external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity
iiab/roles/wordpress/tasks/install.yml

105 lines
4.6 KiB
YAML
Raw Blame History

# "Emergency" reinstalls (from /opt/iiab/downloads/wordpress.tar.gz
# to /library/wordpress) should also work offline...
#
# ONLINE OR OFFLINE, IF YOU NEED A CLEAN REINSTALL OF WORDPRESS DURING YOUR
# NEXT RUN OF "./runrole wordpress" OR "./iiab-install" PLEASE FIRST DO:
#
# - "mv /library/wordpress /library/wordpress.old"
# - back up WordPress's database then drop it
#
# REASON: "keep_newer: yes" below tries to preserve WordPress's self-upgrades
# and security enhancements using timestamps under /library/wordpress, as these
# can arise without warning when WordPress is online, since WordPress ~4.8
- name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }}
get_url:
url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}"
dest: "{{ downloads_dir }}"
timeout: "{{ download_timeout }}"
register: wp_download_output
when: internet_available | bool
- name: Symlink {{ downloads_dir }}/wordpress.tar.gz -> {{ wp_download_output.dest }}
file:
src: "{{ wp_download_output.dest }}"
path: "{{ downloads_dir }}/wordpress.tar.gz" # /opt/iiab/downloads
state: link
when: wp_download_output.dest is defined
- name: Does {{ downloads_dir }}/wordpress.tar.gz link exist?
stat:
path: "{{ downloads_dir }}/wordpress.tar.gz" # /opt/iiab/downloads
register: wp_link
- name: FAIL (force Ansible to exit) IF {{ downloads_dir }}/wordpress.tar.gz doesn't exist
fail:
msg: "{{ downloads_dir }}/wordpress.tar.gz is REQUIRED in order to install WordPress."
when: not wp_link.stat.exists
- name: "Unpack {{ downloads_dir }}/wordpress.tar.gz to permanent location {{ wp_install_path }}/wordpress - owner: root, group: {{ apache_user }}, mode: '0664', keep_newer: yes"
unarchive:
src: "{{ downloads_dir }}/wordpress.tar.gz" # /opt/iiab/downloads
dest: "{{ wp_install_path }}" # /library
owner: root # 2020-01-17: confirmed that wordpress.tar.gz (otherwise) unpacks as nobody:nogroup, with all files as '0644', and all dirs as '0755'
group: "{{ apache_user }}" # DO WE REALLY STILL WANT THIS FOR NGINX?
mode: '0664' # PHP/Apache/NGINX apparently need g+rw (group write access, not just read) similar to '0775' for directory traversing below
keep_newer: yes
- name: Make {{ wp_abs_path }} directories 775 so PHP/Apache/NGINX can traverse and write (above files remain 664)
command: "/usr/bin/find {{ wp_abs_path }} -type d -exec chmod 775 {} +" # /library/wordpress
# 4 stanzas to install wp-keys.php.BAK, wp-keys.php & wp-config.php into /library/wordpress
- name: Install {{ wp_abs_path }}/wp-keys.php.BAK from template (if file does not already exist) in case download of 8 dynamically-generated salts/keys fails below
copy:
src: wp-keys.php.BAK
dest: "{{ wp_abs_path }}/wp-keys.php.BAK" # /library/wordpress
owner: root
group: "{{ apache_user }}" # DO WE REALLY STILL WANT THIS FOR NGINX?
mode: '0640'
force: no # Preserve site's unique keys, as might have been placed into .BAK during an earlier run, by the script below
- name: Install script /tmp/get-iiab-wp-salts from template
template:
src: get-iiab-wp-salts.j2
dest: /tmp/get-iiab-wp-salts
owner: root
group: root
mode: '0700'
- name: Run /tmp/get-iiab-wp-salts to download 8 random salts/keys, creating a new {{ wp_abs_path }}/wp-keys.php (or if nec, copy from known/prior {{ wp_abs_path }}/wp-keys.php.BAK) # /library/wordpress
command: /tmp/get-iiab-wp-salts
#when: internet_available | bool # Better to run it every time, installing from wp-keys.php.BAK if download fails
# Don't Bother: /tmp file are deleted on reboot!
#- name: Remove script /tmp/get-iiab-wp-salts
# file:
# path: /tmp/get-iiab-wp-salts
# state: absent
- name: Install {{ wp_abs_path }}/wp-config.php # /library/wordpress
template:
src: wp-config.php.j2
dest: "{{ wp_abs_path }}/wp-config.php"
owner: root
group: "{{ apache_user }}" # DO WE REALLY STILL WANT THIS FOR NGINX?
mode: '0660' # Others strongly recommend '0600' (or do PHP/Apache/NGINX really need group read & write permissions?)
- name: Install /etc/{{ apache_conf_dir }}/wordpress.conf from template, for http://box{{ wp_url }} via Apache
template:
src: wordpress.conf.j2
dest: "/etc/{{ apache_conf_dir }}/wordpress.conf"
when: apache_enabled | bool
# RECORD WordPress AS INSTALLED
- name: "Set 'wordpress_installed: True'"
set_fact:
wordpress_installed: True
- name: "Add 'wordpress_installed: True' to {{ iiab_state_file }}"
lineinfile:
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^wordpress_installed'
line: 'wordpress_installed: True'
Reference in a new issue View git blame Copy permalink