-
Notifications
You must be signed in to change notification settings - Fork 76
/
install.yml
177 lines (145 loc) · 9.1 KB
/
install.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
# "Emergency" reinstalls (from /opt/iiab/downloads/wordpress.tar.gz
# to /library/wordpress) should also work offline...
#
# ONLINE OR OFFLINE, IF YOU NEED A CLEAN REINSTALL OF WORDPRESS DURING YOUR
# NEXT RUN OF "./runrole wordpress" OR "./iiab-install" PLEASE FIRST DO:
#
# - "mv /library/wordpress /library/wordpress.old"
# - back up WordPress's database then drop it
#
# REASON: "keep_newer: yes" below tries to preserve WordPress's self-upgrades
# and security enhancements using timestamps under /library/wordpress, as these
# can arise without warning when WordPress is online, since WordPress ~4.8
- name: "Set 'mysql_install: True' and 'mysql_enabled: True'"
set_fact:
mysql_install: True
mysql_enabled: True
- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB)
include_role:
name: mysql
- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined'
fail:
msg: "WordPress install cannot proceed, as MySQL / MariaDB is not installed."
when: mysql_installed is undefined
- name: Record (initial) disk space used
shell: df -B1 --output=used / | tail -1
register: df1
- name: Provision MySQL DB
include_tasks: setup.yml
# 2021-06-29: PHP modules, covering "RECOMMENDED" and "OPTIONAL" sections here:
# https://make.wordpress.org/hosting/handbook/server-environment/
- name: Install libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify)
package:
name:
- libsodium23 # Likewise installed in nginx/tasks/install.yml via php{{ php_version }}-fpm AND httpd/tasks/install.yml via libapache2-mod-php{{ php_version }} AND moodle/tasks/install.yml -- it can ALSO be auto-installed by phpX.Y-cgi OR phpX.Y-cli as confirmed by 'apt rdepends libsodium23' -- VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"'
- php{{ php_version }}-bcmath # OPTIONAL: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
#- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
- php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
- php-imagick # BUT drags in Apache's libapache2-mod-phpX.Y etc, as confirmed by 'apt depends php-imagick' -- while php{{ php_version }}-imagick installs (despite not being shown within 'apt list "php*imagick"') it's no better -- and 'apt depends phpX.Y-imagick' mysteriously does NOT show its deps. Likewise installed in nextcloud/tasks/install.yml
- php{{ php_version }}-intl # OPTIONAL: Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml
#- php{{ php_version }}-json # See stanza just below
- php{{ php_version }}-mbstring # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
- php{{ php_version }}-mysql # Likewise installed in mysql/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
- php{{ php_version }}-xml # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter}
- php{{ php_version }}-zip # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
state: present
# For PHP >= 8.0: phpX.Y-json is baked into PHP itself.
# For PHP < 8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json
#
#- name: Install php{{ php_version }}-json if PHP < 8.0
# package:
# name: php{{ php_version }}-json
# state: present
# when: php_version is version('8.0', '<')
- name: "Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: False' by default"
include_tasks: roles/www_options/tasks/php-settings.yml
when: php_settings_done is undefined
- name: Delete {{ downloads_dir }}/wordpress.tar.gz if it exists
file:
path: "{{ downloads_dir }}/wordpress.tar.gz"
state: absent
- name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }}/wordpress.tar.gz
command: wget {{ wordpress_download_base_url }}/{{ wordpress_src }} -O {{ downloads_dir }}/wordpress.tar.gz
# 2022-05-04: Ansible approach below (get_url) fails with HTTP Error 429
# (Too Many Requests) b/c Ansible's User-Agent string? Affecting 1 user in
# England and another user in Scotland, but not affecting many other
# countries/ISP's apparently? WordPress must have recently changed their
# hosting arrangements for https://wordpress.org/latest.tar.gz
# get_url:
# url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}"
# dest: "{{ downloads_dir }}"
# timeout: "{{ download_timeout }}"
# register: wp_download_output
# - name: Symlink {{ downloads_dir }}/wordpress.tar.gz -> {{ wp_download_output.dest }}
# file:
# src: "{{ wp_download_output.dest }}"
# path: "{{ downloads_dir }}/wordpress.tar.gz" # /opt/iiab/downloads
# state: link
# when: wp_download_output.dest is defined
- name: Does {{ downloads_dir }}/wordpress.tar.gz exist?
