I’m making an attempt an automatic set up of wordpress on my Linux VM utilizing ansible. To that finish, I’ve written this ansible piece of code that tries to imitate the official ubuntu information.
Right here is the code:
- title: "Putting in wordpress dependencies"
hosts: all
develop into: True
gather_facts: True
duties:
- title: "Replace repository"
apt:
update_cache: "sure"
- title: "Putting in necessities"
apt:
title:
- "curl"
- "php"
- "php-cli"
- "gnupg"
- "unzip"
- "mysql-server"
- "php-fpm"
- "php-mysql"
- "apache2"
- "ghostscript"
- "libapache2-mod-php"
- "php-bcmath"
- "php-curl"
- "php-imagick"
- "php-intl"
- "php-json"
- "php-mbstring"
- "php-xml"
- "php-zip"
state: current
- title: Populate service info
ansible.builtin.service_facts:
- title: Print service info
ansible.builtin.debug:
var: ansible_facts.providers
- title: "stopping nginx if operating"
service:
title: nginx
state: stopped
when: "'nginx' in ansible_facts.providers"
- title: "take away nginx if put in"
apt:
title:
- "nginx"
state: absent
- title: cease Mysql
service:
title: mysql
state: stopped
when: "'mysql' in ansible_facts.providers"
- title: cease apache2
service:
title: apache2
state: stopped
when: "'apache2' in ansible_facts.providers"
- title: Putting in wordpress by means of supply
hosts: all
develop into: True
gather_facts: False
vars:
wprootdir: "/srv/www/wordpress"
duties:
- title: checking if wp src dir exists
stat:
path: "{{ wprootdir }}"
register: dir_details
- title: delete present wordpress supply recordsdata
become_user: www-data
no_log: True
file:
#path: "{{ merchandise.path }}"
#recurse: True
path: "{{ wprootdir }}"
state: absent
#with_items: "{{ path_list.recordsdata }}"
- title: creating /var/www for wordpress supply
file:
#path: "'{{ wp-root-dir }}' + 'wordpress'"
path: "/srv/www/wordpress"
recurse: sure
state: listing
proprietor: www-data
mode: '0755'
- title: downloading and extracting wordpress supply
shell:
cmd: "curl https://wordpress.org/newest.tar.gz | sudo -u www-data tar zx -C /srv/www"
register: standing
- fail:
msg: "Unable to obtain or extract wordpress supply"
when: (standing.rc != 0)
- title: Configuring apache for wordpress
hosts: all
develop into: True
gather_facts: False
vars:
wprootdir: "/srv/www/wordpress"
wpconffile: "/and so forth/apache2/sites-available/wordpress.conf"
duties:
- title: deleting the file if it exists
file:
path: "{{ wpconffile }}"
state: absent
- title: creating wordpress conf file
file:
path: "{{ wpconffile }}"
state: contact
proprietor: www-data
- title: populating wordpress conf file
template:
src: apache2.j2
dest: "{{ wpconffile }}"
- title: enabling the location
shell:
cmd: "a2ensite wordpress"
- title: allow URL rewriting
shell:
cmd: "a2enmod rewrite"
- title: disable default "it really works" website
shell:
cmd: "a2dissite 000-default"
- title: restart apache2
service:
title: apache2
state: reloaded
- title: Configuring database
hosts: all
develop into: True
gather_facts: True
#gather_facts: sure
vars:
mysql_port: 3306
mysql_socket: /var/run/mysqld/mysqld.sock
mysql_superuser: root
mysql_superuser_home: "{% if mysql_superuser == 'root' %}/root{% else %}/dwelling/{{ mysql_superuser }}{% endif %}"
mysql_superuser_password: SuperUserPwd
mysql_wordpress_password: WordPressPwd
http_port: 80
duties:
- title: Putting in PyMySql by means of pip
pip:
title: PyMySql
state: current
- title: guarantee mysql is operating and begins on boot
service:
title: mysql
state: began
enabled: True
- title: Removes nameless consumer account for localhost
group.mysql.mysql_user:
title: ''
state: absent
login_user: root
login_password: ""
