Browse Source

Merge pull request #13 from FOSSRIT/improve/ansible-playbooks-wordpress

Add inventory; fix WordPress role to successfully complete
pull/4/head
Justin W. Flory 3 years ago
committed by GitHub
parent
commit
798cc65ad2
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 104 additions and 61 deletions
  1. +3
    -0
      ansible.cfg
  2. +8
    -0
      inventory/inventory
  3. +18
    -11
      playbooks/wordpress-stack-install.yml
  4. +4
    -4
      roles/mariadb/tasks/main.yml
  5. +70
    -45
      roles/wordpress/tasks/main.yml
  6. +1
    -1
      roles/wordpress/templates/wp-config.php

+ 3
- 0
ansible.cfg View File

@ -0,0 +1,3 @@
[defaults]
inventory = inventory/inventory
roles_path = roles/

+ 8
- 0
inventory/inventory View File

@ -0,0 +1,8 @@
estrella.justinwflory.com
fossrit.jwf.io
[staging]
estrella
[wordpress-server]
fossrit

+ 18
- 11
playbooks/wordpress-stack-install.yml View File

@ -1,16 +1,23 @@
---
- name: Install MariaDB, nginx, PHP-FPM, and WordPress
- name: install MariaDB, nginx, PHP-FPM, and WordPress
hosts: all
become: yes
vars:
wp_db_name: wordpress-foss-magic
wp_db_password: 'What is a more secure way to manage passwords in a public playbook?'
wp_db_user: wordpress-admin
roles:
- ../roles/common-centos/7
- ../roles/mariadb
- ../roles/nginx
- ../roles/php-fpm
- ../roles/wordpress
- common-centos/7
- mariadb
- nginx
- php-fpm
- role: wordpress
# Disable All Updates
# By default automatic updates are enabled, set this value to true to
# disable all automatic updates
auto_up_disable: false
# Define Core Update Level
# true = Development, minor, and major updates are all enabled
# false = Development, minor, and major updates are all disabled
# minor = Minor updates are enabled, major updates are disabled
core_update_level: true
wp_db_name: wordpress-foss-magic
wp_db_password: 'What is a secure way to manage passwords in public infrastructure?'
wp_db_user: wordpress-admin

+ 4
- 4
roles/mariadb/tasks/main.yml View File

@ -3,15 +3,15 @@
- name: remove older versions of conflicting packages
package:
state: absent
name:
- mariadb-libs
state: absent
- name: install MariaDB
package:
state: present
name:
- mariadb101u-server
state: present
- name: copy MySQL configuration file
template:
@ -28,7 +28,7 @@
group: mysql
mode: 0644
- name: start MariaDB service
- name: start and enable MariaDB service
service:
name: mariadb
state: started
@ -37,6 +37,6 @@
- name: add MariaDB firewalld rule
firewalld:
service: mysql
permanent: true
state: enabled
immediate: yes
permanent: true