stat:
path: "{{ downloads_dir }}/wordpress.tar.gz" # /opt/iiab/downloads
register: wp_tar_gz
- name: FAIL (force Ansible to exit) IF {{ downloads_dir }}/wordpress.tar.gz doesn't exist
fail:
msg: "{{ downloads_dir }}/wordpress.tar.gz is REQUIRED in order to install WordPress."
when: not wp_tar_gz.stat.exists
- name: "Unpack {{ downloads_dir }}/wordpress.tar.gz to permanent location {{ wp_install_path }}/wordpress - owner: root, group: {{ apache_user }}, mode: '0664', keep_newer: yes"
unarchive:
src: "{{ downloads_dir }}/wordpress.tar.gz" # /opt/iiab/downloads
dest: "{{ wp_install_path }}" # /library
owner: root # 2020-01-17: confirmed that wordpress.tar.gz (otherwise) unpacks as nobody:nogroup, with all files as '0644', and all dirs as '0755'
group: "{{ apache_user }}" # DO WE REALLY STILL WANT THIS FOR NGINX?
mode: '0664' # PHP/Apache/NGINX apparently need g+rw (group write access, not just read) similar to '0775' for directory traversing below
keep_newer: yes
- name: Make {{ wp_abs_path }} directories 775 so PHP/Apache/NGINX can traverse and write (above files remain 664)
command: "/usr/bin/find {{ wp_abs_path }} -type d -exec chmod 775 {} +" # /library/wordpress
# 4 stanzas to install wp-keys.php.BAK, wp-keys.php & wp-config.php into /library/wordpress
- name: Install {{ wp_abs_path }}/wp-keys.php.BAK from template (if file does not already exist) in case download of 8 dynamically-generated salts/keys fails below
copy:
src: wp-keys.php.BAK
dest: "{{ wp_abs_path }}/wp-keys.php.BAK" # /library/wordpress
owner: root
group: "{{ apache_user }}" # DO WE REALLY STILL WANT THIS FOR NGINX?
mode: '0640'
force: no # Preserve site's unique keys, as might have been placed into .BAK during an earlier run, by the script below
- name: Install script /tmp/get-iiab-wp-salts from template
template:
src: get-iiab-wp-salts.j2
dest: /tmp/get-iiab-wp-salts
owner: root
group: root
mode: '0700'
- name: Run /tmp/get-iiab-wp-salts to download 8 random salts/keys, creating a new {{ wp_abs_path }}/wp-keys.php (or if nec, copy from known/prior {{ wp_abs_path }}/wp-keys.php.BAK) # /library/wordpress
command: /tmp/get-iiab-wp-salts
#when: internet_available # Better to run it every time, installing from wp-keys.php.BAK if download fails
# Don't Bother: /tmp file are deleted on reboot!
#- name: Remove script /tmp/get-iiab-wp-salts
# file:
# path: /tmp/get-iiab-wp-salts
# state: absent
- name: Install {{ wp_abs_path }}/wp-config.php # /library/wordpress
template:
src: wp-config.php.j2
dest: "{{ wp_abs_path }}/wp-config.php"
owner: root
group: "{{ apache_user }}" # DO WE REALLY STILL WANT THIS FOR NGINX?
mode: '0660' # Others strongly recommend '0600' (or do PHP/Apache/NGINX really need group read & write permissions?)
# RECORD WordPress AS INSTALLED
- name: Record (final) disk space used
shell: df -B1 --output=used / | tail -1
register: df2
- name: Add 'wordpress_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: wordpress
option: wordpress_disk_usage
value: "{{ df2.stdout|int - df1.stdout|int }}"
- name: "Set 'wordpress_installed: True'"
set_fact:
wordpress_installed: True
- name: "Add 'wordpress_installed: True' to {{ iiab_state_file }}"
lineinfile:
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^wordpress_installed'
line: 'wordpress_installed: True'