Added role for wordpress

a3ed3989 · Robin Sonnabend · 0c171271 · a3ed3989 · a3ed3989 · a3ed3989
Commit a3ed3989 authored Jan 20, 2016 by Robin Sonnabend
--- a/wordpress/defaults/main.yml
+++ b/wordpress/defaults/main.yml
+---
+# file: roles/wordpress/defaults/main.yml
+
+wordpress_web_root: /var/www
+
+wordpress_name: wordpress
+
+wordpress_user: wordpress
+wordpress_group: wordpress
+
+wordpress_dbtype: mysql
+wordpress_dbhost: localhost
+wordpress_dbislocal: yes
+wordpress_dbname: "{{ wordpress_name }}"
+wordpress_dbuser: "{{ wordpress_name }}"
+wordpress_dbpassword: 
--- a/wordpress/handlers/main.yml
+++ b/wordpress/handlers/main.yml
+---
+# file: roles/wordpress/handlers/main.yml
+
+- name: reload systemd service files
+  command: systemctl daemon-reload
+
+- name: "restart uwsgi for {{ wordpress_name }}"
+  service: "name=wordpress-{{ wordpress_name }} enabled=yes"
+  service: "name=wordpress-{{ wordpress_name }} state=restarted"
+
+- name: create tmpfiles
+  shell: systemd-tmpfiles --create
--- a/wordpress/meta/main.yml
+++ b/wordpress/meta/main.yml
+---
+# file: roles/wordpress/meta/main.yml
+
+dependencies:
+  - { role: uwsgi-php }
+  - { role: mysql }
--- a/wordpress/tasks/main.yml
+++ b/wordpress/tasks/main.yml
+---
+# file: roles/wordpress/tasks/main.yml
+
+- name: ensure packages for wordpress are installed
+  apt: name={{ item }} state=latest install_recommends=no
+  with_items:
+    - wordpress
+    - aufs-tools
+  tags:
+    - packages
+    - wordpress
+
+- name: "ensure group for {{ wordpress_name }} exists"
+  group:
+    name: "{{ wordpress_user }}"
+    state: present
+    system: yes
+  tags:
+    - users
+    - config
+    - wordpress
+
+- name: "ensure user for {{ wordpress_name }} exists"
+  user:
+    name: "{{ wordpress_user }}"
+    group: "{{ wordpress_group }}"
+    state: present
+    system: yes
+    shell: /usr/bin/nologin
+    home: "{{ wordpress_web_root }}"
+    createhome: no
+  tags:
+    - users
+    - config
+    - wordpress
+
+- name: "ensure the wordpress folders for {{ wordpress_name }} exists"
+  file:
+    state: directory
+    mode: "u=rx,g=rx,o="
+    owner: "{{ wordpress_user }}"
+    group: "www-data"
+    path: "{{ wordpress_web_root }}/{{ item }}"
+  with_items:
+    - "{{ wordpress_name }}-files"
+    - "{{ wordpress_name }}"
+  tags:
+    - config
+    - wordpress
+
+- name: "ensure local folders without write permissions for {{ wordpress_name }} exist"
+  file:
+    state: directory
+    mode: "u=rx,g=rx,o="
+    owner: "{{ wordpress_user }}"
+    group: "www-data"
+    path: "{{ wordpress_web_root }}/{{ wordpress_name }}-files/{{ item }}"
+  with_items:
+    - wp-content
+  tags:
+    - config
+    - wordpress
+
+- name: "ensure local folders with write permissions for {{ wordpress_name }} exist"
+  file:
+    state: directory
+    mode: "u=rwx,g=rwx,o="
+    owner: "{{ wordpress_user }}"
+    group: "www-data"
+    path: "{{ wordpress_web_root }}/{{ wordpress_name }}-files/{{ item }}"
+  with_items:
+    - wp-content/blogs.dir
+    - wp-content/uploads