login_unix_socket: "{{ mysql_socket }}"
when: ansible_local.mysqlinfo is undefined
- title: including a password for root consumer
mysql_user:
# Replace the superuser to have all grants and a password
title: "{{ mysql_superuser }}"
host: localhost
password: "{{ mysql_superuser_password }}"
priv: "*.*:ALL,GRANT"
# Login *as root* to carry out this transformation, although you would possibly
# be altering the basis consumer itself
login_user: root
login_password: ""
login_port: "{{ mysql_port }}"
login_host: localhost
login_unix_socket: "{{ mysql_socket }}"
# As a great measure,have ansible test whether or not an implicit login
# is feasible first
check_implicit_admin: sure
when: ansible_local.mysqlinfo is undefined
- title: "Create customized reality listing"
file:
path: "/and so forth/ansible/info.d"
state: "listing"
recurse: sure
when: ansible_local.mysqlinfo is undefined
- title: "document mysql information in customized reality"
template:
src: mysqlinfo.j2
dest: /and so forth/ansible/info.d/mysqlinfo.reality
mode: 0644
when: ansible_local.mysqlinfo is undefined
- title: "re-run setup to make use of customized info"
setup:
filter: ansible_local
when: ansible_local.mysqlinfo is undefined
- debug:
msg:
- "mysqlinfo is {{ ansible_local.mysqlinfo }}"
when: ansible_local.mysqlinfo is outlined
#- title: Create system-wide mysql configuration file
#template:
#src: mysql_sys.cnf.j2
#dest: /and so forth/my.cnf
#- title: Create mysql configuration file for `{{ mysql_superuser }}`
#template:
#src: mysql_superuser.cnf.j2
#dest: "{{ mysql_superuser_home }}/.my.cnf"
- title: create database wordpress
mysql_db:
db: wordpress
state: current
login_user: "{{ ansible_local.mysqlinfo.mysql_superuser }}"
login_password: "{{ ansible_local.mysqlinfo.mysql_superuser_password }}"
login_unix_socket: "{{ mysql_socket }}"
when: ansible_local.mysqlinfo is outlined
- title: Create database consumer 'wordpress' with all database privileges
group.mysql.mysql_user:
title: wordpress
password: "{{ mysql_wordpress_password }}"
login_user: "{{ ansible_local.mysqlinfo.mysql_superuser }}"
login_password: "{{ ansible_local.mysqlinfo.mysql_superuser_password }}"
priv: '*.*:ALL'
state: current
when: ansible_local.mysqlinfo is outlined
- title: Flush privileges
mysql_query:
login_db: wordpress
login_user: "{{ ansible_local.mysqlinfo.mysql_superuser }}"
login_password: "{{ ansible_local.mysqlinfo.mysql_superuser_password }}"
login_unix_socket: "{{ mysql_socket }}"
question: FLUSH PRIVILEGES
# UFW Configuration
- title: "UFW - Enable HTTP on port {{ http_port }}"
ufw:
rule: enable
port: "{{ http_port }}"
proto: tcp
notify:
- Restart Mysql
tags: [ system ]
handlers:
- title: Restart Mysql
service:
title: mysql
state: restarted
- title: Restart Apache2
service:
title: apache2
state: restarted
- title: Configuring wordpress to hook up with the database
hosts: all
gather_facts: False
develop into: true
vars:
wpconfigfile: "/srv/www/wordpress/wp-config.php"
duties:
- title: copy pattern config to wp-config.php
#become_user: www-data
copy:
remote_src: sure
src: /srv/www/wordpress/wp-config-sample.php
dest: "{{ wpconfigfile }}"
proprietor: www-data
- title: "re-run setup to make use of customized info"
setup:
filter: ansible_local
- title: set database credentials within the config file
develop into: false
#become_user: www-data
#become_method: "su"
# a number of instructions are run like this whereas with
# single command one can use a cmd paramater
# since that is technically *not* an inventory handed to /bin/sh
# we don't want an inventory right here. As an alternative it's a collection of
# instructions being handed to /bin/sh
#shell: |
