external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity
iiab/roles/wordpress/tasks/install.yml

136 lines
8 KiB
YAML
Raw Blame History

# "Emergency" reinstalls (from /opt/iiab/downloads/wordpress.tar.gz
# to /library/wordpress) should also work offline...
#
# ONLINE OR OFFLINE, IF YOU NEED A CLEAN REINSTALL OF WORDPRESS DURING YOUR
# NEXT RUN OF "./runrole wordpress" OR "./iiab-install" PLEASE FIRST DO:
#
# - "mv /library/wordpress /library/wordpress.old"
# - back up WordPress's database then drop it
#
# REASON: "keep_newer: yes" below tries to preserve WordPress's self-upgrades
# and security enhancements using timestamps under /library/wordpress, as these
# can arise without warning when WordPress is online, since WordPress ~4.8
# 2021-06-29: PHP modules, covering "RECOMMENDED" and "OPTIONAL" sections here:
# https://make.wordpress.org/hosting/handbook/server-environment/
- name: Install libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify)
package:
name:
- libsodium23 # Likewise installed in nginx/tasks/install.yml via php{{ php_version }}-fpm AND httpd/tasks/install.yml via libapache2-mod-php{{ php_version }} AND moodle/tasks/install.yml -- it can ALSO be auto-installed by phpX.Y-cgi OR phpX.Y-cli as confirmed by 'apt rdepends libsodium23' -- VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"'
- php{{ php_version }}-bcmath # OPTIONAL: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
#- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
- php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
- php-imagick # BUT drags in Apache's libapache2-mod-phpX.Y etc, as confirmed by 'apt depends php-imagick' -- while php{{ php_version }}-imagick installs (despite not being shown within 'apt list "php*imagick"') it's no better -- and 'apt depends phpX.Y-imagick' mysteriously does NOT show its deps. Likewise installed in nextcloud/tasks/install.yml
- php{{ php_version }}-intl # OPTIONAL: Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml
#- php{{ php_version }}-json # See stanza just below
- php{{ php_version }}-mbstring # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
- php{{ php_version }}-mysql # Likewise installed in mysql/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
- php{{ php_version }}-xml # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter}
- php{{ php_version }}-zip # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
state: present
# For PHP >= 8.0: phpX.Y-json is baked into PHP itself.
# For PHP < 8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json
#
#- name: Install php{{ php_version }}-json if PHP < 8.0
# package:
# name: php{{ php_version }}-json
# state: present
# when: php_version is version('8.0', '<')
- name: Delete {{ downloads_dir }}/wordpress.tar.gz if it exists
file:
path: "{{ downloads_dir }}/wordpress.tar.gz"
state: absent
- name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }}/wordpress.tar.gz
command: wget {{ wordpress_download_base_url }}/{{ wordpress_src }} -O {{ downloads_dir }}/wordpress.tar.gz
# 2022-05-04: Ansible approach below (get_url) fails with HTTP Error 429
# (Too Many Requests) b/c Ansible's User-Agent string? Affecting 1 user in
# England and another user in Scotland, but not affecting many other
# countries/ISP's apparently? WordPress must have recently changed their
# hosting arrangements for https://wordpress.org/latest.tar.gz
# get_url:
# url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}"
# dest: "{{ downloads_dir }}"
# timeout: "{{ download_timeout }}"
# register: wp_download_output
# - name: Symlink {{ downloads_dir }}/wordpress.tar.gz -> {{ wp_download_output.dest }}
# file:
# src: "{{ wp_download_output.dest }}"
# path: "{{ downloads_dir }}/wordpress.tar.gz" # /opt/iiab/downloads
# state: link
# when: wp_download_output.dest is defined
- name: Does {{ downloads_dir }}/wordpress.tar.gz exist?
stat:
path: "{{ downloads_dir }}/wordpress.tar.gz" # /opt/iiab/downloads
register: wp_tar_gz
- name: FAIL (force Ansible to exit) IF {{ downloads_dir }}/wordpress.tar.gz doesn't exist
fail:
msg: "{{ downloads_dir }}/wordpress.tar.gz is REQUIRED in order to install WordPress."
when: not wp_tar_gz.stat.exists
- name: "Unpack {{ downloads_dir }}/wordpress.tar.gz to permanent location {{ wp_install_path }}/wordpress - owner: root, group: {{ apache_user }}, mode: '0664', keep_newer: yes"
unarchive:
src: "{{ downloads_dir }}/wordpress.tar.gz" # /opt/iiab/downloads
dest: "{{ wp_install_path }}" # /library
owner: root # 2020-01-17: confirmed that wordpress.tar.gz (otherwise) unpacks as nobody:nogroup, with all files as '0644', and all dirs as '0755'
group: "{{ apache_user }}" # DO WE REALLY STILL WANT THIS FOR NGINX?
mode: '0664' # PHP/Apache/NGINX apparently need g+rw (group write access, not just read) similar to '0775' for directory traversing below
keep_newer: yes
- name: Make {{ wp_abs_path }} directories 775 so PHP/Apache/NGINX can traverse and write (above files remain 664)
command: "/usr/bin/find {{ wp_abs_path }} -type d -exec chmod 775 {} +" # /library/wordpress
# 4 stanzas to install wp-keys.php.BAK, wp-keys.php & wp-config.php into /library/wordpress
- name: Install {{ wp_abs_path }}/wp-keys.php.BAK from template (if file does not already exist) in case download of 8 dynamically-generated salts/keys fails below
copy:
src: wp-keys.php.BAK
dest: "{{ wp_abs_path }}/wp-keys.php.BAK" # /library/wordpress
owner: root
group: "{{ apache_user }}" # DO WE REALLY STILL WANT THIS FOR NGINX?
mode: '0640'
force: no # Preserve site's unique keys, as might have been placed into .BAK during an earlier run, by the script below
- name: Install script /tmp/get-iiab-wp-salts from template
template:
src: get-iiab-wp-salts.j2
dest: /tmp/get-iiab-wp-salts
owner: root
group: root
mode: '0700'
- name: Run /tmp/get-iiab-wp-salts to download 8 random salts/keys, creating a new {{ wp_abs_path }}/wp-keys.php (or if nec, copy from known/prior {{ wp_abs_path }}/wp-keys.php.BAK) # /library/wordpress
command: /tmp/get-iiab-wp-salts
#when: internet_available # Better to run it every time, installing from wp-keys.php.BAK if download fails
# Don't Bother: /tmp file are deleted on reboot!
#- name: Remove script /tmp/get-iiab-wp-salts
# file:
# path: /tmp/get-iiab-wp-salts
# state: absent
- name: Install {{ wp_abs_path }}/wp-config.php # /library/wordpress
template:
src: wp-config.php.j2
dest: "{{ wp_abs_path }}/wp-config.php"
owner: root
group: "{{ apache_user }}" # DO WE REALLY STILL WANT THIS FOR NGINX?
mode: '0660' # Others strongly recommend '0600' (or do PHP/Apache/NGINX really need group read & write permissions?)
# RECORD WordPress AS INSTALLED
- name: "Set 'wordpress_installed: True'"
set_fact:
wordpress_installed: True
- name: "Add 'wordpress_installed: True' to {{ iiab_state_file }}"
lineinfile:
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^wordpress_installed'
line: 'wordpress_installed: True'
Reference in a new issue View git blame Copy permalink