From 68668e05076bfe02514fd2fd64060f6d44cf90ca Mon Sep 17 00:00:00 2001 From: Simon Bachenberg Date: Fri, 15 Mar 2024 12:40:25 +0100 Subject: [PATCH 1/3] linter --- .../roles/wordpress/tasks/main.yml | 139 ++++++++++++------ .../{wp-config.php => wp-config.php.j2} | 0 2 files changed, 95 insertions(+), 44 deletions(-) rename wordpress-nginx_rhel7/roles/wordpress/templates/{wp-config.php => wp-config.php.j2} (100%) diff --git a/wordpress-nginx_rhel7/roles/wordpress/tasks/main.yml b/wordpress-nginx_rhel7/roles/wordpress/tasks/main.yml index 811e69bd3..65f0b50be 100644 --- a/wordpress-nginx_rhel7/roles/wordpress/tasks/main.yml +++ b/wordpress-nginx_rhel7/roles/wordpress/tasks/main.yml @@ -1,60 +1,111 @@ --- -- name: Download WordPress - get_url: url=http://wordpress.org/wordpress-{{ wp_version }}.tar.gz dest=/srv/wordpress-{{ wp_version }}.tar.gz - sha256sum="{{ wp_sha256sum }}" - -- name: Extract archive - command: chdir=/srv/ /bin/tar xvf wordpress-{{ wp_version }}.tar.gz creates=/srv/wordpress - - name: Add group "wordpress" - group: name=wordpress + ansible.builtin.group: + name: wordpress - name: Add user "wordpress" - user: name=wordpress group=wordpress home=/srv/wordpress/ + ansible.builtin.user: + name: wordpress + group: wordpress + home: /srv/wordpress/ + +- name: Download & Extract WordPress + ansible.builtin.unarchive: + src: "http://wordpress.org/wordpress-{{ wp_version }}.tar.gz" + dest: /srv/wordpress + owner: wordpress + group: wordpress + mode: u=rwX,g=rwX,o=rX + remote_src: true - name: Fetch random salts for WordPress config - local_action: command curl https://api.wordpress.org/secret-key/1.1/salt/ - register: "wp_salt" - become: no + ansible.builtin.uri: + url: https://api.wordpress.org/secret-key/1.1/salt/ + delegate_to: localhost + register: wp_salt + become: false - name: Create WordPress database - mysql_db: name={{ wp_db_name }} state=present + community.mysql.mysql_db: + name: "{{ wp_db_name }}" + state: present - name: Create WordPress database user - mysql_user: name={{ wp_db_user }} password={{ wp_db_password }} priv={{ wp_db_name }}.*:ALL host='localhost' state=present + community.mysql.mysql_user: + name: "{{ wp_db_user }}" + password: "{{ wp_db_password }}" + priv: "{{ wp_db_name }}.*:ALL" + host: localhost + state: present - name: Copy WordPress config file - template: src=wp-config.php dest=/srv/wordpress/ + ansible.builtin.template: + src: wp-config.php.j2 + dest: /srv/wordpress/ + owner: wordpress + group: wordpress + mode: u=r,g=r,o= - name: Change ownership of WordPress installation - file: path=/srv/wordpress/ owner=wordpress group=wordpress state=directory recurse=yes - -- name: install SEManage - yum: pkg=policycoreutils-python state=present - -- name: set the SELinux policy for the Wordpress directory - command: semanage fcontext -a -t httpd_sys_content_t "/srv/wordpress(/.*)?" - -- name: set the SELinux policy for wp-config.php - command: semanage fcontext -a -t httpd_sys_script_exec_t "/srv/wordpress/wp-config\.php" - -- name: set the SELinux policy for wp-content directory - command: semanage fcontext -a -t httpd_sys_rw_content_t "/srv/wordpress/wp-content(/.*)?" - -- name: set the SELinux policy for the *.php files - command: semanage fcontext -a -t httpd_sys_script_exec_t "/srv/wordpress/.*\.php" - -- name: set the SELinux policy for the Upgrade directory - command: semanage fcontext -a -t httpd_sys_rw_content_t "/srv/wordpress/wp-content/upgrade(/.*)?" - -- name: set the SELinux policy for the Uploads directory - command: semanage fcontext -a -t httpd_sys_rw_content_t "/srv/wordpress/wp-content/uploads(/.*)?" - -- name: set the SELinux policy for the wp-includes php files - command: semanage fcontext -a -t httpd_sys_script_exec_t "/srv/wordpress/wp-includes/.*\.php" - -- name: set the SELinux on all the Files - command: restorecon -Rv /srv/wordpress + ansible.builtin.file: + path: /srv/wordpress/ + owner: wordpress + group: wordpress + state: directory + recurse: true + +- name: Install SEManage + ansible.builtin.yum: + pkg: policycoreutils-python + state: present + +- name: Set the SELinux policy for the Wordpress directory + community.general.sefcontext: + target: '/srv/wordpress(/.*)?' + setype: httpd_sys_content_t + state: present + +- name: Set the SELinux policy for wp-config.php + community.general.sefcontext: + target: '/srv/wordpress/wp-config\.php' + setype: httpd_sys_script_exec_t + state: present + +- name: Set the SELinux policy for wp-content directory + community.general.sefcontext: + target: '/srv/wordpress/wp-content(/.*)?' + setype: httpd_sys_rw_content_t + state: present + +- name: Set the SELinux policy for the *.php files + community.general.sefcontext: + target: '/srv/wordpress/.*\.php' + setype: httpd_sys_script_exec_t + state: present + +- name: Set the SELinux policy for the Upgrade directory + community.general.sefcontext: + target: "/srv/wordpress/wp-content/upgrade(/.*)?" + setype: httpd_sys_rw_content_t + state: present + +- name: Set the SELinux policy for the Uploads directory + community.general.sefcontext: + target: "/srv/wordpress/wp-content/uploads(/.*)?" + setype: httpd_sys_rw_content_t + state: present + +- name: Set the SELinux policy for the wp-includes php files + community.general.sefcontext: + target: '/srv/wordpress/wp-includes/.