kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-09-14 14:26:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix XWiki automation bootstrap:

Browse Source 
- Accept HTTP 302 (Distribution Wizard redirects) in REST readiness and extension checks
- Treat 302 as missing admin user during bootstrap
- Move superadmin password to xwiki.cfg (correct location)
- Disable automatic Distribution Wizard start in xwiki.properties
- Standardize run_once includes for postgres, cdn, and xwiki roles

See: https://chatgpt.com/share/68c3a67b-80b4-800f-8a90-ebdcd4abb86c
This commit is contained in:
Kevin Veen-Birkenbach
2025-09-12 06:50:24 +02:00
parent 2d71c461de
commit b7a7be4737
7 changed files with 25 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/svc-db-postgres/tasks/01_core.yml
View File

@@ -25,3 +25,5 @@
community.general.pacman: community.general.pacman:
name: python-psycopg2 name: python-psycopg2
state: present state: present
- include_tasks: utils/run_once.yml

1
roles/svc-db-postgres/tasks/main.yml
View File

@@ -1,6 +1,5 @@
- block: - block:
- include_tasks: 01_core.yml - include_tasks: 01_core.yml
- include_tasks: utils/run_once.yml
vars: vars:
# Force the flush of the pg handler on the first run # Force the flush of the pg handler on the first run
flush_handlers: true flush_handlers: true

1
roles/sys-svc-cdn/tasks/01_core.yml
View File

@@ -27,4 +27,5 @@
group: "{{ NGINX.USER }}" group: "{{ NGINX.USER }}"
mode: "0755" mode: "0755"
loop: "{{ CDN_DIRS_GLOBAL }}" loop: "{{ CDN_DIRS_GLOBAL }}"
- include_tasks: utils/run_once.yml - include_tasks: utils/run_once.yml

6
roles/web-app-xwiki/tasks/01_core.yml
View File

@@ -22,7 +22,7 @@
- name: "Wait until XWiki REST is ready" - name: "Wait until XWiki REST is ready"
uri: uri:
url: "http://127.0.0.1:{{ XWIKI_HOST_PORT }}/xwiki/rest/" url: "http://127.0.0.1:{{ XWIKI_HOST_PORT }}/xwiki/rest/"
status_code: [200, 401] status_code: [200, 401, 302]
return_content: no return_content: no
register: xwiki_rest_up register: xwiki_rest_up
retries: 60 retries: 60
@@ -38,7 +38,7 @@
user: "{{ XWIKI_ADMIN_USER }}" user: "{{ XWIKI_ADMIN_USER }}"
password: "{{ XWIKI_ADMIN_PASS }}" password: "{{ XWIKI_ADMIN_PASS }}"
force_basic_auth: yes force_basic_auth: yes
status_code: [200,404] status_code: [200, 404, 302]
register: xwiki_oidc_ext register: xwiki_oidc_ext
when: XWIKI_OIDC_ENABLED | bool when: XWIKI_OIDC_ENABLED | bool
@@ -49,7 +49,7 @@
user: "{{ XWIKI_ADMIN_USER }}" user: "{{ XWIKI_ADMIN_USER }}"
password: "{{ XWIKI_ADMIN_PASS }}" password: "{{ XWIKI_ADMIN_PASS }}"
force_basic_auth: yes force_basic_auth: yes
status_code: [200,404] status_code: [200, 404, 302]
register: xwiki_ldap_ext register: xwiki_ldap_ext
when: XWIKI_LDAP_ENABLED | bool when: XWIKI_LDAP_ENABLED | bool

13
roles/web-app-xwiki/tasks/02_bootstrap_admin.yml
View File

@@ -1,15 +1,16 @@
--- ---
# Wait until REST endpoint is available (01_core usually ensures this, but we add safety) # Wait until REST endpoint is available (01_core usually ensures this, but add safety)
- name: "XWIKI | Wait until REST answers" - name: "XWIKI | Wait until REST answers"
uri: uri:
url: "http://127.0.0.1:{{ XWIKI_HOST_PORT }}/xwiki/rest/" url: "http://127.0.0.1:{{ XWIKI_HOST_PORT }}/xwiki/rest/"
status_code: [200,401] status_code: [200, 401]
register: _rest_ping register: _rest_ping
retries: 60 retries: 60
delay: 5 delay: 5
until: _rest_ping is succeeded until: _rest_ping is succeeded
# Check if the target admin already exists (404 = missing) # Check if the target admin already exists
# 404 => missing, 302 => DW redirect (treat as missing for bootstrap)
- name: "XWIKI | Check if target admin user exists" - name: "XWIKI | Check if target admin user exists"
uri: uri:
url: "{{ XWIKI_REST_GENERAL }}/users/{{ XWIKI_ADMIN_USER | urlencode }}" url: "{{ XWIKI_REST_GENERAL }}/users/{{ XWIKI_ADMIN_USER | urlencode }}"
@@ -17,10 +18,10 @@
user: "{{ XWIKI_SUPERADMIN_USERNAME }}" user: "{{ XWIKI_SUPERADMIN_USERNAME }}"
password: "{{ XWIKI_SUPERADMIN_PASSWORD }}" password: "{{ XWIKI_SUPERADMIN_PASSWORD }}"
force_basic_auth: true force_basic_auth: true
status_code: [200,404] status_code: [200, 404, 302]
register: _admin_exists register: _admin_exists
# Create admin user if not existing # Create admin user if not existing (or DW still redirecting)
- name: "XWIKI | Create admin user via REST" - name: "XWIKI | Create admin user via REST"
uri: uri:
url: "{{ XWIKI_REST_GENERAL }}/users" url: "{{ XWIKI_REST_GENERAL }}/users"
@@ -39,4 +40,4 @@
<username>{{ XWIKI_ADMIN_USER }}</username> <username>{{ XWIKI_ADMIN_USER }}</username>
<password>{{ XWIKI_ADMIN_PASS }}</password> <password>{{ XWIKI_ADMIN_PASS }}</password>
</user> </user>
when: _admin_exists.status == 404 when: _admin_exists.status in [404, 302]

3
roles/web-app-xwiki/templates/xwiki.cfg.j2
View File

@@ -18,3 +18,6 @@ xwiki.authentication.ldap.update_user=1
# Fallback: Native XWiki Auth # Fallback: Native XWiki Auth
# xwiki.authentication.authclass=com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl # xwiki.authentication.authclass=com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl
{% endif %} {% endif %}
# ---- Superadmin must live in xwiki.cfg (not in xwiki.properties)
xwiki.superadminpassword={{ XWIKI_SUPERADMIN_PASSWORD }}

7
roles/web-app-xwiki/templates/xwiki.properties.j2
View File

@@ -14,4 +14,9 @@ oidc.userinfoclaims={{ XWIKI_OIDC_GROUPS_CLAIM }}
oidc.groups.claim={{ XWIKI_OIDC_GROUPS_CLAIM }} oidc.groups.claim={{ XWIKI_OIDC_GROUPS_CLAIM }}
oidc.groups.mapping=XWiki.XWikiAdminGroup={{ XWIKI_OIDC_ADMIN_PROVIDER_GROUP }} oidc.groups.mapping=XWiki.XWikiAdminGroup={{ XWIKI_OIDC_ADMIN_PROVIDER_GROUP }}
{% endif %} {% endif %}
xwiki.superadminpassword={{ XWIKI_SUPERADMIN_PASSWORD }}
############################################
# Distribution Wizard
# Disable automatic start so REST is reachable during automation
distribution.automaticStartOnMainWiki=false
distribution.automaticStartOnWiki=false