feat(web-app-joomla): reliable first-run install, safe debug toggler, DB patching, LDAP scaffolding

Why - Fix flaky first-run installs and make config edits idempotent. - Prepare LDAP support and allow optional inline CSP for UI. - Improve observability and guard against broken configuration.php. What - config/main.yml: enable features.ldap; add CSP flags (allow inline style/script elem); minor spacing. - tasks/: split into 01_install (wait for core, absolute CLI path), 02_debug (toggle $debug/$error_reporting safely), 03_patch (patch DB creds in configuration.php), 04_ldap (configure plugin via helper), 05_assert (optional php -l). - templates/Dockerfile.j2: conditionally install/compile php-ldap (fallback to docker-php-ext-install with libsasl2-dev). - templates/cli-ldap.php.j2: idempotently enable & configure Authentication - LDAP from env. - templates/docker-compose.yml.j2: build custom image when LDAP is enabled; mount cli-ldap.php; pull_policy: never. - templates/env.j2: add site/admin vars, MariaDB connector/env, full LDAP env. - vars/main.yml: default to MariaDB (mysqli), add JOOMLA_* vars incl. JOOMLA_CONFIG_FILE. Notes - LDAP path implemented but NOT yet tested end-to-end. - Ref: https://chatgpt.com/share/68b068a8-2aa4-800f-8cd1-56383561a9a8.
2025-08-30 07:18:09 +02:00 · 2025-08-28 16:33:45 +02:00
parent dece6228a4
commit 18f3b1042f
12 changed files with 351 additions and 16 deletions
--- a/roles/web-app-joomla/tasks/main.yml
+++ b/roles/web-app-joomla/tasks/main.yml
@@ -1,7 +1,34 @@
 ---
- name: "load docker, db and proxy for {{ application_id }}"
-  include_role: 
-    name: cmp-db-docker-proxy
-  loop: "{{ domains }}"
+- name: "Include role srv-domain-provision for {{ application_id }}"
+  include_role:
+    name: srv-domain-provision
+  loop: "{{ JOOMLA_DOMAINS }}"
  loop_control:
-    loop_var: domain
+    loop_var: domain
+  vars:
+    http_port: "{{ ports.localhost.http[application_id] }}"
+
+- name: "load docker and db for {{ application_id }}"
+  include_role: 
+    name: cmp-db-docker
+  vars:
+    docker_compose_flush_handlers: false
+
+- name: "Render LDAP CLI helper"
+  template:
+    src: cli-ldap.php.j2
+    dest: "{{ JOOMLA_LDAP_CONF_FILE }}"
+    mode: "0644"
+  when: JOOMLA_LDAP_ENABLED | bool
+
+- name: "flush docker compose handlers"
+  meta: flush_handlers
+
+- name: Include install routines
+  include_tasks: "{{ item }}"
+  loop:
+    - 01_install.yml
+    - 02_debug.yml
+    - 03_patch.yml
+    - 04_ldap.yml
+    - 05_assert.yml