+    - wp-content/plugins
+    - wp-content/themes
+  tags:
+    - config
+    - wordpress
+
+- name: "ensure the directories for {{ wordpress_name }} are mounted above each other"
+  mount:
+    state: mounted
+    fstype: aufs
+    name: "{{ wordpress_web_root }}/{{ wordpress_name }}/"
+    opts: "br={{ wordpress_web_root }}/{{ wordpress_name }}-files/:/usr/share/wordpress udba=reval"
+    src: none
+  tags:
+    - mount
+    - config
+    - wordpress
+
+- name: "ensure temporary directories for {{ wordpress_name }} exist"
+  lineinfile:
+    dest: "/etc/tmpfiles.d/10-wordpress-{{ wordpress_name }}.conf"
+    line: "d /run/uwsgi/app/wordpress-{{ wordpress_name }} 0775 {{ wordpress_user }} {{ wordpress_group }} - -"
+    create: yes
+  notify:
+  - create tmpfiles
+  tags:
+    - config
+    - wordpress
+
+- name: "ensure the config for {{ wordpress_name }} exists"
+  template:
+    src: wp-config.php.j2
+    dest: "{{ wordpress_web_root }}/{{ wordpress_name }}-files/wp-config.php"
+  tags:
+    - config
+    - wordpress
+
+- name: "get randomness for secrets for {{ wordpress_name }}"
+  set_fact:
+    wordpress_secrets_1: "{{ (2**2048)|random }}"
+    wordpress_secrets_2: "{{ (2**2048)|random }}"
+    wordpress_secrets_3: "{{ (2**2048)|random }}"
+    wordpress_secrets_4: "{{ (2**2048)|random }}"
+    wordpress_secrets_5: "{{ (2**2048)|random }}"
+    wordpress_secrets_6: "{{ (2**2048)|random }}"
+    wordpress_secrets_7: "{{ (2**2048)|random }}"
+    wordpress_secrets_8: "{{ (2**2048)|random }}"
+
+- name: "ensure the secrets for {{ wordpress_name }} exist"
+  template:
+    src: secrets.php.j2
+    dest: "{{ wordpress_web_root }}/{{ wordpress_name }}-files/secrets.php"
+    force: no
+  tags:
+    - config
+    - wordpress
+
+- include: mysql.yml
+
+- name: "ensure the uwsgi.ini for {{ wordpress_name }} exists"
+  template:
+    src: wordpress.ini.j2
+    dest: "/etc/uwsgi/apps-available/wordpress-{{ wordpress_name }}.ini"
+  notify:
+    - "restart uwsgi for {{ wordpress_name }}"
+  tags:
+    - config
+    - wordpress
+
+- name: "ensure the unit file for {{ wordpress_name }} exists"
+  template:
+    src: wordpress.service.j2
+    dest: "/etc/systemd/system/wordpress-{{ wordpress_name }}.service"
+  notify:
+    - reload systemd service files
+    - "restart uwsgi for {{ wordpress_name }}"
+  tags:
+    - config
+    - wordpress
+    - service
+  
+- name: "ensure the service for {{ wordpress_name }} is running"
+  service:
+    name: "wordpress-{{ wordpress_name }}"
+    state: running
+    enabled: yes
+  tags:
+    - config
+    - wordpress
+    - service
--- a/wordpress/tasks/mysql.yml
+++ b/wordpress/tasks/mysql.yml
+---
+# file: roles/wordpress/tasks/mysql.yml
+
+- name: "ensure php can talk with mysql"
+  apt: name=php5-mysql state=latest
+  tags:
+    - packages
+    - mysql
+    - wordpress
+
+- name: "get database password for {{ wordpress_name }}"
+  local_action: "shell PASSWORD_STORE_DIR=$FSMPI_PASSWORD_STORE_DIR pass db/{{ wordpress_dbhost }}-{{ wordpress_dbtype }} | head -n 1"
+  register: wordpress_db_login_password
