iiab/roles/wordpress/tasks/install.yml

# "Emergency" reinstalls (from /opt/iiab/downloads/wordpress.tar.gz
# to /library/wordpress) should also work offline...
#
# ONLINE OR OFFLINE, IF YOU NEED A CLEAN REINSTALL OF WORDPRESS DURING YOUR
# NEXT RUN OF "./runrole wordpress" OR "./iiab-install" PLEASE FIRST DO:
#
# - "mv /library/wordpress /library/wordpress.old"
# - back up WordPress's database then drop it
#
# REASON: "keep_newer: yes" below tries to preserve WordPress's self-upgrades
# and security enhancements using timestamps under /library/wordpress, as these
# can arise without warning when WordPress is online, since WordPress ~4.8


- name: "Set 'mysql_install: True' and 'mysql_enabled: True'"
  set_fact:
    mysql_install: True
    mysql_enabled: True

- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB)
  include_role:
    name: mysql

- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined'
  fail:
    msg: "WordPress install cannot proceed, as MySQL / MariaDB is not installed."
  when: mysql_installed is undefined


- name: Record (initial) disk space used
  shell: df -B1 --output=used / | tail -1
  register: df1


- name: Provision MySQL DB
  include_tasks: setup.yml


# 2021-06-29: PHP modules, covering "RECOMMENDED" and "OPTIONAL" sections here:
# https://make.wordpress.org/hosting/handbook/server-environment/
- name: Install libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify)
  package:
    name:
      - libsodium23                      # Likewise installed in nginx/tasks/install.yml via php{{ php_version }}-fpm AND httpd/tasks/install.yml via libapache2-mod-php{{ php_version }} AND moodle/tasks/install.yml -- it can ALSO be auto-installed by phpX.Y-cgi OR phpX.Y-cli as confirmed by 'apt rdepends libsodium23' -- VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"'
      - php{{ php_version }}-bcmath      # OPTIONAL: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
      #- php{{ php_version }}-common     # Auto-installed as an apt dependency.  REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
      - php{{ php_version }}-curl        # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
      - php-imagick                      # BUT drags in Apache's libapache2-mod-phpX.Y etc, as confirmed by 'apt depends php-imagick' -- while php{{ php_version }}-imagick installs (despite not being shown within 'apt list "php*imagick"') it's no better -- and 'apt depends phpX.Y-imagick' mysteriously does NOT show its deps.  Likewise installed in nextcloud/tasks/install.yml
      - php{{ php_version }}-intl        # OPTIONAL: Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml
      #- php{{ php_version }}-json       # See stanza just below
      - php{{ php_version }}-mbstring    # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
      - php{{ php_version }}-mysql       # Likewise installed in mysql/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
      - php{{ php_version }}-xml         # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter}
      - php{{ php_version }}-zip         # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
    state: present

# For PHP >= 8.0: phpX.Y-json is baked into PHP itself.
# For PHP <  8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json
#
#- name: Install php{{ php_version }}-json if PHP < 8.0
#  package:
#    name: php{{ php_version }}-json
#    state: present
#  when: php_version is version('8.0', '<')

- name: "Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: False' by default"
  include_tasks: roles/www_options/tasks/php-settings.yml
  when: php_settings_done is undefined


- name: Delete {{ downloads_dir }}/wordpress.tar.gz if it exists
  file:
    path: "{{ downloads_dir }}/wordpress.tar.gz"
    state: absent

- name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }}/wordpress.tar.gz
  command: wget {{ wordpress_download_base_url }}/{{ wordpress_src }} -O {{ downloads_dir }}/wordpress.tar.gz
  # 2022-05-04: Ansible approach below (get_url) fails with HTTP Error 429
  # (Too Many Requests) b/c Ansible's User-Agent string?  Affecting 1 user in
  # England and another user in Scotland, but not affecting many other
  # countries/ISP's apparently?  WordPress must have recently changed their
  # hosting arrangements for https://wordpress.org/latest.tar.gz
  # get_url:
  #   url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}"
  #   dest: "{{ downloads_dir }}"
  #   timeout: "{{ download_timeout }}"
#   register: wp_download_output

