feat(web-app-joomla): reliable first-run install, safe debug toggler, DB patching, LDAP scaffolding

Why - Fix flaky first-run installs and make config edits idempotent. - Prepare LDAP support and allow optional inline CSP for UI. - Improve observability and guard against broken configuration.php. What - config/main.yml: enable features.ldap; add CSP flags (allow inline style/script elem); minor spacing. - tasks/: split into 01_install (wait for core, absolute CLI path), 02_debug (toggle $debug/$error_reporting safely), 03_patch (patch DB creds in configuration.php), 04_ldap (configure plugin via helper), 05_assert (optional php -l). - templates/Dockerfile.j2: conditionally install/compile php-ldap (fallback to docker-php-ext-install with libsasl2-dev). - templates/cli-ldap.php.j2: idempotently enable & configure Authentication - LDAP from env. - templates/docker-compose.yml.j2: build custom image when LDAP is enabled; mount cli-ldap.php; pull_policy: never. - templates/env.j2: add site/admin vars, MariaDB connector/env, full LDAP env. - vars/main.yml: default to MariaDB (mysqli), add JOOMLA_* vars incl. JOOMLA_CONFIG_FILE. Notes - LDAP path implemented but NOT yet tested end-to-end. - Ref: https://chatgpt.com/share/68b068a8-2aa4-800f-8cd1-56383561a9a8.
2025-08-30 15:28:12 +02:00 · 2025-08-28 16:33:45 +02:00
parent dece6228a4
commit 18f3b1042f
12 changed files with 351 additions and 16 deletions
--- a/roles/web-app-joomla/tasks/03_patch.yml
+++ b/roles/web-app-joomla/tasks/03_patch.yml
@@ -0,0 +1,52 @@
+- name: "Ensure configuration.php DB settings match inventory"
+  command:
+    argv:
+      - docker
+      - exec
+      - -e
+      - J_DBTYPE={{ JOOMLA_DB_CONNECTOR }}
+      - -e
+      - J_DBHOST={{ database_host }}:{{ database_port }}
+      - -e
+      - J_DBUSER={{ database_username }}
+      - -e
+      - J_DBPASS={{ database_password }}
+      - -e
+      - J_DBNAME={{ database_name }}
+      - "{{ JOOMLA_CONTAINER }}"
+      - php
+      - -r
+      - |
+        $f = '{{ JOOMLA_CONFIG_FILE }}';
+        if (!file_exists($f)) { exit(0); }
+        $c = file_get_contents($f);
+        $changed = 0;
+
+        $map = [
+          'dbtype'   => getenv('J_DBTYPE'),
+          'host'     => getenv('J_DBHOST'),
+          'user'     => getenv('J_DBUSER'),
+          'password' => getenv('J_DBPASS'),
+          'db'       => getenv('J_DBNAME'),
+        ];
+
+        foreach ($map as $k => $v) {
+          // Escape single quotes for safe embedding into the PHP source string
+          $vEsc = str_replace("'", "\\'", $v);
+
+          // Match current value in config: public $key = '...';
+          if (preg_match("/public \\$".$k."\\s*=\\s*'([^']*)';/", $c, $m) && $m[1] !== $v) {
+            $c = preg_replace(
+              "/public \\$".$k."\\s*=\\s*'[^']*';/",
+              "public $".$k." = '".$vEsc."';",
+              $c
+            );
+            $changed = 1;
+          }
+        }
+
+        if ($changed) { file_put_contents($f, $c); echo "changed"; } else { echo "ok"; }
+  register: cfg_patch
+  changed_when: cfg_patch.stdout == "changed"
+  failed_when: cfg_patch.rc != 0
+  when: joomla_installed.rc == 0