DATABASE_PORT_NUMBER='{{ mediawiki_db_cont_port | mandatory }}' +MEDIAWIKI_DATABASE_NAME='{{ mediawiki_db_name | mandatory }}' +MEDIAWIKI_DATABASE_USER='{{ mediawiki_db_user | mandatory }}' +MEDIAWIKI_DATABASE_PASSWORD='{{ mediawiki_db_pass | mandatory }}' +{% if mediawiki_smtp_enabled %} +# SMTP +MEDIAWIKI_SMTP_HOST_ID='{{ mediawiki_domain | mandatory }}' +MEDIAWIKI_SMTP_HOST='{{ mediawiki_smtp_host | mandatory }}' +MEDIAWIKI_SMTP_PORT='{{ mediawiki_smtp_port | mandatory }}' +MEDIAWIKI_SMTP_USER='{{ mediawiki_smtp_user | mandatory }}' +MEDIAWIKI_SMTP_PASSWORD='{{ mediawiki_smtp_password | mandatory }}' +MEDIAWIKI_ENABLE_SMTP_AUTH='true' +{% endif %} diff --git a/templates/db-admin.sh.j2 b/templates/db-admin.sh.j2 new file mode 100644 index 0000000..ba7f32b --- /dev/null +++ b/templates/db-admin.sh.j2 @@ -0,0 +1,4 @@ +#!/usr/bin/env bash +# vim: set ft=sh: +set -Eeo pipefail +exec mysql --defaults-file="{{ mediawiki_service_path }}/.my.cnf" --silent "${@}" diff --git a/templates/db.env.j2 b/templates/db.env.j2 new file mode 100644 index 0000000..6754367 --- /dev/null +++ b/templates/db.env.j2 @@ -0,0 +1,5 @@ +MYSQL_TCP_PORT='{{ mediawiki_db_cont_port | mandatory }}' +MYSQL_DATABASE='{{ mediawiki_db_name | mandatory }}' +MYSQL_ROOT_PASSWORD='{{ mediawiki_db_pass | mandatory }}' +MYSQL_USER='{{ mediawiki_db_user | mandatory }}' +MYSQL_PASSWORD='{{ mediawiki_db_pass | mandatory }}' diff --git a/templates/docker-compose.yml.j2 b/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..e8b8229 --- /dev/null +++ b/templates/docker-compose.yml.j2 @@ -0,0 +1,45 @@ +--- +version: '3.7' +services: + app: + container_name: '{{ mediawiki_app_cont_name }}' + image: '{{ mediawiki_app_cont_image }}' + restart: 'always' + env_file: + - '{{ mediawiki_service_path }}/app.env' +{# For DB bootstrap to work volumes cannot be mounted at first start. #} +{% if mediawiki_config_file_stat.stat.exists %} + volumes: + - '{{ mediawiki_app_cont_vol }}:/bitnami/mediawiki' +{% endif %} + ports: + - '0.0.0.0:{{ mediawiki_app_cont_port }}:{{ mediawiki_app_cont_port }}/tcp' + depends_on: + - 'db' + healthcheck: + test: ['CMD', '/bitnami/mediawiki/healthcheck.sh'] + interval: 60s + timeout: 10s + retries: 5 + + db: + container_name: '{{ mediawiki_db_cont_name }}' + image: '{{ mediawiki_db_cont_image }}' + restart: 'always' + user: 'mysql' + env_file: + - '{{ mediawiki_service_path }}/db.env' + ports: + - '127.0.0.1:{{ mediawiki_db_cont_port }}:{{ mediawiki_db_cont_port }}/tcp' + tmpfs: + - '/tmp' + volumes: + - '{{ mediawiki_db_cont_vol }}/data:/var/lib/mysql:rw' + - '{{ mediawiki_db_cont_vol }}/backup:/backup:rw' + command: | + --performance-schema=OFF + healthcheck: + test: ['CMD', 'mysqladmin' ,'ping', '-h', 'localhost'] + interval: 60s + timeout: 10s + retries: 5 diff --git a/templates/healthcheck.sh.j2 b/templates/healthcheck.sh.j2 new file mode 100644 index 0000000..a8f0c66 --- /dev/null +++ b/templates/healthcheck.sh.j2 @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +# vim: ft=bash +# This script is just a workaround for lack curl or wget. +# https://ceh51.blogspot.com/2016/07/how-to-open-tcpudp-sockets-bash-shell.html +exec 5<>/dev/tcp/localhost/{{ mediawiki_app_cont_port }} +echo -e 'GET /FAQ HTTP/1.1\r +Host: localhost:{{ mediawiki_app_cont_port }}\r +Connection: close\r +\r' >&5 +timeout 1 cat <&5 | grep FAQ || exit 1 diff --git a/templates/my.cnf.j2 b/templates/my.cnf.j2 new file mode 100644 index 0000000..d83e337 --- /dev/null +++ b/templates/my.cnf.j2 @@ -0,0 +1,6 @@ +[client] +host=127.0.0.1 +port={{ mediawiki_db_cont_port | mandatory }} +user={{ mediawiki_db_user | mandatory }} +password={{ mediawiki_db_pass | mandatory }} +database={{ mediawiki_db_name | mandatory }} diff --git a/templates/nginx-proxy.conf.j2 b/templates/nginx-proxy.conf.j2 new file mode 100644 index 0000000..1fcf76c --- /dev/null +++ b/templates/nginx-proxy.conf.j2 @@ -0,0 +1,9 @@ +server { + listen {{ mediawiki_proxy_port }}; + + location { + fastcgi_pass http://localhost:{{ mediawiki_app_cont_port }}/; + fastcgi_index index.php; + include fastcgi_params; + } +} diff --git a/vars/extensions.yml b/vars/extensions.yml new file mode 100644 index 0000000..c399f88 --- /dev/null +++ b/vars/extensions.yml @@ -0,0 +1,35 @@ +--- +mediawiki_extensions_url: 'https://extdist.wmflabs.org/dist/extensions' +mediawiki_extensions: + - name: 'ExtJSBase' + url: '{{ mediawiki_extensions_url }}/ExtJSBase-REL1_40-f9709ec.tar.gz' + sha256: '51e7ac7f54106644809be66232f6be0409b88c2a7c4dd76670d4a3c4b87576a5' + + - name: 'OOJSPlus' + url: '{{ mediawiki_extensions_url }}/OOJSPlus-master-d150154.tar.gz' + sha256: '298df68031a00537fe906a387d65135cf9cdd8cc99b85b81504d207f7fd8e8b8' + + - name: 'BlueSpiceFoundation' + url: '{{ mediawiki_extensions_url }}/BlueSpiceFoundation-REL1_40-5cb388e.tar.gz' + sha256: '5384ed88189958b5b62bad4d628d78e6cad12c90470eaba3a5ed7e3b4d041315' + + - name: 'BlueSpiceUserManager' + url: '{{ mediawiki_extensions_url }}/BlueSpiceGroupManager-REL1_40-7be30d9.tar.gz' + sha256: 'bc2b68096a02c8dbf27bb396f2b29363a47bd6b7ce09c37dde91d4cda87e427e' + + - name: 'BlueSpiceGroupManager' + url: '{{ mediawiki_extensions_url }}/BlueSpiceUserManager-master-3a800c4.tar.gz' + sha256: '5eec1a8a3ffb893a694b2c3960b35186d32ca836841b9b0bd54f9972e316e54a' + + - name: 'UserGroups' + url: '{{ mediawiki_extensions_url }}/UserGroups-REL1_40-37636b4.tar.gz' + sha256: '2cde8c6c4d4f8a8e9406fcd9c1ddaaed6d73fa9e1df59a3887705dd4873ec7ea' + + - name: 'CheckUser' + url: '{{ mediawiki_extensions_url }}/CheckUser-REL1_40-8965b30.tar.gz' + sha256: '6b25f5fd57af03c068bd2690d3e383275ab199239bc77050b74f47b073a7fee4' + + - name: 'OATHAuth' + url: '{{ mediawiki_extensions_url }}/OATHAuth-REL1_40-32e1429.tar.gz' + sha256: '9b590a79e98dbcd307e329f151677cf569805e7ee0b08366b5c9c7b0af491973' +