Operations grimoire/WordPress

From Nasqueron Agora

📕📁📜 Old technical information :: content warning

⌛ This Nasqueron Operations Grimoire page hasn't been updated for a long time.

☣ As our infrastructure evolves quickly, there is a good chance this information is outdated or now inaccurate. Be careful and consider update it.

➡️ To assert the information is still up-to-date or not, you can check the history of the relevant role in our Operations repository.

Plan to create a WordPress SaaS is documented at T1685.

Currently, only credentials are managed by the saas-mediawiki role, ie it allows to generate wp-config.php.

If you need a WordPress site, blog or more sophisticated, review T1685 plan, and if you agree with the plan, we can implement that quickly.

Who can use this?

This SaaS can host WordPress sites for:

 * Nasqueron projects
 * Nasqueron members
 * Open source projects
 * Free culture projects

Content needs also to be licensed under an open source / free content license, like CC-BY or CC-BY-SA. Database content needs to be licensed under an open data license.

Code for custom plugins and themes should be licensed under an open source license too.

This is the same policy than other hosting.

Add a new WordPress site

Salt configuration

WordPress sites are defined in rOPS: pillar/saas/wordpress.sls. That's the file to edit to add a new one.

Standalone or multisite?

There are three cases to consider the hosting flavour you want:

    • Multisite. Do you only want a blog, or need Askimet plugin, standard themes like Twenty-something? Use the "trusted plugins only" WordPress multisite (formerly WordPress Mu) installation. Plugins and themes will be auto updated regularly.
    • Standalone. Do you need custom themes and plugins? You get your own wp-content folder (plugins, uploads, themes), specific wordpress-<user> php-fpm user and own credentials for db, to isolate your site from other ones.
    • A new multisite. Do you need a specific set of plugins for several sites? Create a new multisite with a specific set of rules.

Note: we don't encourage an approach "install them all": each plugin increases the surface of attack of the site, and you benefit to use the minimal set of plugin possible.

Small custom plugins only to configure settings require a standalone installation.

Credentials

Note for multisite
If a multisite installation is used, there is nothing to prepare, credentials are then shared for all the WordPress sites from that specific multisite installation.
Database
Create a database on the cluster B (MariaDB). A dedicated database only for this site is recommended. See Operations grimoire/MySQL.
WordPress secrets
Configure pillar/saas/mediawiki.sls, then use rOPS: utils/vault/wordpress-provision-secrets.py with the path given as secrets argument in the pillar to populate the needed secrets (8 for WordPress 6.2).