Operations grimoire/WordPress

From Nasqueron Agora

📕📁📜 Old technical information :: content warning

⌛ This Nasqueron Operations Grimoire page hasn't been updated for a long time.

☣ As our infrastructure evolves quickly, there is a good chance this information is outdated or now inaccurate. Be careful and consider update it.

➡️ To assert the information is still up-to-date or not, you can check the history of the relevant role in our Operations repository.

Plan to create a WordPress SaaS is documented at T1685.

Currently, only credentials are managed by the saas-mediawiki role, ie it allows to generate wp-config.php.

If you need a WordPress site, blog or more sophisticated, review T1685 plan, and if you agree with the plan, we can implement that quickly.

Add a new WordPress site

Standalone or multisite?

There are three cases to consider the hosting flavour you want:

    • Multisite. Do you only want a blog, or need Askimet plugin, standard themes like Twenty-something? Use the "trusted plugins only" WordPress multisite (formerly WordPress Mu) installation. Plugins and themes will be auto updated regularly.
    • Standalone. Do you need custom themes and plugins? You get your own wp-content folder (plugins, uploads, themes), specific wordpress-<user> php-fpm user and own credentials for db, to isolate your site from other ones.
    • A new multisite. Do you need a specific set of plugins for several sites? Create a new multisite with a specific set of rules.

Note: we don't encourage an approach "install them all": each plugin increases the surface of attack of the site, and you benefit to use the minimal set of plugin possible.

Small custom plugins only to configure settings require a standalone installation.

Credentials

Note for multisite
If a multisite installation is used, there is nothing to prepare, credentials are then shared for all the WordPress sites from that specific multisite installation.
Database
Create a database on the cluster B (MariaDB). A dedicated database only for this site is recommended. See Operations grimoire/MySQL.
WordPress secrets
Configure pillar/saas/mediawiki.sls, then use rOPS: utils/vault/wordpress-provision-secrets.py with the path given as secrets argument in the pillar to populate the needed secrets (8 for WordPress 6.2).