*\.php' + setype: httpd_sys_script_exec_t + state: present + +- name: Set the SELinux on all the Files + ansible.builtin.command: restorecon -Rv /srv/wordpress # noqa no-changed-when - name: Start php-fpm Service - service: name=php-fpm state=started enabled=yes + ansible.builtin.service: + name: php-fpm + state: started + enabled: true diff --git a/wordpress-nginx_rhel7/roles/wordpress/templates/wp-config.php b/wordpress-nginx_rhel7/roles/wordpress/templates/wp-config.php.j2 similarity index 100% rename from wordpress-nginx_rhel7/roles/wordpress/templates/wp-config.php rename to wordpress-nginx_rhel7/roles/wordpress/templates/wp-config.php.j2 From f119a218852552e41938f53ba482a187496235e3 Mon Sep 17 00:00:00 2001 From: Simon Bachenberg Date: Fri, 15 Mar 2024 13:21:54 +0100 Subject: [PATCH 2/3] wordpress linter --- .../LICENSE.md | 0 .../README.md | 0 .../group_vars/all | 0 .../hosts.example | 0 .../roles/common/files/RPM-GPG-KEY-EPEL-6 | 0 .../roles/common/files/epel.repo | 0 .../roles/common/files/iptables-save | 0 .../roles/common/handlers/main.yml | 0 .../roles/common/tasks/main.yml | 0 .../roles/mysql/handlers/main.yml | 0 .../roles/mysql/tasks/main.yml | 10 +-- .../roles/mysql/templates/my.cnf.j2 | 0 .../roles/nginx/handlers/main.yml | 0 .../roles/nginx/tasks/main.yml | 0 .../roles/nginx/templates/default.conf | 0 .../roles/php-fpm/handlers/main.yml | 0 .../roles/php-fpm/tasks/main.yml | 0 .../roles/php-fpm/templates/wordpress.conf | 0 .../roles/wordpress/tasks/main.yml | 7 +- .../roles/wordpress/templates/wp-config.php | 0 .../site.yml | 0 .../roles/common/files/RPM-GPG-KEY-EPEL-7 | 29 -------- .../roles/common/files/RPM-GPG-KEY-NGINX | 28 -------- .../roles/common/files/RPM-GPG-KEY-remi | 24 ------- .../roles/common/files/epel.repo | 8 --- .../roles/common/files/nginx.repo | 18 +++-- .../roles/common/files/remi.repo | 67 ------------------- .../roles/common/tasks/main.yml | 43 ++++++++---- .../roles/mariadb/handlers/main.yml | 7 +- .../roles/mariadb/tasks/main.yml | 51 +++++++++----- .../roles/nginx/handlers/main.yml | 8 ++- .../roles/nginx/tasks/main.yml | 29 +++++--- .../{default.conf => default.conf.j2} | 0 .../roles/php-fpm/handlers/main.yml | 6 +- .../roles/php-fpm/tasks/main.yml | 12 +++- 35 files changed, 132 insertions(+), 215 deletions(-) rename {wordpress-nginx => wordpress-nginx_rhel6}/LICENSE.md (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/README.md (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/group_vars/all (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/hosts.example (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/common/files/RPM-GPG-KEY-EPEL-6 (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/common/files/epel.repo (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/common/files/iptables-save (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/common/handlers/main.yml (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/common/tasks/main.yml (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/mysql/handlers/main.yml (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/mysql/tasks/main.yml (79%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/mysql/templates/my.cnf.j2 (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/nginx/handlers/main.yml (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/nginx/tasks/main.yml (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/nginx/templates/default.conf (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/php-fpm/handlers/main.yml (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/php-fpm/tasks/main.yml (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/php-fpm/templates/wordpress.conf (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/wordpress/tasks/main.yml (90%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/wordpress/templates/wp-config.php (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/site.yml (100%) delete mode 100644 wordpress-nginx_rhel7/roles/common/files/RPM-GPG-KEY-EPEL-7 delete mode 100644 wordpress-nginx_rhel7/roles/common/files/RPM-GPG-KEY-NGINX delete mode 100644 wordpress-nginx_rhel7/roles/common/files/RPM-GPG-KEY-remi delete mode 100644 wordpress-nginx_rhel7/roles/common/files/epel.repo delete mode 100644 wordpress-nginx_rhel7/roles/common/files/remi.repo rename wordpress-nginx_rhel7/roles/nginx/templates/{default.conf => default.conf.j2} (100%) diff --git a/wordpress-nginx/LICENSE.md b/wordpress-nginx_rhel6/LICENSE.md similarity index 100% rename from wordpress-nginx/LICENSE.md rename to wordpress-nginx_rhel6/LICENSE.md diff --git a/wordpress-nginx/README.md b/wordpress-nginx_rhel6/README.md similarity index 100% rename from wordpress-nginx/README.md rename to wordpress-nginx_rhel6/README.md diff --git a/wordpress-nginx/group_vars/all b/wordpress-nginx_rhel6/group_vars/all similarity index 100% rename from wordpress-nginx/group_vars/all rename to wordpress-nginx_rhel6/group_vars/all diff --git a/wordpress-nginx/hosts.example b/wordpress-nginx_rhel6/hosts.example similarity index 100% rename from wordpress-nginx/hosts.example rename to wordpress-nginx_rhel6/hosts.example diff --git