From 55b6356eebb06909489b0e8e60a385e3b8ed988f Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Sat, 12 Dec 2015 17:12:45 +0200
Subject: [PATCH] - Updated README, TODO list. - Depend on common and Nginx
 roles (WIP). - Use the admin account from the MySQL role (WIP). - Always use
 HTTPS (WIP), removed force_https variable.

---
 README.rst                 | 67 ++++++++++++++++++++++++++++----------
 defaults/main.yml          |  5 ++-
 meta/main.yml              |  6 ++--
 tasks/main.yml             | 29 ++++++++++++-----
 templates/wordpress.j2     |  5 +--
 templates/wp-config.php.j2 |  7 ++--
 6 files changed, 84 insertions(+), 35 deletions(-)

diff --git a/README.rst b/README.rst
index 5fc1f23..e630b77 100644
--- a/README.rst
+++ b/README.rst
@@ -1,10 +1,10 @@
 ansible-wordpress
-=================
+#################
 
-Ansible role for installing Wordpress. It installs Nginx, PHP-FPM and MySQL
-locally. Backups of the Wordpress database and directory are done (and saved for
-7 days). Theme and plugin installation is done via the filesystem (no FTP
-access).
+Ansible role for installing Wordpress. It installs Nginx and PHP-FPM as well.
+Backups of the Wordpress installation is done daily. Theme and plugin
+installation is done via filesystem, no FTP access is provisioned. A MySQL
+account and database is created during the run.
 
 Requirements
 ------------
@@ -17,37 +17,70 @@ Role Variables
 ::
 
     wordpress_fqdn: {{ ansible_fqdn }} #Site FQDN.
-    wordpress_force_https: False #Force SSL for site URL.
     wordpress_mysql_server: #Address for the MySQL server.
+    wordpress_mysql_user: #MySQL admin username.
+    wordpress_mysql_password: #MySQL admin password.
+
 
 Dependencies
 ------------
 
-None.
+`Common role <https://www.shore.co.il/cgit/ansible-common/>`_
+`Nginx role <https://www.shore.co.il/cgit/ansible-nginx/>`_
+
 
 Example Playbook
 ----------------
-
 ::
 
-    - hosts: servers
+    - hosts: wordpress01
       roles:
-         - wordpress
+      - role: mysql
+        mysql_admin_password: qwerty123
+      - role: wordpress
+        wordpress_fqdn: blog.example.com
+        wordpress_password: pa55w0rd
+        wordpress_mysql_server: localhost
+        wordpress_mysql_admin_user: admin
+        wordpress_mysql_admin_password: qwerty123
+
+Example requirements.yml
+------------------------
+::
+
+    - src: https://www.shore.co.il/cgit/ansible-common
+      scm: git
+      path: roles/
+      name: common
+    - src: https://www.shore.co.il/cgit/ansible-mysql
+      scm: git
+      path: roles/
+      name: mysql
+    - src: https://www.shore.co.il/cgit/ansible-nginx
+      scm: git
+      path: roles/
+      name: nginx
+    - src: https://www.shore.co.il/cgit/ansible-wordpress
+      scm: git
+      path: roles/
+      name: wordpress
 
 License
 -------
 
-MIT
+This software is licnesed under the MIT licese (see the ``LICENSE.txt`` file).
 
 Author Information
 ------------------
 
-Nimrod Adar.
+Nimrod Adar, `contact me <nimrod@shore.co.il>`_ or visit my `website
+<https://www.shore.co.il/>`_. Patches are welcome via `git send-email
+<http://git-scm.com/book/en/v2/Git-Commands-Email>`_. The repository is located
+at: https://www.shore.co.il/cgit/.
 
