Refacto playbook avec des roles

lemp-wordpress-with-roles/roles/common/tasks/main.yml

@@ -0,0 +1,10 @@
+---
+- name: Mettre à jour le cache apt
+  ansible.builtin.apt:
+    update_cache: yes
+
+# Installer curl - pour télécharger WordPress et wp-cli
+- name: Installer curl
+  ansible.builtin.apt:
+    name: curl
+    state: present

lemp-wordpress-with-roles/roles/mysql/tasks/main.yml

@@ -0,0 +1,36 @@
+---
+- name: Install MariaDB Server & Client
+  ansible.builtin.apt:
+    name:
+      - mariadb-server
+      - mariadb-client
+    state: present
+
+- name: Start MariaDB Service
+  ansible.builtin.service:
+    name: mariadb
+    state: started
+    enabled: yes # Ensure the MariaDB service starts on boot
+
+- name: Installer le client MySQL pour Python
+  ansible.builtin.apt:
+    name: python3-mysqldb
+    state: present
+    update_cache: yes
+
+- name: create MySQL database
+  mysql_db:
+    check_implicit_admin: yes
+    login_user: "{{ db_username }}"
+    login_password: "{{ db_password }}"
+    name: "{{ db_name }}"
+    encoding: utf8mb4
+    collation: utf8mb4_unicode_ci
+    state: present
+
+- name: create MySQL user
+  mysql_user:
+    name: "{{ db_username }}"
+    password: "{{ db_password }}"
+    priv: "{{ db_name }}.*:ALL,GRANT"
+    state: present

lemp-wordpress-with-roles/roles/nginx/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: restart nginx
+  ansible.builtin.service:
+    name: nginx
+    state: restarted
+    enabled: yes # S'assurer que le service PHP-FPM démarre au boot

lemp-wordpress-with-roles/roles/nginx/tasks/main.yml

@@ -0,0 +1,32 @@
+---
+- name: Installer Nginx
+  ansible.builtin.apt:
+    name: nginx
+    state: present
+
+- name: Démarrer le service Nginx
+  ansible.builtin.service:
+    name: nginx
+    state: started
+    enabled: yes # S'assurer que le service MySQL démarre au boot
+
+- name: Créer la config Nginx pour PHP + WordPress
+  ansible.builtin.template:
+    src: templates/nginx-wordpress.conf.j2
+    dest: /etc/nginx/sites-available/nginx-wordpress.conf
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Supprimer le lien symbolique `default` de sites-enabled
+  ansible.builtin.file:
+    path: /etc/nginx/sites-enabled/default
+    state: absent
+
+- name: Créer un lien symbolique de sites-available/nginx-wordpress.conf vers sites-enabled
+  ansible.builtin.file:
+    src: /etc/nginx/sites-available/nginx-wordpress.conf
+    dest: /etc/nginx/sites-enabled/nginx-wordpress.conf
+    state: link
+  notify: restart nginx 
+

lemp-wordpress-with-roles/roles/nginx/templates/nginx-wordpress.conf.j2

@@ -0,0 +1,22 @@
+# Vhost for nginx - WordPress on PHP 8.1 in Alpine
+
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+    root /var/www/wordpress;
+    index index.php;
+
+    location / {
+        try_files $uri $uri/ /index.php?$args;
+    }
+
+    location ~ \.php$ {
+        include fastcgi_params;
+        # this works for alpine
+        # fastcgi_pass 127.0.0.1:9000;
+        # this works for debian
+        fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    }
+}

lemp-wordpress-with-roles/roles/php/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: restart php-fpm
+  ansible.builtin.service:
+    name: php8.2-fpm
+    state: restarted
+    enabled: yes

lemp-wordpress-with-roles/roles/php/tasks/main.yml

@@ -0,0 +1,24 @@
+---
+# Remarque : php 8.2 pour Debian Bookworm
+- name: Installer PHP et extensions pour WordPress
+  ansible.builtin.apt:
+    name:
+      - php8.2
+      - php8.2-fpm
+      - php8.2-phar # for wp-cli
+      - php8.2-curl # for wp-cli
+      - php8.2-mysqli # for WordPress/MySQL
+      - php8.2-iconv # for WordPress
+      - php8.2-gd # for WordPress
+      - php8.2-imagick
+      - php8.2-intl
+      - php8.2-mbstring
+      - php8.2-zip
+      - php8.2-dom
+    state: present
+
+- name: Mettre en place une configuration PHP personnalisée
+  ansible.builtin.template:
+    src: php.ini.j2
+    dest: /etc/php/8.2/fpm/php.ini
+  notify: restart php-fpm

lemp-wordpress/roles/php/templates/php.ini.j2

@@ -406,7 +406,7 @@ expose_php = Off
 ; Maximum execution time of each script, in seconds
 ; https://php.net/max-execution-time
 ; Note: This directive is hardcoded to 0 for the CLI SAPI
-max_execution_time = 30
+max_execution_time = 300
 