a/wordpress-nginx/roles/common/files/RPM-GPG-KEY-EPEL-6 b/wordpress-nginx_rhel6/roles/common/files/RPM-GPG-KEY-EPEL-6 similarity index 100% rename from wordpress-nginx/roles/common/files/RPM-GPG-KEY-EPEL-6 rename to wordpress-nginx_rhel6/roles/common/files/RPM-GPG-KEY-EPEL-6 diff --git a/wordpress-nginx/roles/common/files/epel.repo b/wordpress-nginx_rhel6/roles/common/files/epel.repo similarity index 100% rename from wordpress-nginx/roles/common/files/epel.repo rename to wordpress-nginx_rhel6/roles/common/files/epel.repo diff --git a/wordpress-nginx/roles/common/files/iptables-save b/wordpress-nginx_rhel6/roles/common/files/iptables-save similarity index 100% rename from wordpress-nginx/roles/common/files/iptables-save rename to wordpress-nginx_rhel6/roles/common/files/iptables-save diff --git a/wordpress-nginx/roles/common/handlers/main.yml b/wordpress-nginx_rhel6/roles/common/handlers/main.yml similarity index 100% rename from wordpress-nginx/roles/common/handlers/main.yml rename to wordpress-nginx_rhel6/roles/common/handlers/main.yml diff --git a/wordpress-nginx/roles/common/tasks/main.yml b/wordpress-nginx_rhel6/roles/common/tasks/main.yml similarity index 100% rename from wordpress-nginx/roles/common/tasks/main.yml rename to wordpress-nginx_rhel6/roles/common/tasks/main.yml diff --git a/wordpress-nginx/roles/mysql/handlers/main.yml b/wordpress-nginx_rhel6/roles/mysql/handlers/main.yml similarity index 100% rename from wordpress-nginx/roles/mysql/handlers/main.yml rename to wordpress-nginx_rhel6/roles/mysql/handlers/main.yml diff --git a/wordpress-nginx/roles/mysql/tasks/main.yml b/wordpress-nginx_rhel6/roles/mysql/tasks/main.yml similarity index 79% rename from wordpress-nginx/roles/mysql/tasks/main.yml rename to wordpress-nginx_rhel6/roles/mysql/tasks/main.yml index 4236c52eb..ce0043e99 100644 --- a/wordpress-nginx/roles/mysql/tasks/main.yml +++ b/wordpress-nginx_rhel6/roles/mysql/tasks/main.yml @@ -2,10 +2,10 @@ - name: Install Mysql package yum: name={{ item }} state=present with_items: - - mysql-server - - MySQL-python - - libselinux-python - - libsemanage-python + - mysql-server + - MySQL-python + - libselinux-python + - libsemanage-python - name: Configure SELinux to start mysql on any port seboolean: name=mysql_connect_any state=true persistent=yes @@ -14,7 +14,7 @@ - name: Create Mysql configuration file template: src=my.cnf.j2 dest=/etc/my.cnf notify: - - restart mysql + - restart mysql - name: Start Mysql Service service: name=mysqld state=started enabled=yes diff --git a/wordpress-nginx/roles/mysql/templates/my.cnf.j2 b/wordpress-nginx_rhel6/roles/mysql/templates/my.cnf.j2 similarity index 100% rename from wordpress-nginx/roles/mysql/templates/my.cnf.j2 rename to wordpress-nginx_rhel6/roles/mysql/templates/my.cnf.j2 diff --git a/wordpress-nginx/roles/nginx/handlers/main.yml b/wordpress-nginx_rhel6/roles/nginx/handlers/main.yml similarity index 100% rename from wordpress-nginx/roles/nginx/handlers/main.yml rename to wordpress-nginx_rhel6/roles/nginx/handlers/main.yml diff --git a/wordpress-nginx/roles/nginx/tasks/main.yml b/wordpress-nginx_rhel6/roles/nginx/tasks/main.yml similarity index 100% rename from wordpress-nginx/roles/nginx/tasks/main.yml rename to wordpress-nginx_rhel6/roles/nginx/tasks/main.yml diff --git a/wordpress-nginx/roles/nginx/templates/default.conf b/wordpress-nginx_rhel6/roles/nginx/templates/default.conf similarity index 100% rename from wordpress-nginx/roles/nginx/templates/default.conf rename to wordpress-nginx_rhel6/roles/nginx/templates/default.conf diff --git a/wordpress-nginx/roles/php-fpm/handlers/main.yml b/wordpress-nginx_rhel6/roles/php-fpm/handlers/main.yml similarity index 100% rename from wordpress-nginx/roles/php-fpm/handlers/main.yml rename to wordpress-nginx_rhel6/roles/php-fpm/handlers/main.yml diff --git a/wordpress-nginx/roles/php-fpm/tasks/main.yml b/wordpress-nginx_rhel6/roles/php-fpm/tasks/main.yml similarity index 100% rename from wordpress-nginx/roles/php-fpm/tasks/main.yml rename to wordpress-nginx_rhel6/roles/php-fpm/tasks/main.yml diff --git a/wordpress-nginx/roles/php-fpm/templates/wordpress.conf b/wordpress-nginx_rhel6/roles/php-fpm/templates/wordpress.conf similarity index 100% rename from wordpress-nginx/roles/php-fpm/templates/wordpress.conf rename to wordpress-nginx_rhel6/roles/php-fpm/templates/wordpress.conf diff --git a/wordpress-nginx/roles/wordpress/tasks/main.yml b/wordpress-nginx_rhel6/roles/wordpress/tasks/main.yml similarity index 90% rename from wordpress-nginx/roles/wordpress/tasks/main.yml rename to wordpress-nginx_rhel6/roles/wordpress/tasks/main.yml index 9028a89ed..001531c06 100644 --- a/wordpress-nginx/roles/wordpress/tasks/main.yml +++ b/wordpress-nginx_rhel6/roles/wordpress/tasks/main.yml @@ -1,7 +1,6 @@ --- - name: Download WordPress - get_url: url=http://wordpress.org/wordpress-{{ wp_version }}.tar.gz dest=/srv/wordpress-{{ wp_version }}.tar.gz - sha256sum="{{ wp_sha256sum }}" + get_url: url=http://wordpress.org/wordpress-{{ wp_version }}.tar.gz dest=/srv/wordpress-{{ wp_version }}.tar.gz sha256sum="{{ wp_sha256sum }}" - name: Extract archive unarchive: @@ -18,8 +17,8 @@ - name: Fetch random salts for WordPress config get_url: url: https://api.wordpress.org/secret-key/1.1/salt/ - register: "wp_salt" - become: no + register: wp_salt + become: false become_method: sudo changed_when: true delegate_to: localhost diff --git a/wordpress-nginx/roles/wordpress/templates/wp-config.php b/wordpress-nginx_rhel6/roles/wordpress/templates/wp-config.php similarity index 100% rename from wordpress-nginx/roles/wordpress/templates/wp-config.php rename to wordpress-nginx_rhel6/roles/wordpress/templates/wp-config.php diff --git a/wordpress-nginx/site.yml b/wordpress-nginx_rhel6/site.yml similarity index 100% rename from wordpress-nginx/site.yml rename to wordpress-nginx_rhel6/site.yml diff --git a/wordpress-nginx_rhel7/roles/common/files/RPM-GPG-KEY-EPEL-7 b/wordpress-nginx_rhel7/roles/common/files/RPM-GPG-KEY-EPEL-7 deleted file mode 100644 index a1d6f2583..000000000 --- a/wordpress-nginx_rhel7/roles/common/files/RPM-GPG-KEY-EPEL-7 +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.11 (GNU/Linux) - -mQINBFKuaIQBEAC1UphXwMqCAarPUH/ZsOFslabeTVO2pDk5YnO96f+rgZB7xArB -OSeQk7B90iqSJ85/c72OAn4OXYvT63gfCeXpJs5M7emXkPsNQWWSju99lW+AqSNm -jYWhmRlLRGl0OO7gIwj776dIXvcMNFlzSPj00N2xAqjMbjlnV2n2abAE5gq6VpqP -vFXVyfrVa/ualogDVmf6h2t4Rdpifq8qTHsHFU3xpCz+T6/dGWKGQ42ZQfTaLnDM -jToAsmY0AyevkIbX6iZVtzGvanYpPcWW4X0RDPcpqfFNZk643xI4lsZ+Y2Er9Yu5 -S/8x0ly+tmmIokaE0wwbdUu740YTZjCesroYWiRg5zuQ2xfKxJoV5E+Eh+tYwGDJ -n6HfWhRgnudRRwvuJ45ztYVtKulKw8QQpd2STWrcQQDJaRWmnMooX/PATTjCBExB -9dkz38Druvk7IkHMtsIqlkAOQMdsX1d3Tov6BE2XDjIG0zFxLduJGbVwc/6rIc95 -T055j36Ez0HrjxdpTGOOHxRqMK5m9flFbaxxtDnS7w77WqzW7HjFrD0VeTx2vnjj -GqchHEQpfDpFOzb8LTFhgYidyRNUflQY35WLOzLNV+pV3eQ3Jg11UFwelSNLqfQf -uFRGc+zcwkNjHh5yPvm9odR1BIfqJ6sKGPGbtPNXo7ERMRypWyRz0zi0twARAQAB -tChGZWRvcmEgRVBFTCAoNykgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB -AgAiBQJSrmiEAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBqL66iNSxk -5cfGD/4spqpsTjtDM7qpytKLHKruZtvuWiqt5RfvT9ww9GUUFMZ4ZZGX4nUXg49q -ixDLayWR8ddG/s5kyOi3C0uX/6inzaYyRg+Bh70brqKUK14F1BrrPi29eaKfG+Gu -MFtXdBG2a7OtPmw3yuKmq9Epv6B0mP6E5KSdvSRSqJWtGcA6wRS/wDzXJENHp5re -9Ism3CYydpy0GLRA5wo4fPB5uLdUhLEUDvh2KK//fMjja3o0L+SNz8N0aDZyn5Ax -CU9RB3EHcTecFgoy5umRj99BZrebR1NO+4gBrivIfdvD4fJNfNBHXwhSH9ACGCNv -HnXVjHQF9iHWApKkRIeh8Fr2n5dtfJEF7SEX8GbX7FbsWo29kXMrVgNqHNyDnfAB -VoPubgQdtJZJkVZAkaHrMu8AytwT62Q4eNqmJI1aWbZQNI5jWYqc6RKuCK6/F99q -thFT9gJO17+yRuL6Uv2/vgzVR1RGdwVLKwlUjGPAjYflpCQwWMAASxiv9uPyYPHc -ErSrbRG0wjIfAR3vus1OSOx3xZHZpXFfmQTsDP7zVROLzV98R3JwFAxJ4/xqeON4 -vCPFU6OsT3lWQ8w7il5ohY95wmujfr6lk89kEzJdOTzcn7DBbUru33CQMGKZ3Evt -RjsC7FDbL017qxS+ZVA/HGkyfiu4cpgV8VUnbql5eAZ+1Ll6Dw== -=hdPa ------END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/wordpress-nginx_rhel7/roles/common/files/RPM-GPG-KEY-NGINX b/wordpress-nginx_rhel7/roles/common/files/RPM-GPG-KEY-NGINX deleted file mode 100644 index 2528b45b7..000000000 --- a/wordpress-nginx_rhel7/roles/common/files/RPM-GPG-KEY-NGINX +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.11 (FreeBSD) - -mQENBE5OMmIBCAD+FPYKGriGGf7NqwKfWC83cBV01gabgVWQmZbMcFzeW+hMsgxH -W6iimD0RsfZ9oEbfJCPG0CRSZ7ppq5pKamYs2+EJ8Q2ysOFHHwpGrA2C8zyNAs4I -QxnZZIbETgcSwFtDun0XiqPwPZgyuXVm9PAbLZRbfBzm8wR/3SWygqZBBLdQk5TE -fDR+Eny/M1RVR4xClECONF9UBB2ejFdI1LD45APbP2hsN/piFByU1t7yK2gpFyRt -97WzGHn9MV5/TL7AmRPM4pcr3JacmtCnxXeCZ8nLqedoSuHFuhwyDnlAbu8I16O5 -XRrfzhrHRJFM1JnIiGmzZi6zBvH0ItfyX6ttABEBAAG0KW5naW54IHNpZ25pbmcg -a2V5IDxzaWduaW5nLWtleUBuZ2lueC5jb20+iQE+BBMBAgAoBQJOTjJiAhsDBQkJ -ZgGABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCr9b2Ce9m/YpvjB/98uV4t -94d0oEh5XlqEZzVMrcTgPQ3BZt05N5xVuYaglv7OQtdlErMXmRWaFZEqDaMHdniC -sF63jWMd29vC4xpzIfmsLK3ce9oYo4t9o4WWqBUdf0Ff1LMz1dfLG2HDtKPfYg3C -8NESud09zuP5NohaE8Qzj/4p6rWDiRpuZ++4fnL3Dt3N6jXILwr/TM/Ma7jvaXGP -DO3kzm4dNKp5b5bn2nT2QWLPnEKxvOg5Zoej8l9+KFsUnXoWoYCkMQ2QTpZQFNwF -xwJGoAz8K3PwVPUrIL6b1lsiNovDgcgP0eDgzvwLynWKBPkRRjtgmWLoeaS9FAZV -ccXJMmANXJFuCf26iQEcBBABAgAGBQJOTkelAAoJEKZP1bF62zmo79oH/1XDb29S -YtWp+MTJTPFEwlWRiyRuDXy3wBd/BpwBRIWfWzMs1gnCjNjk0EVBVGa2grvy9Jtx -JKMd6l/PWXVucSt+U/+GO8rBkw14SdhqxaS2l14v6gyMeUrSbY3XfToGfwHC4sa/ -Thn8X4jFaQ2XN5dAIzJGU1s5JA0tjEzUwCnmrKmyMlXZaoQVrmORGjCuH0I0aAFk -RS0UtnB9HPpxhGVbs24xXZQnZDNbUQeulFxS4uP3OLDBAeCHl+v4t/uotIad8v6J -SO93vc1evIje6lguE81HHmJn9noxPItvOvSMb2yPsE8mH4cJHRTFNSEhPW6ghmlf -Wa9ZwiVX5igxcvaIRgQQEQIABgUCTk5b0gAKCRDs8OkLLBcgg1G+AKCnacLb/+W6 -cflirUIExgZdUJqoogCeNPVwXiHEIVqithAM1pdY/gcaQZmIRgQQEQIABgUCTk5f -YQAKCRCpN2E5pSTFPnNWAJ9gUozyiS+9jf2rJvqmJSeWuCgVRwCcCUFhXRCpQO2Y -Va3l3WuB+rgKjsQ= -=A015 ------END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/wordpress-nginx_rhel7/roles/common/files/RPM-GPG-KEY-remi b/wordpress-nginx_rhel7/roles/common/files/RPM-GPG-KEY-remi deleted file mode 100644 index 328338606..000000000 --- a/wordpress-nginx_rhel7/roles/common/files/RPM-GPG-KEY-remi +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.7 (GNU/Linux) - -mQGiBEJny1wRBACRnbQgZ6qLmJSuGvi/EwrRL6aW610BbdpLQRL3dnwy5wI5t9T3 -/JEiEJ7GTvAwfiisEHifMfk2sRlWRf2EDQFttHyrrYXfY5L6UAF2IxixK5FL7PWA -/2a7tkw1IbCbt4IGG0aZJ6/xgQejrOLi4ewniqWuXCc+tLuWBZrGpE2QfwCggZ+L -0e6KPTHMP97T4xV81e3Ba5MD/3NwOQh0pVvZlW66Em8IJnBgM+eQh7pl4xq7nVOh -dEMJwVU0wDRKkXqQVghOxALOSAMapj5mDppEDzGLZHZNSRcvGEs2iPwo9vmY+Qhp -AyEBzE4blNR8pwPtAwL0W3cBKUx7ZhqmHr2FbNGYNO/hP4tO2ochCn5CxSwAfN1B -Qs5pBACOkTZMNC7CLsSUT5P4+64t04x/STlAFczEBcJBLF1T16oItDITJmAsPxbY -iee6JRfXmZKqmDP04fRdboWMcRjfDfCciSdIeGqP7vMcO25bDZB6x6++fOcmQpyD -1Fag3ZUq2yojgXWqVrgFHs/HB3QE7UQkykNp1fjQGbKK+5mWTrQkUmVtaSBDb2xs -ZXQgPFJQTVNARmFtaWxsZUNvbGxldC5jb20+iGAEExECACAFAkZ+MYoCGwMGCwkI -BwMCBBUCCAMEFgIDAQIeAQIXgAAKCRAATm9HAPl/Vv/UAJ9EL8ioMTsz/2EPbNuQ -MP5Xx/qPLACeK5rk2hb8VFubnEsbVxnxfxatGZ25AQ0EQmfLXRAEANwGvY+mIZzj -C1L5Nm2LbSGZNTN3NMbPFoqlMfmym8XFDXbdqjAHutGYEZH/PxRI6GC8YW5YK4E0 -HoBAH0b0F97JQEkKquahCakj0P5mGuH6Q8gDOfi6pHimnsSAGf+D+6ZwAn8bHnAa -o+HVmEITYi6s+Csrs+saYUcjhu9zhyBfAAMFA/9Rmfj9/URdHfD1u0RXuvFCaeOw -CYfH2/nvkx+bAcSIcbVm+tShA66ybdZ/gNnkFQKyGD9O8unSXqiELGcP8pcHTHsv -JzdD1k8DhdFNhux/WPRwbo/es6QcpIPa2JPjBCzfOTn9GXVdT4pn5tLG2gHayudK -8Sj1OI2vqGLMQzhxw4hJBBgRAgAJBQJCZ8tdAhsMAAoJEABOb0cA+X9WcSAAn11i -gC5ns/82kSprzBOU0BNwUeXZAJ0cvNmY7rvbyiJydyLsSxh/la6HKw== -=6Rbg ------END PGP PUBLIC KEY BLOCK----- diff --git a/wordpress-nginx_rhel7/roles/common/files/epel.repo b/wordpress-nginx_rhel7/roles/common/files/epel.repo deleted file mode 100644 index 0301cc746..000000000 --- a/wordpress-nginx_rhel7/roles/common/files/epel.repo +++ /dev/null @@ -1,8 +0,0 @@ -[epel] -name=Extra Packages for Enterprise Linux 7 - $basearch -#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch -mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch -failovermethod=priority -enabled=1 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 \ No newline at end of file diff --git a/wordpress-nginx_rhel7/roles/common/files/nginx.repo b/wordpress-nginx_rhel7/roles/common/files/nginx.repo index 9060b8d7c..fd254d868 100644 --- a/wordpress-nginx_rhel7/roles/common/files/nginx.repo +++ b/wordpress-nginx_rhel7/roles/common/files/nginx.repo @@ -1,7 +1,15 @@ -[nginx] -name=Nginx repo - $basearch -baseurl=http://nginx.org/packages/centos/7/$basearch -failovermethod=priority +[nginx-stable] +name=nginx stable repo +baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=1 enabled=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-NGINX +gpgkey=https://nginx.org/keys/nginx_signing.key +module_hotfixes=true + +[nginx-mainline] +name=nginx mainline repo +baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/ +gpgcheck=1 +enabled=0 +gpgkey=https://nginx.org/keys/nginx_signing.key +module_hotfixes=true \ No newline at end of file diff --git a/wordpress-nginx_rhel7/roles/common/files/remi.repo b/wordpress-nginx_rhel7/roles/common/files/remi.repo deleted file mode 100644 index aaae795ec..000000000 --- a/wordpress-nginx_rhel7/roles/common/files/remi.repo +++ /dev/null @@ -1,67 +0,0 @@ -# Repository: http://rpms.remirepo.net/ -# Blog: http://blog.remirepo.net/ -# Forum: http://forum.remirepo.net/ - -[remi] -name=Remi's RPM repository for Enterprise Linux 7 - $basearch -baseurl=http://rpms.remirepo.net/enterprise/7/remi/$basearch/ -mirrorlist=http://rpms.remirepo.net/enterprise/7/remi/mirror -enabled=1 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi - -[remi-php55] -name=Remi's PHP 5.5 RPM repository for Enterprise Linux 7 - $basearch -#baseurl=http://rpms.remirepo.net/enterprise/7/php55/$basearch/ -mirrorlist=http://rpms.remirepo.net/enterprise/7/php55/mirror -# NOTICE: common dependencies are in "remi-safe" -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi - -[remi-php56] -name=Remi's PHP 5.6 RPM repository for Enterprise Linux 7 - $basearch -#baseurl=http://rpms.remirepo.net/enterprise/7/php56/$basearch/ -mirrorlist=http://rpms.remirepo.net/enterprise/7/php56/mirror -# NOTICE: common dependencies are in "remi-safe" -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi - -[remi-test] -name=Remi's test RPM repository for Enterprise Linux 7 - $basearch -#baseurl=http://rpms.remirepo.net/enterprise/7/test/$basearch/ -mirrorlist=http://rpms.remirepo.net/enterprise/7/test/mirror -# WARNING: If you enable this repository, you must also enable "remi" -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi - -[remi-debuginfo] -name=Remi's RPM repository for Enterprise Linux 7 - $basearch - debuginfo -baseurl=http://rpms.remirepo.net/enterprise/7/debug-remi/$basearch/ -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi - -[remi-php55-debuginfo] -name=Remi's PHP 5.5 RPM repository for Enterprise Linux 7 - $basearch - debuginfo -baseurl=http://rpms.remirepo.net/enterprise/7/debug-php55/$basearch/ -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi - -[remi-php56-debuginfo] -name=Remi's PHP 5.6 RPM repository for Enterprise Linux 7 - $basearch - debuginfo -baseurl=http://rpms.remirepo.net/enterprise/7/debug-php56/$basearch/ -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi - -[remi-test-debuginfo] -name=Remi's test RPM repository for Enterprise Linux 7 - $basearch - debuginfo -baseurl=http://rpms.remirepo.net/enterprise/7/debug-test/$basearch/ -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi - diff --git a/wordpress-nginx_rhel7/roles/common/tasks/main.yml b/wordpress-nginx_rhel7/roles/common/tasks/main.yml index 7bf0738ea..03e4c65fc 100644 --- a/wordpress-nginx_rhel7/roles/common/tasks/main.yml +++ b/wordpress-nginx_rhel7/roles/common/tasks/main.yml @@ -1,24 +1,41 @@ --- - name: Copy the NGINX repository definition - copy: src=nginx.repo dest=/etc/yum.repos.d/ + ansible.builtin.copy: + src: nginx.repo + dest: /etc/yum.repos.d/ -- name: Copy the EPEL repository definition - copy: src=epel.repo dest=/etc/yum.repos.d/ +- name: Install the EPEL repository definition + ansible.builtin.yum: + name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm" + state: present -- name: Copy the REMI repository definition - copy: src=remi.repo dest=/etc/yum.repos.d/ +- name: Install the REMI repository definition + ansible.builtin.yum: + name: https://rpms.remirepo.net/enterprise/remi-release-7.rpm + state: present - name: Create the GPG key for NGINX - copy: src=RPM-GPG-KEY-NGINX dest=/etc/pki/rpm-gpg + ansible.builtin.rpm_key: + state: present + key: https://nginx.org/keys/nginx_signing.key -- name: Create the GPG key for EPEL - copy: src=RPM-GPG-KEY-EPEL-7 dest=/etc/pki/rpm-gpg +- name: Create the GPG key for EPEL 7 + ansible.builtin.rpm_key: + state: present + key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 + +- name: Create the GPG key for Remi Repo EL 7 + ansible.builtin.rpm_key: + state: present + key: https://rpms.remirepo.net/enterprise/7/RPM-GPG-KEY-remi -- name: Create the GPG key for REMI - copy: src=RPM-GPG-KEY-remi dest=/etc/pki/rpm-gpg - - name: Install Firewalld - yum: name=firewalld state=present + ansible.builtin.yum: + name: firewalld + state: present - name: Firewalld service state - service: name=firewalld state=started enabled=yes + ansible.builtin.service: + name: firewalld + state: started + enabled: true diff --git a/wordpress-nginx_rhel7/roles/mariadb/handlers/main.yml b/wordpress-nginx_rhel7/roles/mariadb/handlers/main.yml index 37c068354..2dd99755f 100644 --- a/wordpress-nginx_rhel7/roles/mariadb/handlers/main.yml +++ b/wordpress-nginx_rhel7/roles/mariadb/handlers/main.yml @@ -1,5 +1,8 @@ --- # Handler to handle DB tier notifications -- name: restart mariadb - service: name=mariadb state=restarted +- name: Restart mariadb + ansible.builtin.service: + name: mariadb + state: restarted + listen: restart_mariadb diff --git a/wordpress-nginx_rhel7/roles/mariadb/tasks/main.yml b/wordpress-nginx_rhel7/roles/mariadb/tasks/main.yml index 5f930bf8c..1aa3f2ff5 100644 --- a/wordpress-nginx_rhel7/roles/mariadb/tasks/main.yml +++ b/wordpress-nginx_rhel7/roles/mariadb/tasks/main.yml @@ -1,28 +1,49 @@ --- # This playbook will install MariaDB and create db user and give permissions. - - name: Install MariaDB package - yum: name={{ item }} state=installed - with_items: - - mariadb-server - - MySQL-python - - libselinux-python - - libsemanage-python + ansible.builtin.yum: + name: "{{ mariadb_packages }}" + state: installed + vars: + mariadb_packages: + - mariadb-server + - MySQL-python + - libselinux-python + - libsemanage-python - name: Configure SELinux to start mysql on any port - seboolean: name=mysql_connect_any state=true persistent=yes + ansible.posix.seboolean: + name: mysql_connect_any + state: true + persistent: true - name: Create Mysql configuration file - template: src=my.cnf.j2 dest=/etc/my.cnf + ansible.builtin.template: + src: my.cnf.j2 + dest: /etc/my.cnf + owner: root + group: mysql + mode: u=rw,g=r,o=r notify: - - restart mariadb + - restart_mariadb - name: Create MariaDB log file - file: path=/var/log/mysqld.log state=touch owner=mysql group=mysql mode=0775 + ansible.builtin.file: + path: /var/log/mysqld.log + state: touch + owner: mysql + group: mysql + mode: u=rwx,g=rwx,o=rx - name: Start MariaDB Service - service: name=mariadb state=started enabled=yes + ansible.builtin.service: + name: mariadb + state: started + enabled: true -- name: insert firewalld rule - firewalld: port={{ mysql_port }}/tcp permanent=true state=enabled immediate=yes - ignore_errors: yes +- name: Insert firewalld rule + ansible.posix.firewalld: + port: "{{ mysql_port }}/tcp " + permanent: true + state: enabled + immediate: true diff --git a/wordpress-nginx_rhel7/roles/nginx/handlers/main.yml b/wordpress-nginx_rhel7/roles/nginx/handlers/main.yml index 16d819248..14f7cca86 100644 --- a/wordpress-nginx_rhel7/roles/nginx/handlers/main.yml +++ b/wordpress-nginx_rhel7/roles/nginx/handlers/main.yml @@ -1,3 +1,7 @@ --- -- name: restart nginx - service: name=nginx state=restarted enabled=yes +- name: Restart nginx + ansible.builtin.service: + name: nginx + state: restarted + enabled: true + listen: restart_nginx diff --git a/wordpress-nginx_rhel7/roles/nginx/tasks/main.yml b/wordpress-nginx_rhel7/roles/nginx/tasks/main.yml index 14fae22f7..4cff0caa7 100644 --- a/wordpress-nginx_rhel7/roles/nginx/tasks/main.yml +++ b/wordpress-nginx_rhel7/roles/nginx/tasks/main.yml @@ -1,14 +1,27 @@ --- - name: Install nginx - yum: name=nginx state=present + ansible.builtin.yum: + name: nginx + state: present - name: Copy nginx configuration for wordpress - template: src=default.conf dest=/etc/nginx/conf.d/default.conf - notify: restart nginx + ansible.builtin.template: + src: default.conf + dest: /etc/nginx/conf.d/default.conf + owner: nginx + group: nginx + mode: u=rwX,g=rwX,o=rX + notify: restart_nginx -- name: insert firewalld rule for nginx - firewalld: port={{ nginx_port }}/tcp permanent=true state=enabled immediate=yes - ignore_errors: yes +- name: Insert firewalld rule for nginx + ansible.posix.firewalld: + port: "{{ nginx_port }}/tcp" + permanent: true + state: enabled + immediate: true -- name: http service state - service: name=nginx