Ansible Wordpress Install

stacksofplates

So to go along with @Dashrender's post https://mangolassi.it/topic/15420/installing-wordpress-on-fedora-25-minimal-install, I made an Ansible "role" that sets up Wordpress. I put role in quotes because this really should be separate roles for each service (mariadb, apache, firewalld, etc). This also isn't idempotent because it doesn't create a my.cnf file for the db credentials (and I'm too lazy to set that up). The role automatically grabs the API stuff from Wordpress and fills it in for the wp-config file. Here's the files needed (I pulled most of the commends out of the apache config to save space):

tasks/main.yml:

---
# tasks file for wordpress
- name: install dependencies
  package:
    name:
      - httpd 
      - mariadb 
      - mariadb-server 
      - php 
      - php-pdo_mysql 
      - php-xml 
      - php-gd 
      - wget 
      - nano
      - policycoreutils-python
      - MySQL-python
    state: installed

- name: create wordpress dir
  file:
    path: "/var/www/html/{{ domain }}"
    state: directory
    owner: apache
    group: apache
    mode: 0755

- name: get wordpress
  unarchive:
    src: https://wordpress.org/latest.tar.gz
    dest: /var/www/html/{{ domain }}
    extra_opts: --strip=1
    remote_src: yes
    owner: apache
    group: apache
  notify: get API information

- name: start mariadb
  service:
    name: mariadb
    state: started
    enabled: true

- name: create database
  mysql_db:
    name: "wp_{{ domain }}_db"
    state: present

- name: create database user
  mysql_user:
    name: "{{ db_user }}"
    password: "{{ db_pass }}"
    priv: '{{ db_name }}.*:ALL,GRANT'
  notify: secure mariadb

- name: run API handler now
  meta: flush_handlers

- name: set mariadb root password
  mysql_user:
    name: root
    password: "{{ root_db_pass }}"

- name: copy template
  template:
    src: wp-config.j2
    dest: /var/www/html/{{ domain }}/wp-config.php

- name: copy httpd template
  template:
    src: httpd.j2
    dest: /etc/httpd/conf/httpd.conf
    owner: root
    group: root
    mode: 0644

- name: start httpd
  service:
    name: httpd
    state: started
    enabled: true

- name: ensure firewalld is running
  service:
    name: firewalld
    state: started
    enabled: true

- name: open firewall services
  firewalld:
    service: "{{ item }}"
    permanent: true
    state: enabled
    immediate: true
  with_items:
    - https
    - http

handlers/main.yml:

---
# handlers file for wordpress
- name: get API information
  uri: 
    url: "https://api.wordpress.org/secret-key/1.1/salt/"
    return_content: yes
  register: api_info

- name: secure mariadb
  command: 'mysql -ne "{{ item }}"'
  with_items:
    - DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
    - DELETE FROM mysql.user WHERE User='';
    - DROP DATABASE test;
    - FLUSH PRIVILEGES;

templates/wp-config.j2:

<?php
/**
 * The base configuration for WordPress
 *
 * The wp-config.php creation script uses this file during the
 * installation. You don't have to use the web site, you can
 * copy this file to "wp-config.php" and fill in the values.
 *
 * This file contains the following configurations:
 *
 * * MySQL settings
 * * Secret keys
 * * Database table prefix
 * * ABSPATH
 *
 * @link https://codex.wordpress.org/Editing_wp-config.php
 *
 * @package WordPress
 */

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', '{{ db_name }}');

/** MySQL database username */
define('DB_USER', '{{ db_user }}');

/** MySQL database password */
define('DB_PASSWORD', '{{ db_pass }}');

/** MySQL hostname */
define('DB_HOST', 'localhost');

/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');

/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');

/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
{{ api_info.content }}

/**#@-*/

/**
 * WordPress Database Table prefix.
 *
 * You can have multiple installations in one database if you give each
 * a unique prefix. Only numbers, letters, and underscores please!
 */
$table_prefix  = 'wp_';

/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 *
 * For information on other constants that can be used for debugging,
 * visit the Codex.
 *
 * @link https://codex.wordpress.org/Debugging_in_WordPress
 */
define('WP_DEBUG', false);

/* That's all, stop editing! Happy blogging. */

/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
	define('ABSPATH', dirname(__FILE__) . '/');

/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');

templates/httpd.j2

ServerRoot "/etc/httpd"

#Listen 12.34.56.78:80
Listen 80


Include conf.modules.d/*.conf


User apache
Group apache


ServerAdmin root@localhost


#ServerName www.example.com:80


<Directory />
    AllowOverride none
    Require all denied
</Directory>


DocumentRoot "/var/www/html/{{ domain }}"


<Directory "/var/www">
    AllowOverride None
    # Allow open access:
    Require all granted
</Directory>


<Directory "/var/www/html/{{ domain }}">
 
    Options Indexes FollowSymLinks


    AllowOverride None


    Require all granted
</Directory>


<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>


<Files ".ht*">
    Require all denied
</Files>


ErrorLog "logs/error_log"


LogLevel warn

<IfModule log_config_module>

    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>



    CustomLog "logs/access_log" combined
</IfModule>

<IfModule alias_module>

    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

</IfModule>


<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

<IfModule mime_module>

    TypesConfig /etc/mime.types


    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
</IfModule>


AddDefaultCharset UTF-8

<IfModule mime_magic_module>

    MIMEMagicFile conf/magic
</IfModule>



EnableSendfile on


IncludeOptional conf.d/*.conf

tests/test.yml:

---
- hosts: all
  become: true
  vars:
    - db_pass: password
    - db_user: wpuser
    - domain: example
    - db_name: wp_{{ domain }}_db
    - root_db_pass: password

  roles:
    - ../../wordpress

Vagrantfile:

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|

  config.vm.box = "centos/7"

  config.vm.define "wordpress"
  config.vm.hostname = "wordpress.example.com"

  config.vm.provision "ansible" do |ansible|
    ansible.playbook = "tests/test.yml"
    ansible.groups = {
      "webservers" => ["wordpress"]
    }
  end

end

masterarts

Great