From a6a1af9b6943fed11033627b4f61b1612ba64e4f Mon Sep 17 00:00:00 2001 From: georgitsenov Date: Sat, 10 Oct 2020 18:27:06 -0400 Subject: [PATCH 1/7] Commit --- .gitignore | 3 +- wordpress-nginx_rhel7/group_vars/all | 4 +-- .../roles/mariadb/tasks/main.yml | 1 + .../roles/nginx/templates/default.conf | 2 +- .../roles/php-fpm/handlers/main.yml | 2 +- .../roles/php-fpm/tasks/main.yml | 19 +++++----- .../roles/php-fpm/tasks/main.yml.bak | 21 +++++++++++ .../roles/php-fpm/templates/wordpress.conf | 2 +- .../roles/wordpress/tasks/main.yml | 35 +++++++++++++++---- .../roles/wordpress/templates/wp-config.php | 2 +- wordpress-nginx_rhel7/site.yml | 2 +- 11 files changed, 68 insertions(+), 25 deletions(-) create mode 100644 wordpress-nginx_rhel7/roles/php-fpm/tasks/main.yml.bak diff --git a/.gitignore b/.gitignore index 0dc78ba51..c2aad453a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ wordpress-nginx/hosts -.DS_Store \ No newline at end of file +wordpress-nginx_rhel7/site.retry +.DS_Store diff --git a/wordpress-nginx_rhel7/group_vars/all b/wordpress-nginx_rhel7/group_vars/all index a7aaf5a9a..0425c4fc5 100644 --- a/wordpress-nginx_rhel7/group_vars/all +++ b/wordpress-nginx_rhel7/group_vars/all @@ -1,7 +1,7 @@ --- # Variables listed here are applicable to all host groups -wp_version: 4.6 -wp_sha256sum: c1856cf969b1e73025ba2c681491908c3a4a6c5a2333f4531bf9bfb90f634380 +wp_version: 5.5.1 +wp_md5: 72c6f56b4818ffd0e6e6a4ed8f3e8d4e # MySQL settings mysqlservice: mysqld diff --git a/wordpress-nginx_rhel7/roles/mariadb/tasks/main.yml b/wordpress-nginx_rhel7/roles/mariadb/tasks/main.yml index 5f930bf8c..bdfbde42e 100644 --- a/wordpress-nginx_rhel7/roles/mariadb/tasks/main.yml +++ b/wordpress-nginx_rhel7/roles/mariadb/tasks/main.yml @@ -11,6 +11,7 @@ - name: Configure SELinux to start mysql on any port seboolean: name=mysql_connect_any state=true persistent=yes + ignore_errors: yes - name: Create Mysql configuration file template: src=my.cnf.j2 dest=/etc/my.cnf diff --git a/wordpress-nginx_rhel7/roles/nginx/templates/default.conf b/wordpress-nginx_rhel7/roles/nginx/templates/default.conf index bfa7a5105..16d37033b 100644 --- a/wordpress-nginx_rhel7/roles/nginx/templates/default.conf +++ b/wordpress-nginx_rhel7/roles/nginx/templates/default.conf @@ -23,7 +23,7 @@ server { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_index index.php; - fastcgi_pass unix:/var/run/php-fpm/wordpress.sock; + fastcgi_pass unix:/var/opt/remi/php74/run/php-fpm/wordpress.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; diff --git a/wordpress-nginx_rhel7/roles/php-fpm/handlers/main.yml b/wordpress-nginx_rhel7/roles/php-fpm/handlers/main.yml index 6a975ad85..f375cb289 100644 --- a/wordpress-nginx_rhel7/roles/php-fpm/handlers/main.yml +++ b/wordpress-nginx_rhel7/roles/php-fpm/handlers/main.yml @@ -1,3 +1,3 @@ --- - name: restart php-fpm - service: name=php-fpm state=restarted + service: name=php74-php-fpm state=restarted diff --git a/wordpress-nginx_rhel7/roles/php-fpm/tasks/main.yml b/wordpress-nginx_rhel7/roles/php-fpm/tasks/main.yml index 4778ce157..795f48f25 100644 --- a/wordpress-nginx_rhel7/roles/php-fpm/tasks/main.yml +++ b/wordpress-nginx_rhel7/roles/php-fpm/tasks/main.yml @@ -2,21 +2,20 @@ - name: Install php-fpm and deps yum: name={{ item }} state=present with_items: - - php - - php-fpm - - php-enchant + - php74 + - php74-php-fpm + - php74-php-enchant - php-IDNA_Convert - - php-mbstring - - php-mysql + - php74-php-mbstring + - php74-php-mysql - php-PHPMailer - - php-process - - php-simplepie - - php-xml + - php74-php-process + - php74-php-xml - name: Disable default pool - command: mv /etc/php-fpm.d/www.conf /etc/php-fpm.d/www.disabled creates=/etc/php-fpm.d/www.disabled + command: mv /etc/opt/remi/php74/php-fpm.d/www.conf /etc/opt/remi/php74/php-fpm.d/www.disabled creates=/etc/opt/remi/php74/php-fpm.d/www.disabled notify: restart php-fpm - name: Copy php-fpm configuration - template: src=wordpress.conf dest=/etc/php-fpm.d/ + template: src=wordpress.conf dest=/etc/opt/remi/php74/php-fpm.d/ notify: restart php-fpm diff --git a/wordpress-nginx_rhel7/roles/php-fpm/tasks/main.yml.bak b/wordpress-nginx_rhel7/roles/php-fpm/tasks/main.yml.bak new file mode 100644 index 000000000..5322a3080 --- /dev/null +++ b/wordpress-nginx_rhel7/roles/php-fpm/tasks/main.yml.bak @@ -0,0 +1,21 @@ +--- +- name: Install php-fpm and deps + yum: name={{ item }} state=present + with_items: + - php74 + - php74-php-fpm + - php74-php-enchant + - php-IDNA_Convert + - php74-php-mbstring + - php74-php-mysql + - php-PHPMailer + - php74-php-process + - php74-php-xml + +- name: Disable default pool + command: mv /etc/php-fpm.d/www.conf /etc/php-fpm.d/www.disabled creates=/etc/php-fpm.d/www.disabled + notify: restart php-fpm + +- name: Copy php-fpm configuration + template: src=wordpress.conf dest=/etc/php-fpm.d/ + notify: restart php-fpm diff --git a/wordpress-nginx_rhel7/roles/php-fpm/templates/wordpress.conf b/wordpress-nginx_rhel7/roles/php-fpm/templates/wordpress.conf index 10434c58e..bb8866ca9 100644 --- a/wordpress-nginx_rhel7/roles/php-fpm/templates/wordpress.conf +++ b/wordpress-nginx_rhel7/roles/php-fpm/templates/wordpress.conf @@ -1,5 +1,5 @@ [wordpress] -listen = /var/run/php-fpm/wordpress.sock +listen = /var/opt/remi/php74/run/php-fpm/wordpress.sock listen.owner = nginx listen.group = nginx listen.mode = 0660 diff --git a/wordpress-nginx_rhel7/roles/wordpress/tasks/main.yml b/wordpress-nginx_rhel7/roles/wordpress/tasks/main.yml index 811e69bd3..6986ad92d 100644 --- a/wordpress-nginx_rhel7/roles/wordpress/tasks/main.yml +++ b/wordpress-nginx_rhel7/roles/wordpress/tasks/main.yml @@ -1,10 +1,21 @@ --- - name: Download WordPress - get_url: url=http://wordpress.org/wordpress-{{ wp_version }}.tar.gz dest=/srv/wordpress-{{ wp_version }}.tar.gz - sha256sum="{{ wp_sha256sum }}" + get_url: + url: http://wordpress.org/wordpress-{{ wp_version }}.tar.gz + dest: /srv/wordpress-{{ wp_version }}.tar.gz + checksum: "md5:{{ wp_md5 }}" + +#- name: Create destination directory +# file: +# path: /srv/wordpress +# state: directory +# mode: '0755' - name: Extract archive - command: chdir=/srv/ /bin/tar xvf wordpress-{{ wp_version }}.tar.gz creates=/srv/wordpress + unarchive: + src: /srv/wordpress-{{ wp_version }}.tar.gz + dest: /srv + remote_src: yes - name: Add group "wordpress" group: name=wordpress @@ -13,9 +24,11 @@ user: name=wordpress group=wordpress home=/srv/wordpress/ - name: Fetch random salts for WordPress config - local_action: command curl https://api.wordpress.org/secret-key/1.1/salt/ - register: "wp_salt" - become: no + uri: + url: https://api.wordpress.org/secret-key/1.1/salt/ + return_content: yes + method: GET + register: wp_salt - name: Create WordPress database mysql_db: name={{ wp_db_name }} state=present @@ -34,27 +47,35 @@ - name: set the SELinux policy for the Wordpress directory command: semanage fcontext -a -t httpd_sys_content_t "/srv/wordpress(/.*)?" + ignore_errors: yes - name: set the SELinux policy for wp-config.php command: semanage fcontext -a -t httpd_sys_script_exec_t "/srv/wordpress/wp-config\.php" + ignore_errors: yes - name: set the SELinux policy for wp-content directory command: semanage fcontext -a -t httpd_sys_rw_content_t "/srv/wordpress/wp-content(/.