Merge pull request #17 from tgerla/wordpress-nginx
Initial commit of a Wordpress site deployment playbookpull/63/head
commit
e7832eb7da
@ -0,0 +1,28 @@ |
||||
## Wordpress+Nginx+PHP-FPM Deployment |
||||
|
||||
- Requires Ansible 1.2 or newer |
||||
- Expects CentOS/RHEL 6.x hosts |
||||
|
||||
These playbooks deploy a simple all-in-one configuration of the popular |
||||
Wordpress blogging platform and CMS, frontend by the Nginx web server and the |
||||
PHP-FPM process manager. To use, edit the "hosts" inventory file to include the |
||||
names of the servers you want to deploy. |
||||
|
||||
Then run the playbook, like this: |
||||
|
||||
ansible-playbook -i hosts site.yml |
||||
|
||||
The playbooks will configure MySQL, Wordpress, Nginx, and PHP-FPM. When the run |
||||
is complete, you can hit access server to begin the Wordpress configuration. |
||||
|
||||
### Ideas for Improvement |
||||
|
||||
Here are some ideas for ways that these playbooks could be extended: |
||||
|
||||
- Parameterize the Wordpress deployment to handle multi-site configurations. |
||||
- Separate the components (PHP-FPM, MySQL, Nginx) onto separate hosts and |
||||
hande the configuration appropriately. |
||||
- Handle Wordpress upgrades automatically. |
||||
|
||||
We would love to see contributions and improvements, so please fork this |
||||
repository on GitHub and send us your changes via pull requests. |
@ -0,0 +1,15 @@ |
||||
--- |
||||
# Which version of Wordpress to deploy |
||||
wp_version: 3.5.2 |
||||
|
||||
# These are the Wordpress database settings |
||||
wp_db_name: wordpress |
||||
wp_db_user: wordpress |
||||
wp_db_password: secret |
||||
|
||||
# You shouldn't need to change this. |
||||
mysql_port: 3306 |
||||
|
||||
# This is used for the nginx server configuration, but # access to the |
||||
# Wordpress site is not restricted by a # named host. |
||||
server_hostname: www.example.com |
@ -0,0 +1,2 @@ |
||||
[wordpress-server] |
||||
webserver2 |
@ -0,0 +1,29 @@ |
||||
-----BEGIN PGP PUBLIC KEY BLOCK----- |
||||
Version: GnuPG v1.4.5 (GNU/Linux) |
||||
|
||||
mQINBEvSKUIBEADLGnUj24ZVKW7liFN/JA5CgtzlNnKs7sBg7fVbNWryiE3URbn1 |
||||
JXvrdwHtkKyY96/ifZ1Ld3lE2gOF61bGZ2CWwJNee76Sp9Z+isP8RQXbG5jwj/4B |
||||
M9HK7phktqFVJ8VbY2jfTjcfxRvGM8YBwXF8hx0CDZURAjvf1xRSQJ7iAo58qcHn |
||||
XtxOAvQmAbR9z6Q/h/D+Y/PhoIJp1OV4VNHCbCs9M7HUVBpgC53PDcTUQuwcgeY6 |
||||
pQgo9eT1eLNSZVrJ5Bctivl1UcD6P6CIGkkeT2gNhqindRPngUXGXW7Qzoefe+fV |
||||
QqJSm7Tq2q9oqVZ46J964waCRItRySpuW5dxZO34WM6wsw2BP2MlACbH4l3luqtp |
||||
Xo3Bvfnk+HAFH3HcMuwdaulxv7zYKXCfNoSfgrpEfo2Ex4Im/I3WdtwME/Gbnwdq |
||||
3VJzgAxLVFhczDHwNkjmIdPAlNJ9/ixRjip4dgZtW8VcBCrNoL+LhDrIfjvnLdRu |
||||
vBHy9P3sCF7FZycaHlMWP6RiLtHnEMGcbZ8QpQHi2dReU1wyr9QgguGU+jqSXYar |
||||
1yEcsdRGasppNIZ8+Qawbm/a4doT10TEtPArhSoHlwbvqTDYjtfV92lC/2iwgO6g |
||||
YgG9XrO4V8dV39Ffm7oLFfvTbg5mv4Q/E6AWo/gkjmtxkculbyAvjFtYAQARAQAB |
||||
tCFFUEVMICg2KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAjYEEwECACAFAkvS |
||||
KUICGw8GCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRA7Sd8qBgi4lR/GD/wLGPv9 |
||||
qO39eyb9NlrwfKdUEo1tHxKdrhNz+XYrO4yVDTBZRPSuvL2yaoeSIhQOKhNPfEgT |
||||
9mdsbsgcfmoHxmGVcn+lbheWsSvcgrXuz0gLt8TGGKGGROAoLXpuUsb1HNtKEOwP |
||||
Q4z1uQ2nOz5hLRyDOV0I2LwYV8BjGIjBKUMFEUxFTsL7XOZkrAg/WbTH2PW3hrfS |