+ 70
- 45
roles/wordpress/tasks/main.yml View File

@ -1,60 +1,85 @@
---
- name: Download WordPress
get_url: url=http://wordpress.org/wordpress-{{ wp_version }}.tar.gz dest=/srv/wordpress-{{ wp_version }}.tar.gz
sha256sum="{{ wp_sha256sum }}"
- name: Extract archive
command: chdir=/srv/ /bin/tar xvf wordpress-{{ wp_version }}.tar.gz creates=/srv/wordpress
- name: Add group "wordpress"
group: name=wordpress
- name: Add user "wordpress"
user: name=wordpress group=wordpress home=/srv/wordpress/
- name: Fetch random salts for WordPress config
local_action: command curl https://api.wordpress.org/secret-key/1.1/salt/
register: "wp_salt"
become: no
- name: Create WordPress database
- name: install dependencies and SELinux tools
package:
state: present
name:
- MySQL-python
- libselinux-python
- policycoreutils-python
- name: create web server directory
file:
state: directory
path: /var/www
- name: download and extract archive
unarchive:
creates: /var/www/wordpress/
dest: /var/www/
remote_src: yes
src: https://wordpress.org/latest.tar.gz
- name: add group "wordpress"
group:
name: wordpress
- name: add user "wordpress"
user:
name: wordpress
group: wordpress
home: /var/www/wordpress/
- name: register random salts for WordPress config
register: wp_salt
uri:
return_content: yes
url: https://api.wordpress.org/secret-key/1.1/salt/
- name: create WordPress database
mysql_db: name={{ wp_db_name }} state=present
- name: Create WordPress database user
- name: create WordPress database user
mysql_user: name={{ wp_db_user }} password={{ wp_db_password }} priv={{ wp_db_name }}.*:ALL host='localhost' state=present
- name: Copy WordPress config file
template: src=wp-config.php dest=/srv/wordpress/
- name: Change ownership of WordPress installation
file: path=/srv/wordpress/ owner=wordpress group=wordpress state=directory recurse=yes
- name: copy WordPress config file
template:
src: wp-config.php
dest: /var/www/wordpress/
- name: install SEManage
yum: pkg=policycoreutils-python state=present
- name: change ownership of WordPress installation
file:
path: /var/www/wordpress/
owner: wordpress
group: wordpress
state: directory
recurse: yes
- name: set the SELinux policy for the Wordpress directory
command: semanage fcontext -a -t httpd_sys_content_t "/srv/wordpress(/.*)?"
- name: set SELinux policy for Wordpress directory
command: semanage fcontext -a -t httpd_sys_content_t "/var/www/wordpress(/.*)?"
- name: set the SELinux policy for wp-config.php
command: semanage fcontext -a -t httpd_sys_script_exec_t "/srv/wordpress/wp-config\.php"
- name: set SELinux policy for wp-config.php
command: semanage fcontext -a -t httpd_sys_script_exec_t "/var/www/wordpress/wp-config\.php"
- name: set the SELinux policy for wp-content directory
command: semanage fcontext -a -t httpd_sys_rw_content_t "/srv/wordpress/wp-content(/.*)?"
- name: set SELinux policy for wp-content directory
command: semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/wordpress/wp-content(/.*)?"
- name: set the SELinux policy for the *.php files
command: semanage fcontext -a -t httpd_sys_script_exec_t "/srv/wordpress/.*\.php"
- name: set SELinux policy for PHP files
command: semanage fcontext -a -t httpd_sys_script_exec_t "/var/www/wordpress/.*\.php"
- name: set the SELinux policy for the Upgrade directory
command: semanage fcontext -a -t httpd_sys_rw_content_t "/srv/wordpress/wp-content/upgrade(/.*)?"
- name: set SELinux policy for upgrade/ directory
command: semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/wordpress/wp-content/upgrade(/.*)?"
- name: set the SELinux policy for the Uploads directory
command: semanage fcontext -a -t httpd_sys_rw_content_t "/srv/wordpress/wp-content/uploads(/.*)?"
- name: set SELinux policy for uploads/ directory
command: semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/wordpress/wp-content/uploads(/.*)?"
- name: set the SELinux policy for the wp-includes php files
command: semanage fcontext -a -t httpd_sys_script_exec_t "/srv/wordpress/wp-includes/.*\.php"
- name: set SELinux policy for wp-includes PHP files
command: semanage fcontext -a -t httpd_sys_script_exec_t "/var/www/wordpress/wp-includes/.*\.php"
- name: set the SELinux on all the Files
command: restorecon -Rv /srv/wordpress
- name: set SELinux on all files
command: restorecon -Rv /var/www/wordpress
- name: Start php-fpm Service
service: name=php-fpm state=started enabled=yes
- name: start php-fpm service
service:
name: php-fpm
state: started
enabled: yes

+ 1
- 1
roles/wordpress/templates/wp-config.php View File

@ -43,7 +43,7 @@ define('DB_COLLATE', '');
* @since 2.6.0
*/
{{ wp_salt.stdout }}
{{ wp_salt['content'] }}
/**#@-*/

Loading…
Cancel
Save