 TODO
-****
+----
 
-- dhparams https://weakdh.org/sysadmin.html.
-- HTTPS (same as phpLDAPadmin in ldap role).
-- Add random password to MySQL account.
-- Syslog, metrics.
+- Depend on Nginx and common roles
+- Use new MySQL admin account.
+- Enforce TLS on MySQL connection
diff --git a/defaults/main.yml b/defaults/main.yml
index fb9a446..2824819 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,5 +2,8 @@
 # defaults file for wordpress
 
 wordpress_fqdn: '{{ ansible_fqdn }}'
-wordpress_force_https: False
+wordpress_password:
 wordpress_mysql_server: localhost
+wordpress_delegate_mysql:
+wordpress_mysql_user:
+wordpress_mysql_password:
diff --git a/meta/main.yml b/meta/main.yml
index a9d7aff..27dc5df 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -4,11 +4,13 @@ galaxy_info:
   description: Wordpress role. For more information read the README file.
   company: Shore technologies
   license: MIT
-  min_ansible_version: 1.2
+  min_ansible_version: 1.9
   platforms:
   - name: Debian
     versions:
     - jessie
   categories:
     - web
-dependencies: []
+dependencies:
+- role: nginx
+- role: common
diff --git a/tasks/main.yml b/tasks/main.yml
index 8c1ea32..45796a0 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -8,12 +8,32 @@
     update_cache: yes
     cache_valid_time: 3600
   with_items:
-    - nginx-light
     - php5-fpm
     - php5-cli
     - php5-mysql
     - php5-gd
     - cron
+    - python-mysqldb
+
+- name: Create MySQL database
+  mysql_db:
+    login_user: '{{ wordpress_mysql_user }}'
+    login_password: '{{ wordpress_mysql_password }}'
+    login_host: '{{ wordpress_mysql_server }}'
+    collation: utf8_general_ci
+    encoding: utf8
+    name: wordpress
+    state: present
+
+- name: Create MySQL account
+  mysql_user:
+    login_user: '{{ wordpress_mysql_user }}'
+    login_password: '{{ wordpress_mysql_password }}'
+    login_host: '{{ wordpress_mysql_server }}'
+    name: wordpress
+    password: '{{ wordpress_password }}'
+    priv: 'wordpress.*:SELECT,INSERT,UPDATE,DELETE,CREATE,INDEX,REQUIRESSL'
+    state: present
 
 - name: Get tarball
   get_url:
@@ -57,13 +77,6 @@
     group: root
     mode: '0755'
 
-- name: Disable default Nginx site
-  file:
-    path: /etc/nginx/sites-enabled/default
-    state: absent
-  notify:
-    - Restart Nginx
-
 - name: Add Wordpress site to Nginx
   template:
     src: wordpress.j2
diff --git a/templates/wordpress.j2 b/templates/wordpress.j2
index ab3ab0f..3347052 100644
--- a/templates/wordpress.j2
+++ b/templates/wordpress.j2
@@ -1,6 +1,7 @@
 server {
-        listen 80 default_server;
-        listen [::]:80 default_server;
+        listen 443 default_server;
+        listen [::]:443 default_server;
+        ssl on;
         root /var/www/wordpress;
         index index.html index.htm index.php;
         server_name _;
diff --git a/templates/wp-config.php.j2 b/templates/wp-config.php.j2
index 835c930..c2b1bba 100644
--- a/templates/wp-config.php.j2
+++ b/templates/wp-config.php.j2
@@ -26,10 +26,10 @@ define('DB_NAME', 'wordpress');
 define('DB_USER', 'wordpress');
 
 /** MySQL database password */
-define('DB_PASSWORD', 'wordpress');
+define('DB_PASSWORD', '{{ wordpress_password }}');
 
 /** MySQL hostname */
-define('DB_HOST', 'localhost');
+define('DB_HOST', '{{ wordpress_mysql_server }}');
 
 /** Database Charset to use in creating database tables. */
 define('DB_CHARSET', 'utf8');
@@ -57,9 +57,6 @@ define('NONCE_SALT',       'put your unique phrase here');
 define('FS_METHOD', 'direct');
 define('WP_HOME', '{{ wordpress_fqdn }}');
 define('WP_SITEURL', '{{ wordpress_fqdn }}');
-{% if wordpress_force_https %}
-$_SERVER['HTTPS']='on';
-{% endif %}
 
 /**#@-*/
 
-- 
GitLab