oidc.php: autologin/localLogin templated via vars; optionally disable wgPasswordAttemptThrottle when 'web-svc-logout' present
vars: set defaults (AUTOLOGIN=true, LOCALLOGIN=false); use path_join/url_join for clean paths/URLs
Context: https://chatgpt.com/share/68caaf41-d098-800f-beb0-a473ff08c9c5
- Added 'plugins' section in config/main.yml to declare enabled extensions in a structured way
- Introduced new static file 'files/extension_installer_b64.groovy' that decodes Base64 JSON of requested plugins
- Simplified 04_extensions.yml: now builds installer code from static file and removed hardcoded OIDC/LDAP checks
- Dropped redundant XWIKI_EXT_* variables in vars/main.yml
- Added XWIKI_PLUGINS fact to collect enabled plugin items from config/main.yml
This refactor makes extension installation more generic, easier to unit test, and extendable beyond OIDC/LDAP.
See: https://chatgpt.com/share/68ca25e3-cbc4-800f-a45e-2b152369811a
The task 'XWIKI | Execute installer page' now uses:
- timeout: 300 (allow up to 5 min per request)
- retries: 20
- delay: 15
- until: condition
This prevents early failures during the first Distribution Wizard bootstrap when hundreds of extensions are still being installed.
Context: https://chatgpt.com/share/68ca0f18-2124-800f-a70d-df1811966107
Replace REST jobs flow with services.extension.install executed from a transient XWiki.InstallExtensions page.
- Build wishlist from Ansible vars; print machine-readable markers; assert success.
- Execute from XWiki space; delete page afterwards; fix delete changed_when.
- Use Jinja raw + indent for clean macro embedding.
https://chatgpt.com/share/68c9ebf5-f5e0-800f-9b80-372b4b31e772
- Added 'xwiki.superadmin=1' alongside the password in 'xwiki.cfg' to properly activate the superadmin account during bootstrap.
- Simplified 'xwiki.properties': Distribution Wizard config is now always present instead of conditional on the superadmin switch.
- Ensures that the Distribution Wizard ('distribution.wizard.enabled=true') and flavor bootstrap run automatically on first startup.
- This fixes the issue where REST endpoints (/rest/jobs, /repositories) stayed at 404 because the DW never executed.
Ref: https://chat.openai.com/share/7a5d58d2-8e91-4e34-8fa0-8b7d62494e4a
- Added 'xwiki.superadmin=1' alongside the password in 'xwiki.cfg' to properly activate the superadmin account during bootstrap.
- Simplified 'xwiki.properties': Distribution Wizard config is now always present instead of conditional on the superadmin switch.
- Ensures that the Distribution Wizard ('distribution.wizard.enabled=true') and flavor bootstrap run automatically on first startup.
- This fixes the issue where REST endpoints (/rest/jobs, /repositories) stayed at 404 because the DW never executed.
Ref: https://chat.openai.com/share/7a5d58d2-8e91-4e34-8fa0-8b7d62494e4a
- Replace custom <request> with class='org.xwiki.extension.job.InstallRequest'
- Use loop over extensions_to_install to build <extensionId> list
- Move namespace into <namespaces><string>wiki:xwiki</string>
- Remove unused <id>/<jobType> from root
- Ensure installDependencies, interactive, verbose inside request
- Fixes issue where server echoed <rest><list/> instead of actual extensions
Changed repository definition from 'maven:xwiki-public ...' to 'xwiki-public:maven:...'
so that the XWiki Extension Manager can correctly register Maven repositories.
This resolves the 'Unsupported repository type [central]' error and allows OIDC extension installation.
Details: https://chatgpt.com/share/68c42c4f-fda4-800f-a003-c16bcc9bd2a3
• Guard admin tasks via XWIKI_SSO_ENABLED
• Create admin using XWikiUsers object API
• Wait for REST without DW redirect
• Install OIDC/LDAP via /rest/jobs (+verify)
• Mount xwiki.cfg/properties under Tomcat WEB-INF
• Build REST URLs with url_join; enable DW auto bootstrap + repos
https://chatgpt.com/share/68c42502-a5cc-800f-b05a-a1dbe48f014d
- Accept HTTP 302 (Distribution Wizard redirects) in REST readiness and extension checks
- Treat 302 as missing admin user during bootstrap
- Move superadmin password to xwiki.cfg (correct location)
- Disable automatic Distribution Wizard start in xwiki.properties
- Standardize run_once includes for postgres, cdn, and xwiki roles
See: https://chatgpt.com/share/68c3a67b-80b4-800f-8a90-ebdcd4abb86c
- Added schema entry for superadminpassword
- Added vars for XWIKI_SUPERADMIN_USERNAME/PASSWORD
- Extended xwiki.properties.j2 to configure superadminpassword
- Added 02_bootstrap_admin.yml to create XWiki admin via REST using SuperAdmin
- Updated REST URLs to use XWIKI_REST_GENERAL
- Enabled CSP flag unsafe-inline
Conversation: https://chatgpt.com/share/68c39ddb-e9cc-800f-b32f-9d4c1e09e43e
This update introduces apex (@) A and optional AAAA records for all base SLD domains.
The tasks were moved into a new 02_apex.yml file and are looped using
SYS_SVC_DNS_BASE_DOMAINS. CAA record loops were updated accordingly.
See details: https://chatgpt.com/share/68c385c3-1804-800f-8c78-8614bc853f77
- Add 03_patch_settings.yml to sync $wgServer/$wgCanonicalServer, DB vars, and language
- Use single-quoted PHP strings with proper escaping; idempotent grep guards
- Wire task into main.yml; rename 03_admin→04_admin and 04_extensions→05_extensions
Ref: https://chatgpt.com/share/68c3649a-e830-800f-a059-fc8eda8f76bb
Rename filter parent_build_records→wildcard_records; create only wildcard (*.parent) A/AAAA records (no base/apex); switch to CURRENT_PLAY_DOMAINS_ALL; update vars to SYN_DNS_WILDCARD_RECORDS; adjust role/task names, defaults, and docs; add unittest expecting *.a.b from www.a.b.example.com. See: https://chatgpt.com/share/68c35dc1-7170-800f-8fbe-772e61780597
Updated tests/integration/test_vars_usage_in_yaml.py:
- Variables immediately followed by '(' are now treated as function calls,
not as set variables. This prevents false errors.
- Fixed detection of redirect_domain_mappings so it is no longer flagged
as unused.
See: https://chatgpt.com/share/68c3542d-f44c-800f-a483-b3e43739f315
Introduce sys-svc-dns to bootstrap Cloudflare DNS prerequisites. Validates CLOUDFLARE_API_TOKEN, (optionally) manages CAA for base SLDs, and delegates parent record creation to sys-dns-parent-hosts. Wired into sys-stk-front-pure.
sys-dns-parent-hosts: new parent_dns filter builds A/AAAA for each parent host and wildcard children (*.parent). Supports dict/list inputs for CURRENT_PLAY_DOMAINS, optional IPv6, proxied flag, and optional *.apex. Exposes a single parent_build_records entry point.
Let’s Encrypt role cleanup: remove DNS/C AA management from sys-svc-letsencrypt; it now focuses on webroot challenge config and renew timer. Fixed path joins and run_once guards.
Tests: update unit tests to allow wildcard outputs and dict-based CURRENT_PLAY_DOMAINS. Add generate_base_sld_domains filter. Documentation updates for both roles.
Conversation: https://chatgpt.com/share/68c342f7-d20c-800f-b61f-cefeebcf1cd8