# apparently, passing this listing instantly does not appear to work
# what works is that this loop
command: "{{ merchandise }}"
with_items:
- "sudo -u www-data sed -i s/database_name_here/wordpress/ {{ wpconfigfile }}"
- "sudo -u www-data sed -i s/username_here/wordpress/ {{ wpconfigfile }}"
- "sudo -u www-data sed -i s/password_here/{{ ansible_local.mysqlinfo.mysql_wordpress_password }}/ {{ wpconfigfile }}"
- title: get random secret keys
uri:
url: https://api.wordpress.org/secret-key/1.1/salt/
return_content: sure
body_format: json
register: wordpress_keys
- debug:
var: wordpress_keys.content material
- title: delete present bak file
file:
path: "{{ wpconfigfile }}.bak"
state: absent
- title: run script to take away key placeholders
become_user: www-data
script:
chdir: /srv/www/wordpress/
cmd: replacelines.py
executable: /usr/bin/python3
atmosphere: /srv/www/wordpress/
- title: replace config file
become_user: www-data
copy:
remote_src: sure
src: "{{ wpconfigfile }}.bak"
dest: "{{ wpconfigfile }}"
- blockinfile:
path: "{{ wpconfigfile }}"
marker: // {mark} ANSIBLE MANAGED BLOCK
# having this separator right here was giving me points
#block: |
block:
"{{ wordpress_keys.content material }}"
handlers:
- title: Restart Mysql
service:
title: mysql
state: restarted
- title: Restart Apache2
service:
title: apache2
state: restarted
Related jinja2 template recordsdata are right here:
Apache2 template:
<VirtualHost *:80>
Servername {{ ansible_hostname }}
DocumentRoot "{{ wprootdir }}"
<Listing "{{ wprootdir }}">
Choices FollowSymLinks
AllowOverride Restrict Choices FileInfo
DirectoryIndex index.php
Require all granted
</Listing>
<Listing "{{ wprootdir }}/wp-content">
Choices FollowSymLinks
Require all granted
</Listing>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/entry.log mixed
</VirtualHost>
mysqlinfo template
{
"mysql_port": "{{ mysql_port }}",
"mysql_socket": "{{ mysql_socket }}",
"mysql_superuser": "{{ mysql_superuser }}",
"mysql_superuser_password": "{{ mysql_superuser_password }}",
"mysql_wordpress_password": "{{ mysql_wordpress_password }}"
}
replacelines.py script:
import re
with open("wp-config.php", "r") as wpconfig, open("wp-config.php.bak", "w") as wpconfigbak:
for line in wpconfig:
discovered = re.search(r'AUTH_KEY|SECURE_AUTH_KEY|LOGGED_IN_KEY|NONCE_KEY|AUTH_SALT|SECURE_AUTH_SALT|LOGGED_IN_SALT|NONCE_SALT', line.strip());
if (not discovered):
wpconfigbak.write(line)
else:
proceed
stock file:
[local]
localhost ansible_connection=native
With this playbook I’m able to see the wordpress touchdown web page once I open ‘localhost:80/’ on my Linux machine. Nevertheless I’m unable to get to the wordpress dashboard. I run the playbook like so: ansible-playbook -i stock SetupWordpress.yaml
To avoid wasting time, chances are you’ll use my github repo:
git clone -b WIP git@github.com:redbilledpanda/DevOpsScripts.git
cd DevOpsScripts && ansible-playbook -i stock SetupWordpress.yaml
After the playbook completes, I am going to http://localhost:80 and I’m introduced with the installer:
I fill within the particulars:
Apparently, it succeeds:
Once I attempt logging in, I do not see the dashboard. As an alternative, I by no means go previous the login display (it does not say incorrect credentials or something although):
I’m at a loss as to what am I doing improper. Eager to listen to from you of us.
UPDATE1: If I skip the half the place I generate the wordpress ‘salts’/keys it really works. I can see the dashboard and so forth. With these salts nevertheless, it simply will not get to the wordpress admin dashboard.