*)?" + ignore_errors: yes - name: set the SELinux policy for the *.php files command: semanage fcontext -a -t httpd_sys_script_exec_t "/srv/wordpress/.*\.php" + ignore_errors: yes - name: set the SELinux policy for the Upgrade directory command: semanage fcontext -a -t httpd_sys_rw_content_t "/srv/wordpress/wp-content/upgrade(/.*)?" + ignore_errors: yes - name: set the SELinux policy for the Uploads directory command: semanage fcontext -a -t httpd_sys_rw_content_t "/srv/wordpress/wp-content/uploads(/.*)?" + ignore_errors: yes - name: set the SELinux policy for the wp-includes php files command: semanage fcontext -a -t httpd_sys_script_exec_t "/srv/wordpress/wp-includes/.*\.php" + ignore_errors: yes - name: set the SELinux on all the Files command: restorecon -Rv /srv/wordpress + ignore_errors: yes - name: Start php-fpm Service - service: name=php-fpm state=started enabled=yes + service: name=php74-php-fpm state=started enabled=yes diff --git a/wordpress-nginx_rhel7/roles/wordpress/templates/wp-config.php b/wordpress-nginx_rhel7/roles/wordpress/templates/wp-config.php index 569452054..826a770b7 100644 --- a/wordpress-nginx_rhel7/roles/wordpress/templates/wp-config.php +++ b/wordpress-nginx_rhel7/roles/wordpress/templates/wp-config.php @@ -43,7 +43,7 @@ * @since 2.6.0 */ -{{ wp_salt.stdout }} +{{ wp_salt.content }} /**#@-*/ diff --git a/wordpress-nginx_rhel7/site.yml b/wordpress-nginx_rhel7/site.yml index 501ea3803..c9d535478 100644 --- a/wordpress-nginx_rhel7/site.yml +++ b/wordpress-nginx_rhel7/site.yml @@ -9,5 +9,5 @@ - common - mariadb - nginx - - php-fpm + - {role: php-fpm, tags: php-fpm} - wordpress From e4f5b9279b46550a3b79b548603ba5ae182faffa Mon Sep 17 00:00:00 2001 From: georgitsenov Date: Sun, 11 Oct 2020 07:33:24 -0400 Subject: [PATCH 2/7] Added tags to ansible roles --- wordpress-nginx_rhel7/site.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/wordpress-nginx_rhel7/site.yml b/wordpress-nginx_rhel7/site.yml index c9d535478..f82d7c701 100644 --- a/wordpress-nginx_rhel7/site.yml +++ b/wordpress-nginx_rhel7/site.yml @@ -6,8 +6,8 @@ # sudo: yes roles: - - common - - mariadb - - nginx + - {role: common, tags: common} + - {role: mariadb, tags: mariadb} + - {role: nginx, tags: nginx} - {role: php-fpm, tags: php-fpm} - - wordpress + - {role: wordpress, tags: wordpress} From b74a5beddb341703f99634fe167e06e0e815e48c Mon Sep 17 00:00:00 2001 From: georgitsenov Date: Sun, 11 Oct 2020 07:42:20 -0400 Subject: [PATCH 3/7] Removed tags to ansible roles --- wordpress-nginx_rhel7/site.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/wordpress-nginx_rhel7/site.yml b/wordpress-nginx_rhel7/site.yml index f82d7c701..501ea3803 100644 --- a/wordpress-nginx_rhel7/site.yml +++ b/wordpress-nginx_rhel7/site.yml @@ -6,8 +6,8 @@ # sudo: yes roles: - - {role: common, tags: common} - - {role: mariadb, tags: mariadb} - - {role: nginx, tags: nginx} - - {role: php-fpm, tags: php-fpm} - - {role: wordpress, tags: wordpress} + - common + - mariadb + - nginx + - php-fpm + - wordpress From 13f8cb8d552f2aa2cccb4506a9a1156df338fe17 Mon Sep 17 00:00:00 2001 From: georgitsenov Date: Sun, 11 Oct 2020 07:57:23 -0400 Subject: [PATCH 4/7] Fixed some ansible-lint errors --- wordpress-nginx/roles/common/tasks/main.yml | 6 +++--- wordpress-nginx/roles/mysql/tasks/main.yml | 2 +- wordpress-nginx/roles/nginx/tasks/main.yml | 2 +- wordpress-nginx/roles/php-fpm/tasks/main.yml | 2 +- wordpress-nginx/roles/wordpress/tasks/main.yml | 5 +++-- 