diff --git a/README.rst b/README.rst
index 5fc1f2387a20de2e577b5ed41ddb6e58068a51d9..e630b77662235848617c04d2b3817def27bd2d2d 100644
--- a/README.rst
+++ b/README.rst
@@ -1,10 +1,10 @@
ansible-wordpress
-=================
+#################
-Ansible role for installing Wordpress. It installs Nginx, PHP-FPM and MySQL
-locally. Backups of the Wordpress database and directory are done (and saved for
-7 days). Theme and plugin installation is done via the filesystem (no FTP
-access).
+Ansible role for installing Wordpress. It installs Nginx and PHP-FPM as well.
+Backups of the Wordpress installation is done daily. Theme and plugin
+installation is done via filesystem, no FTP access is provisioned. A MySQL
+account and database is created during the run.
Requirements
------------
@@ -17,37 +17,70 @@ Role Variables
::
wordpress_fqdn: {{ ansible_fqdn }} #Site FQDN.
- wordpress_force_https: False #Force SSL for site URL.
wordpress_mysql_server: #Address for the MySQL server.
+ wordpress_mysql_user: #MySQL admin username.
+ wordpress_mysql_password: #MySQL admin password.
+
Dependencies
------------
-None.
+`Common role <https://www.shore.co.il/cgit/ansible-common/>`_
+`Nginx role <https://www.shore.co.il/cgit/ansible-nginx/>`_
+
Example Playbook
----------------
-
::
- - hosts: servers
+ - hosts: wordpress01
roles:
- - wordpress
+ - role: mysql
+ mysql_admin_password: qwerty123
+ - role: wordpress
+ wordpress_fqdn: blog.example.com
+ wordpress_password: pa55w0rd
+ wordpress_mysql_server: localhost
+ wordpress_mysql_admin_user: admin
+ wordpress_mysql_admin_password: qwerty123
+
+Example requirements.yml
+------------------------
+::
+
+ - src: https://www.shore.co.il/cgit/ansible-common
+ scm: git
+ path: roles/
+ name: common
+ - src: https://www.shore.co.il/cgit/ansible-mysql
+ scm: git
+ path: roles/
+ name: mysql
+ - src: https://www.shore.co.il/cgit/ansible-nginx
+ scm: git
+ path: roles/
+ name: nginx
+ - src: https://www.shore.co.il/cgit/ansible-wordpress
+ scm: git
+ path: roles/
+ name: wordpress
License
-------
-MIT
+This software is licnesed under the MIT licese (see the ``LICENSE.txt`` file).
Author Information
------------------
-Nimrod Adar.
+Nimrod Adar, `contact me <nimrod@shore.co.il>`_ or visit my `website
+<https://www.shore.co.il/>`_. Patches are welcome via `git send-email
+<http://git-scm.com/book/en/v2/Git-Commands-Email>`_. The repository is located
+at: https://www.shore.co.il/cgit/.
TODO
-****
+----
-- dhparams https://weakdh.org/sysadmin.html.
-- HTTPS (same as phpLDAPadmin in ldap role).
-- Add random password to MySQL account.
-- Syslog, metrics.
+- Depend on Nginx and common roles
+- Use new MySQL admin account.
+- Enforce TLS on MySQL connection
diff --git a/defaults/main.yml b/defaults/main.yml
index fb9a4463951d79f4a254df968954b98589848720..2824819a06c263d6b06ddf30d48bef7b9f05bed2 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,5 +2,8 @@
# defaults file for wordpress
wordpress_fqdn: '{{ ansible_fqdn }}'
-wordpress_force_https: False
+wordpress_password:
wordpress_mysql_server: localhost
+wordpress_delegate_mysql:
+wordpress_mysql_user:
+wordpress_mysql_password:
diff --git a/meta/main.yml b/meta/main.yml
index a9d7affd73d542a5cad058c4898b5cbfd28d3971..27dc5dffdfe1ba6f1207a89238d7e255b7a1cc36 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -4,11 +4,13 @@ galaxy_info:
description: Wordpress role. For more information read the README file.
company: Shore technologies
license: MIT
- min_ansible_version: 1.2
+ min_ansible_version: 1.9
platforms:
- name: Debian
versions:
- jessie
categories:
- web
-dependencies: []
+dependencies:
+- role: nginx
+- role: common
diff --git a/tasks/main.yml b/tasks/main.yml
index 8c1ea328ded624a993db97e85751a960eb96ae42..45796a0c9ad311a458267db0f7e6b5b399685fea 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -8,12 +8,32 @@
update_cache: yes
cache_valid_time: 3600
with_items:
- - nginx-light
- php5-fpm
- php5-cli
- php5-mysql
- php5-gd
- cron
+ - python-mysqldb
+
+- name: Create MySQL database
+ mysql_db:
+ login_user: '{{ wordpress_mysql_user }}'
+ login_password: '{{ wordpress_mysql_password }}'
+ login_host: '{{ wordpress_mysql_server }}'
+ collation: utf8_general_ci
+ encoding: utf8
+ name: wordpress
+ state: present
+
+- name: Create MySQL account
+ mysql_user:
+ login_user: '{{ wordpress_mysql_user }}'
+ login_password: '{{ wordpress_mysql_password }}'
+ login_host: '{{ wordpress_mysql_server }}'
+ name: wordpress
+ password: '{{ wordpress_password }}'
+ priv: 'wordpress.*:SELECT,INSERT,UPDATE,DELETE,CREATE,INDEX,REQUIRESSL'
+ state: present
- name: Get tarball
get_url:
@@ -57,13 +77,6 @@
group: root
mode: '0755'
-- name: Disable default Nginx site
- file:
- path: /etc/nginx/sites-enabled/default
- state: absent
- notify:
- - Restart Nginx
-
- name: Add Wordpress site to Nginx
template:
src: wordpress.j2
diff --git a/templates/wordpress.j2 b/templates/wordpress.j2
index ab3ab0f18e64cbf1696358c1b2a8fa965328dafb..3347052e6087c2126546915cda1c20ff8459b2ff 100644
--- a/templates/wordpress.j2
+++ b/templates/wordpress.j2
@@ -1,6 +1,7 @@
server {
- listen 80 default_server;
- listen [::]:80 default_server;
+ listen 443 default_server;
+ listen [::]:443 default_server;
+ ssl on;
root /var/www/wordpress;
index index.html index.htm index.php;
server_name _;
diff --git a/templates/wp-config.php.j2 b/templates/wp-config.php.j2
index 835c930b22251dc79472bf05fb20dac329dbe8a0..c2b1bbafeac0c790987444ccde5cf249984ed644 100644
--- a/templates/wp-config.php.j2
+++ b/templates/wp-config.php.j2
@@ -26,10 +26,10 @@ define('DB_NAME', 'wordpress');
define('DB_USER', 'wordpress');
/** MySQL database password */
-define('DB_PASSWORD', 'wordpress');
+define('DB_PASSWORD', '{{ wordpress_password }}');
/** MySQL hostname */
-define('DB_HOST', 'localhost');
+define('DB_HOST', '{{ wordpress_mysql_server }}');
/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');
@@ -57,9 +57,6 @@ define('NONCE_SALT', 'put your unique phrase here');
define('FS_METHOD', 'direct');
define('WP_HOME', '{{ wordpress_fqdn }}');
define('WP_SITEURL', '{{ wordpress_fqdn }}');
-{% if wordpress_force_https %}
-$_SERVER['HTTPS']='on';
-{% endif %}
/**#@-*/