# - name: Symlink {{ downloads_dir }}/wordpress.tar.gz -> {{ wp_download_output.dest }}
#   file:
#     src: "{{ wp_download_output.dest }}"
#     path: "{{ downloads_dir }}/wordpress.tar.gz"    # /opt/iiab/downloads
#     state: link
#   when: wp_download_output.dest is defined

- name: Does {{ downloads_dir }}/wordpress.tar.gz exist?
  stat:
    path: "{{ downloads_dir }}/wordpress.tar.gz"    # /opt/iiab/downloads
  register: wp_tar_gz

- name: FAIL (force Ansible to exit) IF {{ downloads_dir }}/wordpress.tar.gz doesn't exist
  fail:
    msg: "{{ downloads_dir }}/wordpress.tar.gz is REQUIRED in order to install WordPress."
  when: not wp_tar_gz.stat.exists

- name: "Unpack {{ downloads_dir }}/wordpress.tar.gz to permanent location {{ wp_install_path }}/wordpress - owner: root, group: {{ apache_user }}, mode: '0664', keep_newer: yes"
  unarchive:
    src: "{{ downloads_dir }}/wordpress.tar.gz"    # /opt/iiab/downloads
    dest: "{{ wp_install_path }}"    # /library
    owner: root    # 2020-01-17: confirmed that wordpress.tar.gz (otherwise) unpacks as nobody:nogroup, with all files as '0644', and all dirs as '0755'
    group: "{{ apache_user }}"    # DO WE REALLY STILL WANT THIS FOR NGINX?
    mode: '0664'    # PHP/Apache/NGINX apparently need g+rw (group write access, not just read) similar to '0775' for directory traversing below
    keep_newer: yes

- name: Make {{ wp_abs_path }} directories 775 so PHP/Apache/NGINX can traverse and write (above files remain 664)
  command: "/usr/bin/find {{ wp_abs_path }} -type d -exec chmod 775 {} +"    # /library/wordpress

# 4 stanzas to install wp-keys.php.BAK, wp-keys.php & wp-config.php into /library/wordpress

- name: Install {{ wp_abs_path }}/wp-keys.php.BAK from template (if file does not already exist) in case download of 8 dynamically-generated salts/keys fails below
  copy:
    src: wp-keys.php.BAK
    dest: "{{ wp_abs_path }}/wp-keys.php.BAK"    # /library/wordpress
    owner: root
    group: "{{ apache_user }}"    # DO WE REALLY STILL WANT THIS FOR NGINX?
    mode: '0640'
    force: no    # Preserve site's unique keys, as might have been placed into .BAK during an earlier run, by the script below

- name: Install script /tmp/get-iiab-wp-salts from template
  template:
    src: get-iiab-wp-salts.j2
    dest: /tmp/get-iiab-wp-salts
    owner: root
    group: root
    mode: '0700'

- name: Run /tmp/get-iiab-wp-salts to download 8 random salts/keys, creating a new {{ wp_abs_path }}/wp-keys.php (or if nec, copy from known/prior {{ wp_abs_path }}/wp-keys.php.BAK)    # /library/wordpress
  command: /tmp/get-iiab-wp-salts
  #when: internet_available    # Better to run it every time, installing from wp-keys.php.BAK if download fails

# Don't Bother: /tmp file are deleted on reboot!
#- name: Remove script /tmp/get-iiab-wp-salts
#  file:
#    path: /tmp/get-iiab-wp-salts
#    state: absent

- name: Install {{ wp_abs_path }}/wp-config.php    # /library/wordpress
  template:
    src: wp-config.php.j2
    dest: "{{ wp_abs_path }}/wp-config.php"
    owner: root
    group: "{{ apache_user }}"    # DO WE REALLY STILL WANT THIS FOR NGINX?
    mode: '0660'    # Others strongly recommend '0600' (or do PHP/Apache/NGINX really need group read & write permissions?)


# RECORD WordPress AS INSTALLED

- name: Record (final) disk space used
  shell: df -B1 --output=used / | tail -1
  register: df2

- name: Add 'wordpress_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
    section: wordpress
    option: wordpress_disk_usage
    value: "{{ df2.stdout|int - df1.stdout|int }}"

- name: "Set 'wordpress_installed: True'"
  set_fact:
    wordpress_installed: True

- name: "Add 'wordpress_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^wordpress_installed'
    line: 'wordpress_installed: True'