5 files changed, 9 insertions(+), 8 deletions(-) diff --git a/wordpress-nginx/roles/common/tasks/main.yml b/wordpress-nginx/roles/common/tasks/main.yml index 326c2328b..70b682578 100644 --- a/wordpress-nginx/roles/common/tasks/main.yml +++ b/wordpress-nginx/roles/common/tasks/main.yml @@ -6,11 +6,11 @@ setup: - name: Copy the EPEL repository definition - copy: src=epel.repo dest=/etc/yum.repos.d/epel.repo + copy: src=epel.repo dest=/etc/yum.repos.d/epel.repo mode='0644' - name: Create the GPG key for EPEL - copy: src=RPM-GPG-KEY-EPEL-6 dest=/etc/pki/rpm-gpg + copy: src=RPM-GPG-KEY-EPEL-6 dest=/etc/pki/rpm-gpg mode='0644' - name: Set up iptables rules - copy: src=iptables-save dest=/etc/sysconfig/iptables + copy: src=iptables-save dest=/etc/sysconfig/iptables mode='0644' notify: restart iptables diff --git a/wordpress-nginx/roles/mysql/tasks/main.yml b/wordpress-nginx/roles/mysql/tasks/main.yml index 4236c52eb..413a3dd8f 100644 --- a/wordpress-nginx/roles/mysql/tasks/main.yml +++ b/wordpress-nginx/roles/mysql/tasks/main.yml @@ -12,7 +12,7 @@ when: ansible_selinux.status == "enabled" - name: Create Mysql configuration file - template: src=my.cnf.j2 dest=/etc/my.cnf + template: src=my.cnf.j2 dest=/etc/my.cnf mode='0644' notify: - restart mysql diff --git a/wordpress-nginx/roles/nginx/tasks/main.yml b/wordpress-nginx/roles/nginx/tasks/main.yml index 569b42503..cd70b033c 100644 --- a/wordpress-nginx/roles/nginx/tasks/main.yml +++ b/wordpress-nginx/roles/nginx/tasks/main.yml @@ -3,5 +3,5 @@ yum: name=nginx state=present - name: Copy nginx configuration for wordpress - template: src=default.conf dest=/etc/nginx/conf.d/default.conf + template: src=default.conf dest=/etc/nginx/conf.d/default.conf mode='0644' notify: restart nginx diff --git a/wordpress-nginx/roles/php-fpm/tasks/main.yml b/wordpress-nginx/roles/php-fpm/tasks/main.yml index 4778ce157..25ee1cf6a 100644 --- a/wordpress-nginx/roles/php-fpm/tasks/main.yml +++ b/wordpress-nginx/roles/php-fpm/tasks/main.yml @@ -18,5 +18,5 @@ notify: restart php-fpm - name: Copy php-fpm configuration - template: src=wordpress.conf dest=/etc/php-fpm.d/ + template: src=wordpress.conf dest=/etc/php-fpm.d/ mode='0644' notify: restart php-fpm diff --git a/wordpress-nginx/roles/wordpress/tasks/main.yml b/wordpress-nginx/roles/wordpress/tasks/main.yml index 9028a89ed..e70ac28b7 100644 --- a/wordpress-nginx/roles/wordpress/tasks/main.yml +++ b/wordpress-nginx/roles/wordpress/tasks/main.yml @@ -8,6 +8,7 @@ creates: /srv/wordpress src: /srv/wordpress-{{ wp_version }}.tar.gz dest: /srv/wordpress + mode: 0644 - name: Add group "wordpress" group: name=wordpress @@ -31,10 +32,10 @@ mysql_user: name={{ wp_db_user }} password={{ wp_db_password }} priv={{ wp_db_name }}.*:ALL host='localhost' state=present - name: Copy WordPress config file - template: src=wp-config.php dest=/srv/wordpress/ + template: src=wp-config.php dest=/srv/wordpress/ mode='0644' - name: Change ownership of WordPress installation - file: path=/srv/wordpress/ owner=wordpress group=wordpress state=directory recurse=yes setype=httpd_sys_content_t + file: path=/srv/wordpress/ owner=wordpress group=wordpress state=directory recurse=yes setype=httpd_sys_content_t mode='0644' - name: Start php-fpm Service service: name=php-fpm state=started enabled=yes From aaa8ba3802c9dd6b8d0b9a1cf4e05979eda5e88e Mon Sep 17 00:00:00 2001 From: georgitsenov Date: Sun, 11 Oct 2020 08:05:13 -0400 Subject: [PATCH 5/7] Fixed some ansible-lint errors --- wordpress-nginx/roles/php-fpm/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wordpress-nginx/roles/php-fpm/tasks/main.yml