|Module Name||Module Owner||Peers|
|Multi-tenant WordPress "As a Service"||Logan||Tom Farrow, Tanner|
- 1 Introduction
- 2 Documentation
- 3 Roles & Responsibilities
Community Ops provides a "Wordpress-as-a-Service" for Mozilla Communities and groups.
The goals of this Wordpress-as-a-Services are:
- Each site can have an unlimited number of container based hosts
- As our nodes fill, we can easily deploy more, and automatically redeploy our containers across the nodes
- Sites can have their own plugins, and be automatically built into their own images via jenkins
- Site admins get complete control over configuration of their site
- Since we’re not depending on WPMS, things can be changed at individual site level
- Sites are containerised, one security breach won’t affect another
- All plugins are reviewed
- Security updates are are centrally managed
|tutum.co||Manages our docker nodes and containers for us. Gives us flexible choice over how to scale and arrange containers across nodes, with quick node scaling.|
|AWS EC2 / RDS||Provides infrastructure & high-speed, scalable, reliable database as a service with auto-backups.|
|MaxCDN||Speed. Chosen over CloudFront because it’s significantly quicker to deploy new sites and allows much nicer cache control.|
Gives us the containerism that makes our solution unique. Allows us to provide scalable, unrestricted sites in a more secure environment than simple vhosts.
Secret stuff is entered at deployment stage. Tutum allows us to enter environment variables during deployment
Sites requiring different plugins can each have their own docker image. We can centrally manage this.
Tutum manages our Docker cluster.
It automatically allows us to scale both containers and nodes in our cluster Currently team support is not enabled. Login details can be obtained from tad or logan
We also use Tutum as our docker registry
We use RDS.
- RDS instance: csa-wordpress-production-a.
- RDS endpoint: csa-wordpress-production-a.cokmjkgpe8nx.us-east-1.rds.amazonaws.com:3306
For security, the database is only accessible internally, and by authorized admins.
[Jenkins is not currently used but will be configured before production]
Jenkins follows this build procedure
- Clone a repo containing a Dockerfile and resources
- Checkout a specified tag
- Build a docker image
- Login to tutum registry
- Push image to tutum
Sites requiring their own custom plugins should be given a custom docker job
For monitoring, we are using JP’s OpsView [NEED URL].
Sites are configured in the CommunityIT-Production host group
Each site should be configured to use [USE WHAT?]
Deploying a new site
- (Optional) If needed, setup a new repo, containing needed resources and plugins, and configure dockerfile+jenkins
- Create a database and associated user in RDS. User should be “<sitename>”@”10.0.0.0/255.0.0.0”, and should be allocated all privileges on sitename.*.
- Create a Tutum service with 2 nodes. AWS access creds as requested can be obtained from module owner/peers. Enable published port, and set it manually.
- Configure an ELB with the following settings:
Setting Value Listeners
- 80 → port specified in tutum
- 443 → port specified in tutum
SSL Use CA signed cert for domain of site Health Check Type TCP Ping Health Check Port port specified in tutum Consecutive Checks 2 for healthy and unhealthy check VPC tutum-vpc Instances All nodes in tutum-vpc
- Point domain name at ELB
- Visit domain name and install Wordpress
- Create a MaxCDN pull distribution
- Create a CNAME for the MaxCDN distribution (sitename.cdn.mozilla-community.org)
- Configure W3TC and User Role Editor based on settings from template site (we want the MainWP cloning plugin so that we can automate this)
- Set S3 bucket to csa-wordpress and copy the rest of the settings from template site
- Set CDN Linker to the MaxCDN distribution CNAME
- Connect to MainWP
- Check everything works
Decommission a site
Take backups of RDS and S3. Delete everything you created in the deployment, and remove all images from tutum registry
- One Mozilla
Roles & Responsibilities
Community Screening is done by a Reps Council member. Any community he or she does deem not compliant will be referred for a Council vote.
Community IT & Operations
Community IT/Operations will manage the Wordpress installation and be responsible for the following:
- perform security updates & software updates
- install plugins/themes upon request after valid security review
- maintain current & up-to-date list of Wordpress sites and owners
- respond to any requests from Mozilla or Mozilla Reps with regards to hosted content
Wordpress Site Administrator
- Can administer anything within the scope of their site administration panel(s)
- Delegate permissions to other community members