 ; Maximum amount of time each script may spend parsing request data. It's a good
 ; idea to limit this time on productions servers in order to eliminate unexpectedly
@@ -700,7 +700,7 @@ auto_globals_jit = On
 ; Its value may be 0 to disable the limit. It is ignored if POST data reading
 ; is disabled through enable_post_data_reading.
 ; https://php.net/post-max-size
-post_max_size = 8M
+post_max_size = 64M
 
 ; Automatically add files before PHP document.
 ; https://php.net/auto-prepend-file
@@ -852,7 +852,7 @@ file_uploads = On
 
 ; Maximum allowed size for uploaded files.
 ; https://php.net/upload-max-filesize
-upload_max_filesize = 2M
+upload_max_filesize = 64M
 
 ; Maximum number of files that can be uploaded via a single request
 max_file_uploads = 20
@@ -976,7 +976,7 @@ cli_server.color = On
 [Date]
 ; Defines the default timezone used by the date functions
 ; https://php.net/date.timezone
-;date.timezone =
+date.timezone = Europe/Paris
 
 ; https://php.net/date.default-latitude
 ;date.default_latitude = 31.7667

lemp-wordpress-with-roles/roles/wordpress/tasks/main.yml

@@ -0,0 +1,77 @@
+---
+- name: Vérifier si WordPress existe sous /var/www/wordpress
+  stat:
+    path: /var/www/wordpress
+  register: wordpress_dir
+
+# Si /var/www/wordpress n'existe pas, alors télécharger WordPress
+- name: Télécharger l'archive WordPress en utilisant curl
+  command: curl -o /tmp/wordpress.tar.gz https://wordpress.org/latest.tar.gz
+  args:
+    creates: /tmp/wordpress.tar.gz
+  when: wordpress_dir.stat.exists == False
+
+# Si /var/www/wordpress n'existe pas, alors décompresser WordPress
+- name: Décompacter l'archive WordPress
+  ansible.builtin.unarchive:
+    src: /tmp/wordpress.tar.gz
+    dest: /var/www
+    remote_src: yes
+    owner: www-data
+    group: www-data
+  when: wordpress_dir.stat.exists == False
+
+# Vérifier si /var/www/wordpress/wp-config.php existe
+- name: Vérifier si wp-config.php existe sous /var/www/wordpress
+  stat:
+    path: /var/www/wordpress/wp-config.php
+  register: wp_config
+
+# Télécharger des clés secrètes WordPress
+- name: Télécharger config wp salt
+  command: curl https://api.wordpress.org/secret-key/1.1/salt/
+  register: wp_salt
+  when: wp_config.stat.exists == False
+
+# Créer wp-config.php s'il n'existe pas
+- name: Create wp-config.php
+  ansible.builtin.template:
+    src: templates/wp-config-sample.php.j2
+    dest: /var/www/wordpress/wp-config.php
+    owner: www-data
+    group: www-data
+    mode: "0440"
+  when: wp_config.stat.exists == False
+
+# Vérifier si WordPress CLI existe
+- name: Vérifier si wp-cli existe
+  ansible.builtin.stat:
+    path: /usr/local/bin/wp
+  register: wp_cli
+
+# Télécharger WordPress CLI
+- name: Télécharger wp-cli
+  command: curl -o /usr/local/bin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
+  args:
+    creates: /usr/local/bin/wp
+  when: wp_cli.stat.exists == False
+
+# Rendre WordPress CLI exécutable
+- name: Rendre WordPress CLI exécutable
+  command: chmod +x /usr/local/bin/wp
+
+# Vérifier si WordPress est installé (tables de la base de données initialisées)
+- name: Vérifier si WordPress est installé
+  command: sudo -u www-data wp core is-installed --path=/var/www/wordpress
+  register: wp_installed
+  ignore_errors: yes
+
+# Installer Wordpress avec wp core install (cwd: /var/www/wordpress)
+- name: Installer WordPress
+  command: sudo -u www-data wp core install --url={{ site_url }} --title=My\ Blog --admin_user=admin --admin_password=admin --admin_email=benoithubert@gmail.com
+  # WP-CLI complains if we run it as root, so we become a regular user
+  become: no
+  # Shou
+  args:
+    chdir: /var/www/wordpress
+  when: wp_installed.rc != 0

