Fix XWiki automation bootstrap:

- Accept HTTP 302 (Distribution Wizard redirects) in REST readiness and extension checks
- Treat 302 as missing admin user during bootstrap
- Move superadmin password to xwiki.cfg (correct location)
- Disable automatic Distribution Wizard start in xwiki.properties
- Standardize run_once includes for postgres, cdn, and xwiki roles

See: https://chatgpt.com/share/68c3a67b-80b4-800f-8a90-ebdcd4abb86c

roles/web-app-xwiki/tasks/01_core.yml

@@ -22,7 +22,7 @@
 - name: "Wait until XWiki REST is ready"
   uri:
     url: "http://127.0.0.1:{{ XWIKI_HOST_PORT }}/xwiki/rest/"
-    status_code: [200, 401]
+    status_code: [200, 401, 302]
     return_content: no
   register: xwiki_rest_up
   retries: 60
@@ -38,7 +38,7 @@
     user: "{{ XWIKI_ADMIN_USER }}"
     password: "{{ XWIKI_ADMIN_PASS }}"
     force_basic_auth: yes
-    status_code: [200,404]
+    status_code: [200, 404, 302]
   register: xwiki_oidc_ext
   when: XWIKI_OIDC_ENABLED | bool
 
@@ -49,7 +49,7 @@
     user: "{{ XWIKI_ADMIN_USER }}"
     password: "{{ XWIKI_ADMIN_PASS }}"
     force_basic_auth: yes
-    status_code: [200,404]
+    status_code: [200, 404, 302]
   register: xwiki_ldap_ext
   when: XWIKI_LDAP_ENABLED | bool
 
@@ -67,4 +67,4 @@
     - (XWIKI_OIDC_ENABLED | bool and xwiki_oidc_ext.status == 404) or
       (XWIKI_LDAP_ENABLED | bool and (xwiki_ldap_ext is not skipped) and xwiki_ldap_ext.status == 404)
 
-- include_tasks: utils/run_once.yml
+- include_tasks: utils/run_once.yml

roles/web-app-xwiki/tasks/02_bootstrap_admin.yml

@@ -1,32 +1,33 @@
 ---
-# Wait until REST endpoint is available (01_core usually ensures this, but we add safety)
+# Wait until REST endpoint is available (01_core usually ensures this, but add safety)
 - name: "XWIKI | Wait until REST answers"
   uri:
     url: "http://127.0.0.1:{{ XWIKI_HOST_PORT }}/xwiki/rest/"
-    status_code: [200,401]
+    status_code: [200, 401]
   register: _rest_ping
   retries: 60
   delay: 5
   until: _rest_ping is succeeded
 
-# Check if the target admin already exists (404 = missing)
+# Check if the target admin already exists
+# 404 => missing, 302 => DW redirect (treat as missing for bootstrap)
 - name: "XWIKI | Check if target admin user exists"
   uri:
     url: "{{ XWIKI_REST_GENERAL }}/users/{{ XWIKI_ADMIN_USER | urlencode }}"
     method: GET
     user: "{{ XWIKI_SUPERADMIN_USERNAME }}"
-    password: "{{ XWIKI_SUPERADMIN_PASSWORD  }}"
+    password: "{{ XWIKI_SUPERADMIN_PASSWORD }}"
     force_basic_auth: true
-    status_code: [200,404]
+    status_code: [200, 404, 302]
   register: _admin_exists
 
-# Create admin user if not existing
+# Create admin user if not existing (or DW still redirecting)
 - name: "XWIKI | Create admin user via REST"
   uri:
     url: "{{ XWIKI_REST_GENERAL }}/users"
     method: POST
     user: "{{ XWIKI_SUPERADMIN_USERNAME }}"
-    password: "{{ XWIKI_SUPERADMIN_PASSWORD  }}"
+    password: "{{ XWIKI_SUPERADMIN_PASSWORD }}"
     force_basic_auth: true
     status_code: 201
     headers:
@@ -39,4 +40,4 @@
         <username>{{ XWIKI_ADMIN_USER }}</username>
         <password>{{ XWIKI_ADMIN_PASS }}</password>
       </user>
-  when: _admin_exists.status == 404
+  when: _admin_exists.status in [404, 302]

roles/web-app-xwiki/templates/xwiki.cfg.j2

@@ -18,3 +18,6 @@ xwiki.authentication.ldap.update_user=1
 # Fallback: Native XWiki Auth
 # xwiki.authentication.authclass=com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl
 {% endif %}
+
+# ---- Superadmin must live in xwiki.cfg (not in xwiki.properties)
+xwiki.superadminpassword={{ XWIKI_SUPERADMIN_PASSWORD }}

roles/web-app-xwiki/templates/xwiki.properties.j2

@@ -14,4 +14,9 @@ oidc.userinfoclaims={{ XWIKI_OIDC_GROUPS_CLAIM }}
 oidc.groups.claim={{ XWIKI_OIDC_GROUPS_CLAIM }}
 oidc.groups.mapping=XWiki.XWikiAdminGroup={{ XWIKI_OIDC_ADMIN_PROVIDER_GROUP }}
 {% endif %}
-xwiki.superadminpassword={{ XWIKI_SUPERADMIN_PASSWORD }}
+
+############################################
+# Distribution Wizard
+# Disable automatic start so REST is reachable during automation
+distribution.automaticStartOnMainWiki=false
+distribution.automaticStartOnWiki=false