Operations grimoire/WordPress
From Nasqueron Agora
Plan to create a WordPress SaaS is documented at T1685.
Currently, only credentials are managed by the saas-mediawiki role, ie it allows to generate wp-config.php.
If you need a WordPress site, blog or more sophisticated, review T1685 plan, and if you agree with the plan, we can implement that quickly.
Add a new WordPress site
Standalone or multisite?
There are three cases to consider the hosting flavour you want:
- Multisite. Do you only want a blog, or need Askimet plugin, standard themes like Twenty-something? Use the "trusted plugins only" WordPress multisite (formerly WordPress Mu) installation. Plugins and themes will be auto updated regularly.
- Standalone. Do you need custom themes and plugins? You get your own wp-content folder (plugins, uploads, themes), specific wordpress-<user> php-fpm user and own credentials for db, to isolate your site from other ones.
- A new multisite. Do you need a specific set of plugins for several sites? Create a new multisite with a specific set of rules.
Note: we don't encourage an approach "install them all": each plugin increases the surface of attack of the site, and you benefit to use the minimal set of plugin possible.
Small custom plugins only to configure settings require a standalone installation.
Credentials
- Note for multisite
- If a multisite installation is used, there is nothing to prepare, credentials are then shared for all the WordPress sites from that specific multisite installation.
- Database
- Create a database on the cluster B (MariaDB). A dedicated database only for this site is recommended. See Operations grimoire/MySQL.
- WordPress secrets
- Configure pillar/saas/mediawiki.sls, then use rOPS: utils/vault/wordpress-provision-secrets.py with the path given as secrets argument in the pillar to populate the needed secrets (8 for WordPress 6.2).