+  tags:
+    - config
+    - wordpress
+    - pass
+
+- name: "ensure the database for {{ wordpress_name }} exists"
+  mysql_db:
+    name: "{{ wordpress_dbname }}"
+    state: present
+    login_user: root
+    login_password: "{{ wordpress_db_login_password.stdout }}"
+  tags:
+    - mysql
+    - config
+    - wordpress
+
+- debug: var=wordpress_dbpassword
+
+- name: "ensure the database user for {{ wordpress_name }} exists"
+  mysql_user:
+    name: "{{ wordpress_dbuser }}"
+    password: "{{ wordpress_dbpassword }}"
+    state: present
+    login_user: root
+    login_password: "{{ wordpress_db_login_password.stdout }}"
+    priv: "{{ wordpress_dbname }}.*:ALL"
+  tags:
+    - mysql
+    - config
+    - wordpress
+
--- a/wordpress/templates/secrets.php.j2
+++ b/wordpress/templates/secrets.php.j2
+<?php
+define('AUTH_KEY',         '{{ wordpress_secrets_1 }}');
+define('SECURE_AUTH_KEY',  '{{ wordpress_secrets_2 }}');
+define('LOGGED_IN_KEY',    '{{ wordpress_secrets_3 }}');
+define('NONCE_KEY',        '{{ wordpress_secrets_4 }}');
+define('AUTH_SALT',        '{{ wordpress_secrets_5 }}');
+define('SECURE_AUTH_SALT', '{{ wordpress_secrets_6 }}');
+define('LOGGED_IN_SALT',   '{{ wordpress_secrets_7 }}');
+define('NONCE_SALT',       '{{ wordpress_secrets_8 }}');
+?>
--- a/wordpress/templates/wordpress.ini.j2
+++ b/wordpress/templates/wordpress.ini.j2
+[uwsgi]
+uwsgi-socket = /run/uwsgi/app/wordpress-{{ wordpress_name }}/wordpress-{{ wordpress_name }}.sock
+chmod-socket = 660
+chown-socket = {{ wordpress_user }}:www-data
+autoload = 
+master = 
+processes = 4
+workers = 4
+prio = -5
+harakiri = 5
+chdir = {{ wordpress_web_root }}/{{ wordpress_name }}
+uid = {{ wordpress_user }}
+gid = {{ wordpress_group }}
+logto = /var/log/uwsgi-wordpress-{{ wordpress_name }}.log
+logfile-chown = {{ wordpress_user }}:{{ wordpress_group }}
+logfile-chmod = 664
+log-date = 
+log-4xx = 
+log-5xx = 
+log-x-forwarded-for = 
+plugin = php
+php-index = index.php
--- a/wordpress/templates/wordpress.service.j2
+++ b/wordpress/templates/wordpress.service.j2
+[Unit]
+Description=WordPress {{ wordpress_name }} forwarded by uwsgi
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/apps-available/wordpress-{{ wordpress_name }}.ini
+Restart=always
+KillSignal=SIGQUIT
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=multi-user.target
--- a/wordpress/templates/wp-config.php.j2
+++ b/wordpress/templates/wp-config.php.j2
+<?php
+define('DB_NAME', '{{ wordpress_dbname }}');
+
+define('DB_USER', '{{ wordpress_dbuser }}');
+
+define('DB_PASSWORD', '{{ wordpress_dbpassword }}');
+
+define('DB_HOST', '{% if wordpress_dbislocal %}localhost{% else %}{{ wordpress_dbhost }}{% endif %}');
+
+define('DB_CHARSET', 'utf8');
+
+define('DB_COLLATE', '');
+
+$_SERVER["HTTP_HOST"] = $_SERVER["HTTP_X_FORWARDED_HOST"];
+$_SERVER["HTTPS"] = "on";
+
+require_once('secrets.php');
+
+$table_prefix  = '{{ wordpress_name }}_';
+
+define('ABSPATH', '{{ wordpress_web_root }}/{{ wordpress_name }}/');
+
+require_once(ABSPATH . 'wp-settings.php');
+?>