lemp-wordpress-with-roles/roles/wordpress/templates/wp-config-sample.php.j2

@@ -0,0 +1,89 @@
+<?php
+/**
+ * The base configuration for WordPress
+ *
+ * The wp-config.php creation script uses this file during the installation.
+ * You don't have to use the web site, you can copy this file to "wp-config.php"
+ * and fill in the values.
+ *
+ * This file contains the following configurations:
+ *
+ * * Database settings
+ * * Secret keys
+ * * Database table prefix
+ * * ABSPATH
+ *
+ * @link https://wordpress.org/documentation/article/editing-wp-config-php/
+ *
+ * @package WordPress
+ */
+
+// ** Database settings - You can get this info from your web host ** //
+/** The name of the database for WordPress */
+define( 'DB_NAME', '{{ db_name }}' );
+
+/** Database username */
+define( 'DB_USER', '{{ db_username }}' );
+
+/** Database password */
+define( 'DB_PASSWORD', '{{ db_password }}' );
+
+/** Database hostname */
+define( 'DB_HOST', 'localhost' );
+
+/** Database charset to use in creating database tables. */
+define( 'DB_CHARSET', 'utf8mb4' );
+
+/** The database collate type. Don't change this if in doubt. */
+define( 'DB_COLLATE', 'utf8mb4_unicode_ci' );
+
+/**#@+
+ * Authentication unique keys and salts.
+ *
+ * Change these to different unique phrases! You can generate these using
+ * the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}.
+ *
+ * You can change these at any point in time to invalidate all existing cookies.
+ * This will force all users to have to log in again.
+ *
+ * @since 2.6.0
+ */
+{{ wp_salt.stdout }}
+
+/**#@-*/
+
+/**
+ * WordPress database table prefix.
+ *
+ * You can have multiple installations in one database if you give each
+ * a unique prefix. Only numbers, letters, and underscores please!
+ */
+$table_prefix = 'wp_';
+
+/**
+ * For developers: WordPress debugging mode.
+ *
+ * Change this to true to enable the display of notices during development.
+ * It is strongly recommended that plugin and theme developers use WP_DEBUG
+ * in their development environments.
+ *
+ * For information on other constants that can be used for debugging,
+ * visit the documentation.
+ *
+ * @link https://wordpress.org/documentation/article/debugging-in-wordpress/
+ */
+define( 'WP_DEBUG', false );
+
+/* Add any custom values between this line and the "stop editing" line. */
+
+
+
+/* That's all, stop editing! Happy publishing. */
+
+/** Absolute path to the WordPress directory. */
+if ( ! defined( 'ABSPATH' ) ) {
+	define( 'ABSPATH', __DIR__ . '/' );
+}
+
+/** Sets up WordPress vars and included files. */
+require_once ABSPATH . 'wp-settings.php';

lemp-wordpress-with-roles/site.yml

@@ -0,0 +1,11 @@
+---
+- name: Déployer la stack LEMP + WordPress sur Debian 12
+  hosts: all
+  become: yes
+
+  roles:
+    - common
+    - nginx
+    - php
+    - mysql
+    - wordpress

lemp-wordpress-with-roles/vars-debian-113.yml

@@ -0,0 +1,4 @@
+db_username: wordpress
+db_password: wordpress
+db_name: wordpress
+site_url: debian-113

lemp-wordpress/README.md

@@ -38,4 +38,22 @@ ansible-playbook -i chemin/vers/inventory.ini playbooks/install_php_mysql_debian
 
 ```
 ansible-playbook -i chemin/vers/inventory.ini playbooks/uninstall_php_mysql_debian.yml -bkK --limit debian-112 -e @vars-debian-112.yml
-```
+```
+
+## Désinstaller manuellement
+
+```sh
+# remove MariaDB databases
+sudo mysql -uroot -e "drop database wordpress;"
+
+# remove packages
+sudo apt remove -y curl
+sudo apt remove -y mariadb-server mariadb-client
+sudo apt remove -y php8.2 php8.2-fpm php8.2-phar php8.2-curl php8.2-mysqli php8.2-iconv php8.2-gd php8.2-imagick php8.2-intl php8.2-mbstring php8.2-zip php8.2-dom
+sudo apt remove -y nginx
+sudo apt autoremove
+
+# remove wordpress and wp-cli
+sudo rm -rf /var/www/wordpress
+sudo rm /usr/local/bin/wp
+```