Operations grimoire/WordPress: Difference between revisions

From Nasqueron Agora
(→‎= Credentials: heading level correction)
No edit summary
 
(One intermediate revision by the same user not shown)
Line 4: Line 4:


If you need a WordPress site, blog or more sophisticated, review T1685 plan, and if you agree with the plan, we can implement that quickly.
If you need a WordPress site, blog or more sophisticated, review T1685 plan, and if you agree with the plan, we can implement that quickly.
== Who can use this? ==
This SaaS can host WordPress sites for:
  * Nasqueron projects
  * Nasqueron members
  * Open source projects
  * Free culture projects
Content needs also to be licensed under an open source / free content license, like CC-BY or CC-BY-SA. Database content needs to be licensed under an open data license.
Code for custom plugins and themes should be licensed under an open source license too.
This is the same policy than other hosting.


== Add a new WordPress site ==
== Add a new WordPress site ==
=== Salt configuration ===
WordPress sites are defined in {{Ops file|pillar/saas/wordpress.sls}}. That's the file to edit to add a new one.
=== Standalone or multisite? ===
There are three cases to consider the hosting flavour you want:
** '''Multisite.''' Do you only want a blog, or need Askimet plugin, standard themes like Twenty-something? Use the "trusted plugins only" WordPress multisite (formerly WordPress Mu) installation. Plugins and themes will be auto updated regularly.
** '''Standalone.''' Do you need custom themes and plugins? You get your own wp-content folder (plugins, uploads, themes), specific wordpress-<user> php-fpm user and own credentials for db, to isolate your site from other ones.
** '''A new multisite.''' Do you need a specific set of plugins for several sites? Create a new multisite with a specific set of rules.
Note: we don't encourage an approach "install them all": each plugin increases the surface of attack of the site, and you benefit to use the minimal set of plugin possible.
Small custom plugins only to configure settings require a standalone installation.
=== Credentials ===
=== Credentials ===
;Note for multisite
;Note for multisite
:If a multisite installation is used, there is nothing to prepare, credentials are then share for all the WordPress sites from that specific multisite installation.
:If a multisite installation is used, there is nothing to prepare, credentials are then shared for all the WordPress sites from that specific multisite installation.
;Database
;Database
:Create a database on the cluster B (MariaDB). A dedicated database only for this site is recommended. See [[Operations grimoire/MySQL]].
:Create a database on the cluster B (MariaDB). A dedicated database only for this site is recommended. See [[Operations grimoire/MySQL]].
;WordPress secrets
;WordPress secrets
:Configure pillar/saas/mediawiki.sls, then use {{Ops file|utils/vault/wordpress-provision-secrets.py}} with the path given as secrets argument in the pillar to populate the needed secrets (8 for WordPress 6.2).
:Configure pillar/saas/mediawiki.sls, then use {{Ops file|utils/vault/wordpress-provision-secrets.py}} with the path given as secrets argument in the pillar to populate the needed secrets (8 for WordPress 6.2).

Latest revision as of 14:28, 1 May 2023

Plan to create a WordPress SaaS is documented at T1685.

Currently, only credentials are managed by the saas-mediawiki role, ie it allows to generate wp-config.php.

If you need a WordPress site, blog or more sophisticated, review T1685 plan, and if you agree with the plan, we can implement that quickly.

Who can use this?

This SaaS can host WordPress sites for:

 * Nasqueron projects
 * Nasqueron members
 * Open source projects
 * Free culture projects

Content needs also to be licensed under an open source / free content license, like CC-BY or CC-BY-SA. Database content needs to be licensed under an open data license.

Code for custom plugins and themes should be licensed under an open source license too.

This is the same policy than other hosting.

Add a new WordPress site

Salt configuration

WordPress sites are defined in rOPS: pillar/saas/wordpress.sls. That's the file to edit to add a new one.

Standalone or multisite?

There are three cases to consider the hosting flavour you want:

    • Multisite. Do you only want a blog, or need Askimet plugin, standard themes like Twenty-something? Use the "trusted plugins only" WordPress multisite (formerly WordPress Mu) installation. Plugins and themes will be auto updated regularly.
    • Standalone. Do you need custom themes and plugins? You get your own wp-content folder (plugins, uploads, themes), specific wordpress-<user> php-fpm user and own credentials for db, to isolate your site from other ones.
    • A new multisite. Do you need a specific set of plugins for several sites? Create a new multisite with a specific set of rules.

Note: we don't encourage an approach "install them all": each plugin increases the surface of attack of the site, and you benefit to use the minimal set of plugin possible.

Small custom plugins only to configure settings require a standalone installation.

Credentials

Note for multisite
If a multisite installation is used, there is nothing to prepare, credentials are then shared for all the WordPress sites from that specific multisite installation.
Database
Create a database on the cluster B (MariaDB). A dedicated database only for this site is recommended. See Operations grimoire/MySQL.
WordPress secrets
Configure pillar/saas/mediawiki.sls, then use rOPS: utils/vault/wordpress-provision-secrets.py with the path given as secrets argument in the pillar to populate the needed secrets (8 for WordPress 6.2).