Refactor ansible #78
Refactor ansible #78
Conversation
Because roles are getting centralized, the documentation needs to be updated with how and how to configure it.
For centralizing roles, Climate2030 being the most recent competition was the best candidate to base the refactoring on. The refactoring took the form of splitting out the main.yml from the mediawiki task into many main.yml files in different roles.
A lot of the configuration was inline blocks that were dumped directly into LocalSettings.php. This change separates those configurations out into their own files for easier maintenance and documentation. Issue #59: Change MediaWiki configurations to have multiple files
Clean it up so things are a bit more declarative, as well as moving the simpelsaml group config code over to the permissions, so that the separation of concerns is a bit more straightforward. Issue #62: Create security model for torque-sites Issue #64: Pluralize the names of the abstract user groups
With the ansible configuration centralized into a top level torque-sites directory (roles), the majority of the tasks main.yml and supporting files can be removed with the roles being added to the top level playbook. This required a few changes to the base pipeline: * Add composer to mediawiki install * Composer version update * Add postgres base package * Add LFC Evaluators as a known SAML group * Add pre-req installation for mediawiki Then removing all the old stuff from 100Change2017 and updating the yml file to reference the general stuff.
With the ansible configuration centralized into a top level torque-sites directory (roles), the majority of the tasks main.yml and supporting files can be removed with the roles being added to the top level playbook. This required a change to the base roles: * torquedataconnect_sheet_name can be different from the competition
With the ansible configuration centralized into a top level torque-sites directory (roles), the majority of the tasks main.yml and supporting files can be removed with the roles being added to the top level playbook. This required a change to the base roles: * Board Members from Okta are Decision Makers
With the ansible configuration centralized into a top level torque-sites directory (roles), the majority of the tasks main.yml and supporting files can be removed with the roles being added to the top level playbook.
This removes a lot of formatting that hurts printing out pages, especially those that have been heavily styled.
With the ansible configuration centralized into a top level torque-sites directory (roles), the majority of the tasks main.yml and supporting files can be removed with the roles being added to the top level playbook.
With the ansible configuration centralized into a top level torque-sites directory (roles), the majority of the tasks main.yml and supporting files can be removed with the roles being added to the top level playbook.
This brings it in line with the other competitions naming scheme.
We added this for instances where the competition name does not match the sheet, but it needed to be backported to previously done competitions.
With the ansible configuration centralized into a top level torque-sites directory (roles), the majority of the tasks main.yml and supporting files can be removed with the roles being added to the top level playbook. This required a change to the base roles: * Add rss as a base role for the RSS extension * Add api roles to ase permissions * Fill out some roles (like psuedo board member) * Add board members to okta groups we knwo about * Add login override * Respect local login flag when rebuilding the login page
| # this is different when either the competition name doesn't work as | ||
| # a sheet name (for instance, if it starts with a number), or if | ||
| # this wiki should act on a different sheet. | ||
| torquedataconnect_sheet_name: LFC100Change2017 |
There was a problem hiding this comment.
I paused for a moment on that sheet_name, of course, but now that I think about it it makes sense. Whew.
| - embed_video | ||
| - permissions | ||
| - simplefavorites | ||
| # PickSome has to come after collection so the left menu bar is correct |
There was a problem hiding this comment.
Is there some way that we could have PickSome notice whether Collection has already been loaded, so that PickSome can just raise an error if that requirement hasn't been met? It's better if the code can protect us against these things automagically, rather than us having to remember via comments, if possible.
There was a problem hiding this comment.
I can add something to our Collection config that will error if PickSome is already installed. I'll put it on my todo list, because I don't think it needs to happen in this PR.
| @@ -1,4 +1,6 @@ | |||
| --- | |||
| competition_name: lfc | |||
There was a problem hiding this comment.
What's up with this .../all/base that has variables whose values get overridden later?
There was a problem hiding this comment.
base is the configuration that can get checked in for production, so this doesn't get overridden later, as this is IS the overriding configuration. "secret" is passwords and whatnot that shouldn't be. See https://github.com/OpenTechStrategies/torque-sites/blob/main/INSTALL.md#production-installs-for-ots-only for more information.
| @@ -1,4 +1,6 @@ | |||
| --- | |||
| competition_name: lfc | |||
| torquedataconnect_sheet_name: proposals | |||
| @@ -1,4 +1,6 @@ | |||
| --- | |||
| competition_name: lfc | |||
roles/picksome/files/picksome.php
Outdated
|
|
||
| $wgLFCPickSomeEligiblePage = "TorqueConfig:ValidProposals"; | ||
|
|
||
| # This may not be performant and require caching if number of users/page hits |
There was a problem hiding this comment.
"This may not be performant, and it may require caching if number of users/page hits becomes large."
roles/picksome/files/picksome.php
Outdated
| return $text1 > $text2; | ||
| }; | ||
|
|
||
| # These are defaults for competitions, and probably will be overridden at some point |
There was a problem hiding this comment.
When you say "probably will be overridden at some point", you mean "probably will be overridden by competition-specific settings within a given competition", right?
There was a problem hiding this comment.
Yes, exactly. Updated to be more clear.
roles/simplefavorites/tasks/main.yml
Outdated
| @@ -0,0 +1,12 @@ | |||
| --- | |||
|
|
|||
| - name: Checkout SimpleFavorites | |||
| <?php | ||
|
|
||
| # When including this file, a competition needs to override $wgPluggableAuth_EnableLocalLogin | ||
| # before this file is loaded. That's because the file takes care of the local login code |
roles/teamcomments/tasks/main.yml
Outdated
| @@ -0,0 +1,19 @@ | |||
| --- | |||
|
|
|||
| - name: Checkout TeamComments | |||
There was a problem hiding this comment.
Not saying anything more about hills. Maybe I'm just receiving medical treatment on them, and there is still hope.
There was a problem hiding this comment.
I'm really tempted to leave this one, just because you were less committed to it than the others.
kfogel
force-pushed
the
main
branch
4 times, most recently
from
9fb3000 to
c26b58e
Compare
See #78 for the conversation. This is mostly to clear up some confusing comments and fix typos/grammattical errors.
|
Thanks so much for the review! I updated many things and am merging, but feel free to ping me about anything that's still unclear. (I need to merge so I can get the next competition loaded in) |
Part of the code review for #78: refactoring ansible. See #78 (comment) for more information.
See #78 for the conversation. This is mostly to clear up some confusing comments and fix typos/grammattical errors.
Part of the code review for #78: refactoring ansible. See #78 (comment) for more information.
Wow, 6100 lines of code removed! This fixes #59, #62, and #64, in a formal way, in various commits in the chain.
Go ahead and review as you like, though I'll be merging in the next few days before I upgrade mediawiki and push this all to production.