b/wordpress-nginx/roles/php-fpm/tasks/main.yml index 25ee1cf6a..36d8cf7df 100644 --- a/wordpress-nginx/roles/php-fpm/tasks/main.yml +++ b/wordpress-nginx/roles/php-fpm/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: Install php-fpm and deps +- name: Install php_fpm and deps yum: name={{ item }} state=present with_items: - php From 3d4344fe8e35e191e48851f141f70e7aa7989bfa Mon Sep 17 00:00:00 2001 From: georgitsenov Date: Sun, 11 Oct 2020 08:17:15 -0400 Subject: [PATCH 6/7] Fixed some ansible-lint errors --- wordpress-nginx/roles/php-fpm/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wordpress-nginx/roles/php-fpm/tasks/main.yml b/wordpress-nginx/roles/php-fpm/tasks/main.yml index 36d8cf7df..962023c29 100644 --- a/wordpress-nginx/roles/php-fpm/tasks/main.yml +++ b/wordpress-nginx/roles/php-fpm/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: Install php_fpm and deps +- name: Install phpfpm and deps yum: name={{ item }} state=present with_items: - php From 7f4121b4e0ecfcd61f567cb6fdb283c20fbfc36f Mon Sep 17 00:00:00 2001 From: georgitsenov Date: Sun, 11 Oct 2020 08:28:09 -0400 Subject: [PATCH 7/7] Fixed some ansible-lint errors --- .../roles/phpfpm/handlers/main.yml | 3 +++ wordpress-nginx/roles/phpfpm/tasks/main.yml | 22 +++++++++++++++++++ .../roles/phpfpm/templates/wordpress.conf | 15 +++++++++++++ wordpress-nginx/site.yml | 2 +- 4 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 wordpress-nginx/roles/phpfpm/handlers/main.yml create mode 100644 wordpress-nginx/roles/phpfpm/tasks/main.yml create mode 100644 wordpress-nginx/roles/phpfpm/templates/wordpress.conf diff --git a/wordpress-nginx/roles/phpfpm/handlers/main.yml b/wordpress-nginx/roles/phpfpm/handlers/main.yml new file mode 100644 index 000000000..6a975ad85 --- /dev/null +++ b/wordpress-nginx/roles/phpfpm/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart php-fpm + service: name=php-fpm state=restarted diff --git a/wordpress-nginx/roles/phpfpm/tasks/main.yml b/wordpress-nginx/roles/phpfpm/tasks/main.yml new file mode 100644 index 000000000..962023c29 --- /dev/null +++ b/wordpress-nginx/roles/phpfpm/tasks/main.yml @@ -0,0 +1,22 @@ +--- +- name: Install phpfpm and deps + yum: name={{ item }} state=present + with_items: + - php + - php-fpm + - php-enchant + - php-IDNA_Convert + - php-mbstring + - php-mysql + - php-PHPMailer + - php-process + - php-simplepie + - php-xml + +- name: Disable default pool + command: mv /etc/php-fpm.d/www.conf /etc/php-fpm.d/www.disabled creates=/etc/php-fpm.d/www.disabled + notify: restart php-fpm + +- name: Copy php-fpm configuration + template: src=wordpress.conf dest=/etc/php-fpm.d/ mode='0644' + notify: restart php-fpm diff --git a/wordpress-nginx/roles/phpfpm/templates/wordpress.conf b/wordpress-nginx/roles/phpfpm/templates/wordpress.conf new file mode 100644 index 000000000..10434c58e --- /dev/null +++ b/wordpress-nginx/roles/phpfpm/templates/wordpress.conf @@ -0,0 +1,15 @@ +[wordpress] +listen = /var/run/php-fpm/wordpress.sock +listen.owner = nginx +listen.group = nginx +listen.mode = 0660 +user = wordpress +group = wordpress +pm = dynamic +pm.max_children = 10 +pm.start_servers = 1 +pm.min_spare_servers = 1 +pm.max_spare_servers = 3 +pm.max_requests = 500 +chdir = /srv/wordpress/ +php_admin_value[open_basedir] = /srv/wordpress/:/tmp diff --git a/wordpress-nginx/site.yml b/wordpress-nginx/site.yml index 10ff1f44f..b4872c925 100644 --- a/wordpress-nginx/site.yml +++ b/wordpress-nginx/site.yml @@ -10,5 +10,5 @@ - common - mysql - nginx - - php-fpm + - phpfpm - wordpress