iiab/roles/wordpress/tasks/install.yml

# "Emergency" reinstalls (from /opt/iiab/downloads/wordpress.tar.gz
# to /library/wordpress) should also work offline...
#
# ONLINE OR OFFLINE, IF YOU NEED A CLEAN REINSTALL OF WORDPRESS DURING YOUR
# NEXT RUN OF "./runrole wordpress" OR "./iiab-install" PLEASE FIRST DO:
#
# - "mv /library/wordpress /library/wordpress.old"
# - back up WordPress's database then drop it
#
# REASON: "keep_newer: yes" below tries to preserve WordPress's self-upgrades
# and security enhancements using timestamps under /library/wordpress, as these
# can arise without warning when WordPress is online, since WordPress ~4.8

- name: Download the latest WordPress software
  get_url:
    url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}"
    dest: "{{ downloads_dir }}"
    timeout: "{{ download_timeout }}"
#   force: yes
#   backup: yes
  register: wp_download_output
  when: internet_available

- name: Create link /opt/iiab/downloads/wordpress.tar.gz pointing to {{ wp_download_output.dest }}
  file:
    src: "{{ wp_download_output.dest }}"
    dest: "{{ downloads_dir }}/wordpress.tar.gz"
    state: link
  when: wp_download_output.dest is defined

- name: Check if /opt/iiab/downloads/wordpress.tar.gz link exists
  stat:
    path: "{{ downloads_dir }}/wordpress.tar.gz"
  register: wp_link

- name: FAIL (force Ansible to exit) IF /opt/iiab/downloads/wordpress.tar.gz doesn't exist
  fail:
    msg: "{{ downloads_dir }}/wordpress.tar.gz is REQUIRED in order to install WordPress."
  when: not wp_link.stat.exists

- name: "Unpack /opt/iiab/downloads/wordpress.tar.gz to permanent location /library/wordpress - owner: root, group: {{ apache_user }}, mode: 0664, keep_newer: yes"
  unarchive:
    src: "{{ downloads_dir }}/wordpress.tar.gz"
    dest: "{{ wp_install_path }}"
    owner: root
    group: "{{ apache_user }}"
    mode: 0664
    keep_newer: yes

# For schools that use WordPress intensively.  WARNING: Enabling this (might)
# cause excess use of RAM or other resources?  github.com/iiab/iiab/issues/1147
- name: Raise php.ini limits in schools that use WordPress intensively
  lineinfile:
    path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini"
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
  when: wordpress_raise_php_limits
  with_items:
    - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 64M    ; default is 2M' }
    - { regexp: '^post_max_size', line: 'post_max_size = 128M    ; default is 8M' }
    - { regexp: '^memory_limit', line: 'memory_limit = 256M    ; default is 128M' }
    - { regexp: '^max_execution_time', line: 'max_execution_time = 300    ; default is 30' }
    - { regexp: '^max_input_time', line: 'max_input_time = 300    ; default is 60' }

# - name: Rename /library/wordpress* to /library/wordpress
#   shell: if [ ! -d {{ wp_abs_path }} ]; then mv {{ wp_abs_path }}* {{ wp_abs_path }}; fi

#- name: Make Apache owner and group, 1st pass permissions set to 0664
#  file: path={{ wp_abs_path }}
#        recurse=yes
#        owner=root
#        group={{ apache_user }}
#        mode=0664
#        state=directory

- name: Make /library/wordpress directories 775 so Apache can traverse and write (most files remain 0664)
  command: "/usr/bin/find {{ wp_abs_path }} -type d -exec chmod 775 {} +"

- name: Copy wp salt values
  copy:
    src: wp-keys.php.BAK
    dest: "{{ wp_abs_path }}/wp-keys.php.BAK"
    owner: root
    group: "{{ apache_user }}"
    mode: 0640

# Fetch random salts for WordPress config into wp-keys.php file by generating script and running

- name: Create wp salt script
  template:
    src: get-iiab-wp-salts.j2
    dest: /tmp/get-iiab-wp-salts
    owner: root
    group: root
    mode: 0700

- name: Run wp salt script to create /library/wordpress/wp-keys.php
  command: /tmp/get-iiab-wp-salts

- name: Cleanup - remove wp salt script
  file:
    path: /tmp/get-iiab-wp-salts
    state: absent

- name: MySQL database needs to be running if we are trying to create a new db
  service:
    state: started
    name: "{{ mysql_service }}"

- name: Create MySQL wordpress database
  mysql_db:
    name: "{{ wp_db_name }}"
    state: present

- name: Create MySQL wordpress database user
  mysql_user:
    name: "{{ wp_db_user }}"
    password: "{{ wp_db_user_password }}"
    priv: "{{ wp_db_name }}.*:ALL,GRANT"
    state: present

- name: Copy wp-config.php
  template:
    src: wp-config.php.j2
    dest: "{{ wp_abs_path }}/wp-config.php"
    owner: root
    group: "{{ apache_user }}"
    mode: 0660

- name: Copy wordpress.conf to permit http://box{{ wp_url }}
  template:
    src: wordpress.conf.j2
    dest: "/etc/{{ apache_config_dir }}/wordpress.conf"

- name: Enable wordpress.conf if wordpress_enabled (debuntu)
  file:
    src: /etc/apache2/sites-available/wordpress.conf
    dest: /etc/apache2/sites-enabled/wordpress.conf
    state: link
  when: wordpress_enabled and is_debuntu

- name: Remove wordpress.conf if not wordpress_enabled (debuntu)
  file:
    path: /etc/apache2/sites-enabled/wordpress.conf
    state: absent
  when: not wordpress_enabled and is_debuntu

- name: Restart Apache to enable/disable http://box{{ wp_url }}
  service:
    name: "{{ apache_service }}"
    state: restarted

- name: Add 'wordpress' to list of services at /etc/iiab/iiab.ini
  ini_file:
    dest: "{{ service_filelist }}"
    section: wordpress
    option: "{{ item.option }}"
    value: "{{ item.value }}"
  with_items:
    - option: name
      value: WordPress
    - option: description
      value: '"WordPress is a blog and web site management application."'
    - option: wordpress_src
      value: "{{ wordpress_src }}"
    - option: wp_abs_path
      value: "{{ wp_abs_path }}"
    - option: wp_db_name
      value: "{{ wp_db_name }}"
    - option: wp_db_user
      value: "{{ wp_db_user }}"
    - option: wp_url
      value: "{{ wp_url }}"
    - option: wp_full_url
      value: "{{ wp_full_url }}"
    - option: wordpress_enabled
      value: "{{ wordpress_enabled }}"