- Updated README, TODO list.

- Depend on common and Nginx roles (WIP). - Use the admin account from the MySQL role (WIP). - Always use HTTPS (WIP), removed force_https variable.

- Updated README, TODO list.
55b6356e · nimrod · 1f5556d2 · 55b6356e · 55b6356e · 55b6356e
Commit 55b6356e authored 9 years ago by nimrod
--- a/README.rst
+++ b/README.rst
 ansible-wordpress
-=================
+#################

-Ansible role for installing Wordpress. It installs Nginx, PHP-FPM and MySQL
-locally. Backups of the Wordpress database and directory are done (and saved for
-7 days). Theme and plugin installation is done via the filesystem (no FTP
-access).
+Ansible role for installing Wordpress. It installs Nginx and PHP-FPM as well.
+Backups of the Wordpress installation is done daily. Theme and plugin
+installation is done via filesystem, no FTP access is provisioned. A MySQL
+account and database is created during the run.

 Requirements
 ------------
@@ -17,37 +17,70 @@ Role Variables
 ::

    wordpress_fqdn: {{ ansible_fqdn }} #Site FQDN.
-    wordpress_force_https: False #Force SSL for site URL.
    wordpress_mysql_server: #Address for the MySQL server.
+    wordpress_mysql_user: #MySQL admin username.
+    wordpress_mysql_password: #MySQL admin password.
+

 Dependencies
 ------------

-None.
+`Common role <https://www.shore.co.il/cgit/ansible-common/>`_
+`Nginx role <https://www.shore.co.il/cgit/ansible-nginx/>`_
+

 Example Playbook
 ----------------
-
 ::

-    - hosts: servers
+    - hosts: wordpress01
      roles:
-         - wordpress
+      - role: mysql
+        mysql_admin_password: qwerty123
+      - role: wordpress
+        wordpress_fqdn: blog.example.com
+        wordpress_password: pa55w0rd
+        wordpress_mysql_server: localhost
+        wordpress_mysql_admin_user: admin
+        wordpress_mysql_admin_password: qwerty123
+
+Example requirements.yml
+------------------------
+::
+
+    - src: https://www.shore.co.il/cgit/ansible-common
+      scm: git
+      path: roles/
+      name: common
+    - src: https://www.shore.co.il/cgit/ansible-mysql
+      scm: git
+      path: roles/
+      name: mysql
+    - src: https://www.shore.co.il/cgit/ansible-nginx
+      scm: git
+      path: roles/
+      name: nginx
+    - src: https://www.shore.co.il/cgit/ansible-wordpress
+      scm: git
+      path: roles/
+      name: wordpress

 License
 -------

-MIT
+This software is licnesed under the MIT licese (see the ``LICENSE.txt`` file).

 Author Information
 ------------------

-Nimrod Adar.
+Nimrod Adar, `contact me <nimrod@shore.co.il>`_ or visit my `website
+<https://www.shore.co.il/>`_. Patches are welcome via `git send-email
+<http://git-scm.com/book/en/v2/Git-Commands-Email>`_. The repository is located
+at: https://www.shore.co.il/cgit/.

 TODO
-****
+----

- dhparams https://weakdh.org/sysadmin.html.
- HTTPS (same as phpLDAPadmin in ldap role).
- Add random password to MySQL account.
- Syslog, metrics.
+- Depend on Nginx and common roles
+- Use new MySQL admin account.
+- Enforce TLS on MySQL connection
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,5 +2,8 @@
 # defaults file for wordpress

 wordpress_fqdn: '{{ ansible_fqdn }}'
-wordpress_force_https: False
+wordpress_password:
 wordpress_mysql_server: localhost
+wordpress_delegate_mysql:
+wordpress_mysql_user:
+wordpress_mysql_password:
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -4,11 +4,13 @@ galaxy_info:
  description: Wordpress role. For more information read the README file.
  company: Shore technologies
  license: MIT
-  min_ansible_version: 1.2
+  min_ansible_version: 1.9
  platforms:
  - name: Debian
    versions:
    - jessie
  categories:
    - web
-dependencies: []
+dependencies:
+- role: nginx
+- role: common
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -8,12 +8,32 @@
    update_cache: yes
    cache_valid_time: 3600
  with_items:
-    - nginx-light
    - php5-fpm
    - php5-cli
    - php5-mysql
    - php5-gd
    - cron
+    - python-mysqldb
+
+- name: Create MySQL database
+  mysql_db:
+    login_user: '{{ wordpress_mysql_user }}'
+    login_password: '{{ wordpress_mysql_password }}'
+    login_host: '{{ wordpress_mysql_server }}'
+    collation: utf8_general_ci
+    encoding: utf8
+    name: wordpress
+    state: present
+
+- name: Create MySQL account
+  mysql_user:
+    login_user: '{{ wordpress_mysql_user }}'
+    login_password: '{{ wordpress_mysql_password }}'
+    login_host: '{{ wordpress_mysql_server }}'
+    name: wordpress
+    password: '{{ wordpress_password }}'
+    priv: 'wordpress.*:SELECT,INSERT,UPDATE,DELETE,CREATE,INDEX,REQUIRESSL'
+    state: present

 - name: Get tarball
  get_url:
@@ -57,13 +77,6 @@
    group: root
    mode: '0755'

- name: Disable default Nginx site
-  file:
-    path: /etc/nginx/sites-enabled/default
-    state: absent
-  notify:
-    - Restart Nginx
-
 - name: Add Wordpress site to Nginx
  template:
    src: wordpress.j2

--- a/templates/wordpress.j2
+++ b/templates/wordpress.j2
 server {
-        listen 80 default_server;
-        listen [::]:80 default_server;
+        listen 443 default_server;
+        listen [::]:443 default_server;
+        ssl on;
        root /var/www/wordpress;
        index index.html index.htm index.php;
        server_name _;

--- a/templates/wp-config.php.j2
+++ b/templates/wp-config.php.j2
@@ -26,10 +26,10 @@ define('DB_NAME', 'wordpress');
 define('DB_USER', 'wordpress');

 /** MySQL database password */
-define('DB_PASSWORD', 'wordpress');
+define('DB_PASSWORD', '{{ wordpress_password }}');

 /** MySQL hostname */
-define('DB_HOST', 'localhost');
+define('DB_HOST', '{{ wordpress_mysql_server }}');

 /** Database Charset to use in creating database tables. */
 define('DB_CHARSET', 'utf8');
@@ -57,9 +57,6 @@ define('NONCE_SALT',       'put your unique phrase here');
 define('FS_METHOD', 'direct');
 define('WP_HOME', '{{ wordpress_fqdn }}');
 define('WP_SITEURL', '{{ wordpress_fqdn }}');
-{% if wordpress_force_https %}
-$_SERVER['HTTPS']='on';
-{% endif %}

 /**#@-*/