IT/Community/WG/WPaaS

From MozillaWiki
< IT‎ | Community
Jump to: navigation, search
Module Name Module Owner Peers
Multi-tenant WordPress "As a Service" Logan Tom Farrow, Tanner


Introduction

Community Ops provides a "Wordpress-as-a-Service" for Mozilla Communities and groups.

The goals of this Wordpress-as-a-Services are:

  • Scaleable
    • Each site can have an unlimited number of container based hosts
    • As our nodes fill, we can easily deploy more, and automatically redeploy our containers across the nodes
  • Flexible
    • Sites can have their own plugins, and be automatically built into their own images via jenkins
    • Site admins get complete control over configuration of their site
    • Since we’re not depending on WPMS, things can be changed at individual site level
  • Security
    • Sites are containerised, one security breach won’t affect another
    • All plugins are reviewed
    • Security updates are are centrally managed

Documentation

Tooling

Tool Description/Usage
tutum.co Manages our docker nodes and containers for us. Gives us flexible choice over how to scale and arrange containers across nodes, with quick node scaling.
AWS EC2 / RDS Provides infrastructure & high-speed, scalable, reliable database as a service with auto-backups.
MaxCDN Speed. Chosen over CloudFront because it’s significantly quicker to deploy new sites and allows much nicer cache control.
Docker

Gives us the containerism that makes our solution unique. Allows us to provide scalable, unrestricted sites in a more secure environment than simple vhosts.

Docker

Our docker image is based on the tutum scalable image but with simple changes that make it useful for us.

Secret stuff is entered at deployment stage. Tutum allows us to enter environment variables during deployment

Sites requiring different plugins can each have their own docker image. We can centrally manage this.

Tutum

Tutum manages our Docker cluster.

It automatically allows us to scale both containers and nodes in our cluster Currently team support is not enabled. Login details can be obtained from tad or logan

We also use Tutum as our docker registry

Database

We use RDS.

  • RDS instance: csa-wordpress-production-a.
  • RDS endpoint: csa-wordpress-production-a.cokmjkgpe8nx.us-east-1.rds.amazonaws.com:3306

For security, the database is only accessible internally, and by authorized admins.

Jenkins

[Jenkins is not currently used but will be configured before production]

Jenkins follows this build procedure

  1. Clone a repo containing a Dockerfile and resources
  2. Checkout a specified tag
  3. Build a docker image
  4. Login to tutum registry
  5. Push image to tutum

Sites requiring their own custom plugins should be given a custom docker job

Monitoring

For monitoring, we are using JP’s OpsView [NEED URL].

Sites are configured in the CommunityIT-Production host group

Each site should be configured to use [USE WHAT?]

Deploying a new site

  1. (Optional) If needed, setup a new repo, containing needed resources and plugins, and configure dockerfile+jenkins
  2. Create a database and associated user in RDS. User should be “<sitename>”@”10.0.0.0/255.0.0.0”, and should be allocated all privileges on sitename.*.
  3. Create a Tutum service with 2 nodes. AWS access creds as requested can be obtained from module owner/peers. Enable published port, and set it manually.
  4. Configure an ELB with the following settings:
    Setting Value
    Listeners
    • 80 → port specified in tutum
    • 443 → port specified in tutum
    SSL Use CA signed cert for domain of site
    Health Check Type TCP Ping
    Health Check Port port specified in tutum
    Consecutive Checks 2 for healthy and unhealthy check
    VPC tutum-vpc
    Instances All nodes in tutum-vpc
  5. Point domain name at ELB
  6. Visit domain name and install Wordpress
  7. Create a MaxCDN pull distribution
  8. Create a CNAME for the MaxCDN distribution (sitename.cdn.mozilla-community.org)
  9. Configure W3TC and User Role Editor based on settings from template site (we want the MainWP cloning plugin so that we can automate this)
  10. Set S3 bucket to csa-wordpress and copy the rest of the settings from template site
  11. Set CDN Linker to the MaxCDN distribution CNAME
  12. Connect to MainWP
  13. Check everything works

Decommission a site

Take backups of RDS and S3. Delete everything you created in the deployment, and remove all images from tutum registry

Themes

  • One Mozilla

New Sites

Technical Workflow

Adding a site to wordpress - technical workflow.png

Non-Technical Workflow

Adding a site to wordpress - non technical workflow.png

Roles & Responsibilities

Draft-template-image.png THIS PAGE IS A WORKING DRAFT Pencil-emoji U270F-gray.png
The page may be difficult to navigate, and some information on its subject might be incomplete and/or evolving rapidly.
If you have any questions or ideas, please add them as a new topic on the discussion page.

Mozilla Reps

Community Screening is done by a Reps Council member. Any community he or she does deem not compliant will be referred for a Council vote.

Community IT & Operations

Community IT/Operations will manage the Wordpress installation and be responsible for the following:

  • perform security updates & software updates
  • install plugins/themes upon request after valid security review
  • maintain current & up-to-date list of Wordpress sites and owners
  • respond to any requests from Mozilla or Mozilla Reps with regards to hosted content

Wordpress Site Administrator

  • Can administer anything within the scope of their site administration panel(s)
  • Delegate permissions to other community members