Add the /help wiki ansible files

This goes in base because it's not really a competition.

Add the /help wiki ansible files
41e3a269 · Frank Duncan · ac52ee03 · 41e3a269 · 41e3a269 · 41e3a269
Commit 41e3a269 authored 3 years ago by Frank Duncan
--- a/base/helpwiki/ansible/helpwiki.yml
+++ b/base/helpwiki/ansible/helpwiki.yml
+---
+
+- hosts: mysql
+  become: true
+  become_user: "{{ deployment_user }}"
+  roles:
+    - mysql
+
+- hosts: mediawiki
+  become: true
+  become_user: "{{ deployment_user }}"
+  roles:
+    - mediawiki
+    - permissions
+    - simplefavorites
+    - simplesaml
+    - exporttables
+    # This should come after permissions because of overrides of defaults
+    - helpwiki
+    # This should always go last, to run db updates and restart
+    - finishmediawiki
--- a/base/helpwiki/ansible/inv/local/group_vars/all.tmpl
+++ b/base/helpwiki/ansible/inv/local/group_vars/all.tmpl
+---
+competition_name: help
+
+# Root web directory (where symlinks to the mediawiki instances
+# are installed)
+# e.g. /var/www/html
+html_directory: ${HTML_DIRECTORY}
+
+# We need to know what user we're deploying as, but the reason
+# here is complex.  At the base level, we need to know what
+# user torquedata should be running as.  But more than that,
+# we need to know who to 'become' in the ansible sense when
+# we're not becoming root.  The reason we have to specify
+# in a different variable than 'ansible_become_user', is
+# because that variable overrides task level declarations,
+# thereby overriding becoming root for tasks we need to.
+# So we store in a different variable and use at the top level
+# in main.yml.
+deployment_user: ${DEPLOYMENT_USER}
+
+# The root password needed to install mysql users
+mysql_root_password: ${MYSQL_ROOT_PASSWORD}
+
+# The DB credentials
+db_username: ${DB_USERNAME}
+db_password: ${DB_PASSWORD}
+
+# Sets the wgServer variable for mediawiki.  This needs to be set
+# for installations of mediawiki greater than 1.35.0, for security
+# reasons.  See https://phabricator.wikimedia.org/T30798
+mediawiki_sever: http://localhost
+
+# Directory to install all of the mediawiki needs
+# This must be an absolute path because of weirdness with unarchive
+mediawiki_install_directory: ${MEDIAWIKI_INSTALL_DIRECTORY}
+
+# The password for the mediawiki user admin to run automated
+# commands against wikis (such as csv2wiki, setup, etc)
+mediawiki_admin_password: ${MEDIAWIKI_ADMIN_PASSWORD}
+
+# Directory to install simplesaml
+simplesaml_install_directory: ${SIMPLESAML_INSTALL_DIRECTORY}
+
+# The metadata declaration, in the form of key => location.  The METADATA_NAME should
+# correspond to the single sign on url you have set up in okta, which will be of the form
+# http://<installationbox>/simplesaml/module.php/saml/sp/saml2-acs.php/__METADATA_NAME__
+#
+# Then the URL here should be the metadata url you receive from okta when looking at
+# your application settings for "Identity Provider metadata"
+#
+# See https://developer.okta.com/code/php/simplesamlphp/ for more information
+simplesaml_okta_metadata_name: ${SIMPLESAML_OKTA_METADATA_NAME}
+simplesaml_okta_metadata_url: ${SIMPLESAML_OKTA_METADATA_URL}
--- a/base/helpwiki/ansible/inv/local/hosts
+++ b/base/helpwiki/ansible/inv/local/hosts
+[mediawiki]
+localhost  ansible_connection=local
+
+[mysql]
+localhost  ansible_connection=local
--- a/base/helpwiki/ansible/inv/prod/group_vars/all/base
+++ b/base/helpwiki/ansible/inv/prod/group_vars/all/base
+---
+competition_name: help
+db_username: help_rw
+html_directory: /var/www/html
+mediawiki_server: https://torque.leverforchange.org
+mediawiki_install_directory: /home/deploy/help/
+
+simplesaml_install_directory: /home/deploy/simplesaml/
+
+deployment_user: deploy
--- a/base/helpwiki/ansible/inv/prod/hosts
+++ b/base/helpwiki/ansible/inv/prod/hosts
+[mediawiki]
+torque.leverforchange.org ansible_ssh_user="{{ lookup('env','OTS_USERNAME') }}"
+
+[mysql]
+torque.leverforchange.org ansible_ssh_user="{{ lookup('env','OTS_USERNAME') }}"
--- a/base/helpwiki/ansible/roles/helpwiki/files/.htaccess
+++ b/base/helpwiki/ansible/roles/helpwiki/files/.htaccess
+php_value upload_max_filesize 128M
+php_value post_max_size 128M
--- a/base/helpwiki/ansible/roles/helpwiki/files/LeverForChange_Logo.png
+++ b/base/helpwiki/ansible/roles/helpwiki/files/LeverForChange_Logo.png
--- a/base/helpwiki/ansible/roles/helpwiki/tasks/main.yml
+++ b/base/helpwiki/ansible/roles/helpwiki/tasks/main.yml
+---
+
+- name: Transfer LFC Logo
+  copy:
+    src: LeverForChange_Logo.png
+    dest: "{{ mediawiki_install_directory }}/mediawiki-{{ mediawiki_version }}/resources/assets/LeverForChange_Logo.png"
+
+- name: Install LFC Logo
+  lineinfile:
+    path: "{{ mediawiki_install_directory }}/mediawiki-{{ mediawiki_version }}/LocalSettings.php"
+    regexp: ^\$wgLogos = .*
+    line: $wgLogos = [ '1x' => "$wgResourceBasePath/resources/assets/LeverForChange_Logo.png" ];
+
+- name: Public Permissions
+  blockinfile:
+    marker: "## {mark} HELP WIKI PERMISSIONS"
+    path: "{{ mediawiki_install_directory }}/mediawiki-{{ mediawiki_version }}/LocalSettings.php"
+    block: |
+      $wgGroupPermissions['*']['read'] = true;
+      $wgGroupPermissions['*']['edit'] = false;
+      $wgGroupPermissions['user']['edit'] = true;
+      $wgPluggableAuth_EnableAutoLogin = false;
+      $wgPluggableAuth_EnableLocalLogin = false;