lhubert
/
ansible-lemp-wordpress
ответвлено от bh/ansible-lemp-wordpress


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229
							# Run this with:
# ansible-playbook -i <inventory> playbooks/install_php_mysql_debian.yml -bkK --limit debian-xyz -e @vars-debian-xyz.yml
---
- name: Install PHP and MySQL on Debian-based systems
  hosts: debian
  become: yes
  tasks:
    - name: Update apt cache
      ansible.builtin.apt:
        update_cache: yes

    # Remarque : php 8.2 pour Debian Bookworm
    - name: Install PHP
      ansible.builtin.apt:
        name:
          - php8.2
          - php8.2-fpm
          - php8.2-iconv # for WordPress
          - php8.2-mysqli # for WordPress/MySQL
          - php8.2-phar # for wp-cli
          - php8.2-curl # for wp-cli
          - php8.2-gd # WordPress needs this in order to generate thumbnails
        state: present

    - name: Install curl
      ansible.builtin.apt:
        name: curl
        state: present

    - name: Install Nginx
      ansible.builtin.apt:
        name: nginx
        state: present

    - name: Check if WordPress exists in /var/www/wordpress
      stat:
        path: /var/www/wordpress
      register: wordpress_dir

    - name: Check if wp-config.php exists in /var/www/wordpress
      stat:
        path: /var/www/wordpress/wp-config.php
      register: wp_config

    # Only if wordpress_dir.stat.exists is false, download WordPress
    - name: Install WordPress using curl
      command: curl -o /tmp/wordpress.tar.gz https://wordpress.org/latest.tar.gz
      args:
        creates: /tmp/wordpress.tar.gz
      when: wordpress_dir.stat.exists == False

    # Unzip WordPress only if /var/www/wordpress doesn't exist
    - name: Unzip WordPress
      # ansible.builtin.unarchive:
      command: tar -xzf /tmp/wordpress.tar.gz -C /var/www
      when: wordpress_dir.stat.exists == False

    # ------ DEBUT AJOUTS SUGGÉRÉS PAR ChatGPT ------
    - name: Changer le propriétaire et le groupe de /var/www/wordpress
      ansible.builtin.file:
        path: /var/www/wordpress
        owner: www-data
        group: www-data
        recurse: yes
        state: directory

    - name: Définir les permissions des dossiers
      ansible.builtin.find:
        paths: /var/www/wordpress
        recurse: yes
        file_type: directory
      register: wordpress_directories

    - name: Appliquer les permissions 755 aux dossiers
      ansible.builtin.file:
        path: "{{ item.path }}"
        mode: '0755'
      loop: "{{ wordpress_directories.files }}"

    - name: Définir les permissions des fichiers
      ansible.builtin.find:
        paths: /var/www/wordpress
        recurse: yes
        file_type: file
      register: wordpress_files

    - name: Appliquer les permissions 644 aux fichiers
      ansible.builtin.file:
        path: "{{ item.path }}"
        mode: '0644'
      loop: "{{ wordpress_files.files }}"

    - name: Assurer des permissions sécurisées pour wp-config.php
      ansible.builtin.file:
        path: /var/www/wordpress/wp-config.php
        mode: '0440'
        owner: www-data
        group: www-data
      when: wp_config.stat.exists == True
    # ------ FIN AJOUTS SUGGÉRÉS PAR ChatGPT ------

    - name: Install MariaDB Server & Client
      ansible.builtin.apt:
        name:
          - mariadb-server
          - mariadb-client
        state: present

    - name: Start Nginx Service
      ansible.builtin.service:
        name: nginx
        state: started
        enabled: yes # Ensure the MySQL service starts on boot

    - name: Start MariaDB Service
      ansible.builtin.service:
        name: mariadb
        state: started
        enabled: yes # Ensure the MariaDB service starts on boot

    - name: Installer le client MySQL pour Python
      ansible.builtin.apt:
        name: python3-mysqldb
        state: present
        update_cache: yes

    - name: create MySQL database
      mysql_db:
        check_implicit_admin: yes
        login_user: "{{ db_username }}"
        login_password: "{{ db_password }}"
        name: "{{ db_name }}"
        encoding: utf8mb4
        collation: utf8mb4_unicode_ci
        state: present

    - name: create MySQL user
      mysql_user:
        name: "{{ db_username }}"
        password: "{{ db_password }}"
        priv: "{{ db_name }}.*:ALL,GRANT"
        state: present

    - name: Downlownload wp salt config
      command: curl https://api.wordpress.org/secret-key/1.1/salt/
      register: wp_salt
      when: wp_config.stat.exists == False

    # Register wp-salt content as variable
    # - name: Read wp-salt content
    #   ansible.builtin.slurp:
    #     src: /tmp/wp-salt
    #   register: wp_salt

    # Use variables from vars above and from wp_salt
    - name: Create wp-config.php
      ansible.builtin.template:
        src: templates/wp-config-sample.php.j2
        dest: /var/www/wordpress/wp-config.php
        owner: root
        group: root
        mode: 0644
      when: wp_config.stat.exists == False

    # Overwrite default vhost config with our own
    - name: Write WordPress vhost config
      ansible.builtin.template:
        src: templates/nginx-wordpress.conf.j2
        dest: /etc/nginx/sites-available/nginx-wordpress.conf
        owner: root
        group: root
        mode: 0644

    - name: Create symbolic link to enable the vhost
      ansible.builtin.file:
        src: /etc/nginx/sites-available/nginx-wordpress.conf
        dest: /etc/nginx/sites-enabled/nginx-wordpress.conf
        state: link

    # remove `default` symlink from sites-enabled
    - name: Remove default symlink from sites-enabled
      ansible.builtin.file:
        path: /etc/nginx/sites-enabled/default
        state: absent

    - name: Restart PHP-FPM
      ansible.builtin.service:
        name: php8.2-fpm
        state: restarted
        enabled: yes # Ensure the PHP-FPM service starts on boot

    - name: Restart Nginx
      ansible.builtin.service:
        name: nginx
        state: restarted
        enabled: yes # Ensure the PHP-FPM service starts on boot

    # Check if wp-cli exists
    - name: Check if wp-cli exists
      ansible.builtin.stat:
        path: /usr/local/bin/wp
      register: wp_cli

    # Download WordPress CLI
    - name: Download WordPress CLI
      command: curl -o /usr/local/bin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
      args:
        creates: /usr/local/bin/wp
      when: wp_cli.stat.exists == False

    # Make WordPress CLI executable
    - name: Make WordPress CLI executable
      command: chmod +x /usr/local/bin/wp

    # Check if WordPress is installed
    - name: Check if WordPress is installed
      command: sudo -u debian wp core is-installed --path=/var/www/wordpress
      register: wp_installed
      ignore_errors: yes

    # WP core install (cwd: /var/www/wordpress)
    - name: Install WordPress
      command: sudo -u debian wp core install --url={{ site_url }} --title=My\ Blog --admin_user=admin --admin_password=admin --admin_email=benoithubert@gmail.com
      # WP-CLI complains if we run it as root, so we become a regular user
      become: no
      # Shou
      args:
        chdir: /var/www/wordpress
      when: wp_installed.rc != 0