state=started enabled=yes +- name: Http service state + ansible.builtin.service: + name: nginx + state: started + enabled: true diff --git a/wordpress-nginx_rhel7/roles/nginx/templates/default.conf b/wordpress-nginx_rhel7/roles/nginx/templates/default.conf.j2 similarity index 100% rename from wordpress-nginx_rhel7/roles/nginx/templates/default.conf rename to wordpress-nginx_rhel7/roles/nginx/templates/default.conf.j2 diff --git a/wordpress-nginx_rhel7/roles/php-fpm/handlers/main.yml b/wordpress-nginx_rhel7/roles/php-fpm/handlers/main.yml index 6a975ad85..88af85037 100644 --- a/wordpress-nginx_rhel7/roles/php-fpm/handlers/main.yml +++ b/wordpress-nginx_rhel7/roles/php-fpm/handlers/main.yml @@ -1,3 +1,5 @@ --- -- name: restart php-fpm - service: name=php-fpm state=restarted +- name: Restart php-fpm + ansible.builtin.service: + name: php-fpm + state: restarted diff --git a/wordpress-nginx_rhel7/roles/php-fpm/tasks/main.yml b/wordpress-nginx_rhel7/roles/php-fpm/tasks/main.yml index 4778ce157..9efd11a71 100644 --- a/wordpress-nginx_rhel7/roles/php-fpm/tasks/main.yml +++ b/wordpress-nginx_rhel7/roles/php-fpm/tasks/main.yml @@ -1,6 +1,9 @@ --- - name: Install php-fpm and deps - yum: name={{ item }} state=present + ansible.builtin.yum: + name: "{{" + state: present + cmd: item }} with_items: - php - php-fpm @@ -14,9 +17,12 @@ - php-xml - name: Disable default pool - command: mv /etc/php-fpm.d/www.conf /etc/php-fpm.d/www.disabled creates=/etc/php-fpm.d/www.disabled + ansible.builtin.command: mv /etc/php-fpm.d/www.conf /etc/php-fpm.d/www.disabled creates=/etc/php-fpm.d/www.disabled notify: restart php-fpm - name: Copy php-fpm configuration - template: src=wordpress.conf dest=/etc/php-fpm.d/ + ansible.builtin.template: + src: wordpress.conf + dest: /etc/php-fpm.d/ + notify: restart php-fpm From 866bb4f56f4771237560fd8d6fa4385dc5e7cc8d Mon Sep 17 00:00:00 2001 From: Simon Bachenberg Date: Mon, 18 Mar 2024 11:40:22 +0100 Subject: [PATCH 3/3] - no snake case in listen - linter - file permissions --- .../roles/common/tasks/main.yml | 5 ++- .../roles/mariadb/handlers/main.yml | 2 +- .../roles/mariadb/tasks/main.yml | 2 +- .../roles/nginx/handlers/main.yml | 2 +- .../roles/nginx/tasks/main.yml | 2 +- .../roles/nginx/templates/default.conf.j2 | 43 +++++++++---------- .../roles/php-fpm/handlers/main.yml | 1 + .../roles/php-fpm/tasks/main.yml | 40 ++++++++++------- .../{wordpress.conf => wordpress.conf.j2} | 0 .../roles/wordpress/tasks/main.yml | 16 +++---- 10 files changed, 62 insertions(+), 51 deletions(-) rename wordpress-nginx_rhel7/roles/php-fpm/templates/{wordpress.conf => wordpress.conf.j2} (100%) diff --git a/wordpress-nginx_rhel7/roles/common/tasks/main.yml b/wordpress-nginx_rhel7/roles/common/tasks/main.yml index 03e4c65fc..2f7b737d3 100644 --- a/wordpress-nginx_rhel7/roles/common/tasks/main.yml +++ b/wordpress-nginx_rhel7/roles/common/tasks/main.yml @@ -3,10 +3,13 @@ ansible.builtin.copy: src: nginx.repo dest: /etc/yum.repos.d/ + owner: root + group: root + mode: u=rw,g=r,o=r - name: Install the EPEL repository definition ansible.builtin.yum: - name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm" + name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm" state: present - name: Install the REMI repository definition diff --git a/wordpress-nginx_rhel7/roles/mariadb/handlers/main.yml b/wordpress-nginx_rhel7/roles/mariadb/handlers/main.yml index 2dd99755f..2bd8e11f9 100644 --- a/wordpress-nginx_rhel7/roles/mariadb/handlers/main.yml +++ b/wordpress-nginx_rhel7/roles/mariadb/handlers/main.yml @@ -5,4 +5,4 @@ ansible.builtin.service: name: mariadb state: restarted - listen: restart_mariadb + listen: restart mariadb diff --git a/wordpress-nginx_rhel7/roles/mariadb/tasks/main.yml b/wordpress-nginx_rhel7/roles/mariadb/tasks/main.yml index 1aa3f2ff5..80f49dafb 100644 --- a/wordpress-nginx_rhel7/roles/mariadb/tasks/main.yml +++ b/wordpress-nginx_rhel7/roles/mariadb/tasks/main.yml @@ -25,7 +25,7 @@ group: mysql mode: u=rw,g=r,o=r notify: - - restart_mariadb + - restart mariadb - name: Create MariaDB log file ansible.builtin.file: diff --git a/wordpress-nginx_rhel7/roles/nginx/handlers/main.yml b/wordpress-nginx_rhel7/roles/nginx/handlers/main.yml index 14f7cca86..611a8721c 100644 --- a/wordpress-nginx_rhel7/roles/nginx/handlers/main.yml +++ b/wordpress-nginx_rhel7/roles/nginx/handlers/main.yml @@ -4,4 +4,4 @@ name: nginx state: restarted enabled: true - listen: restart_nginx + listen: restart nginx diff --git a/wordpress-nginx_rhel7/roles/nginx/tasks/main.yml b/wordpress-nginx_rhel7/roles/nginx/tasks/main.yml index 4cff0caa7..d1a3ad194 100644 --- a/wordpress-nginx_rhel7/roles/nginx/tasks/main.yml +++ b/wordpress-nginx_rhel7/roles/nginx/tasks/main.yml @@ -11,7 +11,7 @@ owner: nginx group: nginx mode: u=rwX,g=rwX,o=rX - notify: restart_nginx + notify: restart nginx - name: Insert firewalld rule for nginx ansible.posix.firewalld: diff --git a/wordpress-nginx_rhel7/roles/nginx/templates/default.conf.j2 b/wordpress-nginx_rhel7/roles/nginx/templates/default.conf.j2 index bfa7a5105..cb37f74e2 100644 --- a/wordpress-nginx_rhel7/roles/nginx/templates/default.conf.j2 +++ b/wordpress-nginx_rhel7/roles/nginx/templates/default.conf.j2 @@ -1,31 +1,30 @@ server { - listen {{ nginx_port }} default_server; - server_name {{ server_hostname }}; - root /srv/wordpress/ ; + listen {{ nginx_port }} default_server; + server_name {{ server_hostname }}; + root /srv/wordpress/ ; client_max_body_size 64M; # Deny access to any files with a .php extension in the uploads directory - location ~* /(?:uploads|files)/.*\.php$ { - deny all; - } + location ~* /(?:uploads|files)/.*\.php$ { + deny all; + } - location / { - index index.php index.html index.htm; - try_files $uri $uri/ /index.php?$args; - } + location / { + index index.php index.html index.htm; + try_files $uri $uri/ /index.php?$args; + } - location ~* \.(gif|jpg|jpeg|png|css|js)$ { - expires max; - } + location ~* \.(gif|jpg|jpeg|png|css|js)$ { + expires max; + } - location ~ \.php$ { - try_files $uri =404; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_index index.php; - fastcgi_pass unix:/var/run/php-fpm/wordpress.sock; - fastcgi_param SCRIPT_FILENAME - $document_root$fastcgi_script_name; - include fastcgi_params; - } + location ~ \.php$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + fastcgi_pass unix:/var/run/php-fpm/wordpress.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } } diff --git a/wordpress-nginx_rhel7/roles/php-fpm/handlers/main.yml b/wordpress-nginx_rhel7/roles/php-fpm/handlers/main.yml index 88af85037..e65f8dc68 100644 --- a/wordpress-nginx_rhel7/roles/php-fpm/handlers/main.yml +++ b/wordpress-nginx_rhel7/roles/php-fpm/handlers/main.yml @@ -3,3 +3,4 @@ ansible.builtin.service: name: php-fpm state: restarted + listen: restart php-fpm diff --git a/wordpress-nginx_rhel7/roles/php-fpm/tasks/main.yml b/wordpress-nginx_rhel7/roles/php-fpm/tasks/main.yml index 9efd11a71..5d1a6e0c4 100644 --- a/wordpress-nginx_rhel7/roles/php-fpm/tasks/main.yml +++ b/wordpress-nginx_rhel7/roles/php-fpm/tasks/main.yml @@ -1,28 +1,36 @@ --- - name: Install php-fpm and deps ansible.builtin.yum: - name: "{{" + name: "{{ php_packages }}" state: present - cmd: item }} - with_items: - - php - - php-fpm - - php-enchant - - php-IDNA_Convert - - php-mbstring - - php-mysql - - php-PHPMailer - - php-process - - php-simplepie - - php-xml + vars: + php_packages: + - php + - php-fpm + - php-enchant + - php-IDNA_Convert + - php-mbstring + - php-mysql + - php-PHPMailer + - php-process + - php-simplepie + - php-xml - name: Disable default pool - ansible.builtin.command: mv /etc/php-fpm.d/www.conf /etc/php-fpm.d/www.disabled creates=/etc/php-fpm.d/www.disabled + ansible.builtin.copy: + src: /etc/php-fpm.d/www.conf + dest: /etc/php-fpm.d/www.disabled + remote_src: true + owner: root + group: nginx + mode: u=rw,g=r,o=r notify: restart php-fpm - name: Copy php-fpm configuration ansible.builtin.template: - src: wordpress.conf + src: wordpress.conf.j2 dest: /etc/php-fpm.d/ - + owner: root + group: nginx + mode: u=rw,g=r,o=r notify: restart php-fpm diff --git a/wordpress-nginx_rhel7/roles/php-fpm/templates/wordpress.conf b/wordpress-nginx_rhel7/roles/php-fpm/templates/wordpress.conf.j2 similarity index 100% rename from wordpress-nginx_rhel7/roles/php-fpm/templates/wordpress.conf rename to wordpress-nginx_rhel7/roles/php-fpm/templates/wordpress.conf.j2 diff --git a/wordpress-nginx_rhel7/roles/wordpress/tasks/main.yml b/wordpress-nginx_rhel7/roles/wordpress/tasks/main.yml index 65f0b50be..26c959c88 100644 --- a/wordpress-nginx_rhel7/roles/wordpress/tasks/main.yml +++ b/wordpress-nginx_rhel7/roles/wordpress/tasks/main.yml @@ -11,7 +11,7 @@ - name: Download & Extract WordPress ansible.builtin.unarchive: - src: "http://wordpress.org/wordpress-{{ wp_version }}.tar.gz" + src: http://wordpress.org/wordpress-{{ wp_version }}.tar.gz dest: /srv/wordpress owner: wordpress group: wordpress @@ -61,43 +61,43 @@ - name: Set the SELinux policy for the Wordpress directory community.general.sefcontext: - target: '/srv/wordpress(/.*)?' + target: /srv/wordpress(/.*)? setype: httpd_sys_content_t state: present - name: Set the SELinux policy for wp-config.php community.general.sefcontext: - target: '/srv/wordpress/wp-config\.php' + target: /srv/wordpress/wp-config\.php setype: httpd_sys_script_exec_t state: present - name: Set the SELinux policy for wp-content directory community.general.sefcontext: - target: '/srv/wordpress/wp-content(/.*)?' + target: /srv/wordpress/wp-content(/.*)? setype: httpd_sys_rw_content_t state: present - name: Set the SELinux policy for the *.php files community.general.sefcontext: - target: '/srv/wordpress/.*\.php' + target: /srv/wordpress/.*\.php setype: httpd_sys_script_exec_t state: present - name: Set the SELinux policy for the Upgrade directory community.general.sefcontext: - target: "/srv/wordpress/wp-content/upgrade(/.*)?" + target: /srv/wordpress/wp-content/upgrade(/.*)? setype: httpd_sys_rw_content_t state: present - name: Set the SELinux policy for the Uploads directory community.general.sefcontext: - target: "/srv/wordpress/wp-content/uploads(/.*)?" + target: /srv/wordpress/wp-content/uploads(/.*)? setype: httpd_sys_rw_content_t state: present - name: Set the SELinux policy for the wp-includes php files community.general.sefcontext: - target: '/srv/wordpress/wp-includes/.*\.php' + target: /srv/wordpress/wp-includes/.*\.php setype: httpd_sys_script_exec_t state: present