||||
WtcRA7EYonI3B80d39ffws7SmyKbS5PmZjqOPuTvV2F0tMhKIhncBwoojWZPExft |
||||
HpKhzKVh8fdDO/3P1y1Fk3Cin8UbCO9MWMFNR27fVzCANlEPljsHA+3Ez4F7uboF |
||||
p0OOEov4Yyi4BEbgqZnthTG4ub9nyiupIZ3ckPHr3nVcDUGcL6lQD/nkmNVIeLYP |
||||
x1uHPOSlWfuojAYgzRH6LL7Idg4FHHBA0to7FW8dQXFIOyNiJFAOT2j8P5+tVdq8 |
||||
wB0PDSH8yRpn4HdJ9RYquau4OkjluxOWf0uRaS//SUcCZh+1/KBEOmcvBHYRZA5J |
||||
l/nakCgxGb2paQOzqqpOcHKvlyLuzO5uybMXaipLExTGJXBlXrbbASfXa/yGYSAG |
||||
iVrGz9CE6676dMlm8F+s3XXE13QZrXmjloc6jwOljnfAkjTGXjiB7OULESed96MR |
||||
XtfLk0W5Ab9pd7tKDR6QHI7rgHXfCopRnZ2VVQ== |
||||
=V/6I |
||||
-----END PGP PUBLIC KEY BLOCK----- |
@ -0,0 +1,26 @@ |
||||
[epel] |
||||
name=Extra Packages for Enterprise Linux 6 - $basearch |
||||
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch |
||||
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch |
||||
failovermethod=priority |
||||
enabled=1 |
||||
gpgcheck=1 |
||||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 |
||||
|
||||
[epel-debuginfo] |
||||
name=Extra Packages for Enterprise Linux 6 - $basearch - Debug |
||||
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug |
||||
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch |
||||
failovermethod=priority |
||||
enabled=0 |
||||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 |
||||
gpgcheck=1 |
||||
|
||||
[epel-source] |
||||
name=Extra Packages for Enterprise Linux 6 - $basearch - Source |
||||
#baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS |
||||
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch |
||||
failovermethod=priority |
||||
enabled=0 |
||||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 |
||||
gpgcheck=1 |
@ -0,0 +1,13 @@ |
||||
# {{ ansible_managed }} |
||||
*filter |
||||
:INPUT ACCEPT [0:0] |
||||
:FORWARD ACCEPT [0:0] |
||||
:OUTPUT ACCEPT [37:13960] |
||||
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT |
||||
-A INPUT -p icmp -j ACCEPT |
||||
-A INPUT -i lo -j ACCEPT |
||||
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT |
||||
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT |
||||
-A INPUT -j REJECT --reject-with icmp-host-prohibited |
||||
-A FORWARD -j REJECT --reject-with icmp-host-prohibited |
||||
COMMIT |
@ -0,0 +1,3 @@ |
||||
--- |
||||
- name: restart iptables |
||||
service: name=iptables state=restarted |
@ -0,0 +1,10 @@ |
||||
--- |
||||
- name: Copy the EPEL repository definition |
||||
copy: src=epel.repo dest=/etc/yum.repos.d/epel.repo |
||||
|
||||
- name: Create the GPG key for EPEL |
||||
copy: src=RPM-GPG-KEY-EPEL-6 dest=/etc/pki/rpm-gpg |
||||
|
||||
- name: Set up iptables rules |
||||
copy: src=iptables-save dest=/etc/sysconfig/iptables |
||||
notify: restart iptables |
@ -0,0 +1,3 @@ |
||||
--- |
||||
- name: restart mysql |
||||
service: name=mysqld state=restarted |
@ -0,0 +1,19 @@ |
||||
--- |
||||
- name: Install Mysql package |
||||
yum: name={{ item }} state=present |
||||
with_items: |
||||
- mysql-server |
||||
- MySQL-python |
||||
- libselinux-python |
||||
- libsemanage-python |
||||
|
||||
- name: Configure SELinux to start mysql on any port |
||||
seboolean: name=mysql_connect_any state=true persistent=yes |
||||
|
||||
- name: Create Mysql configuration file |
||||
template: src=my.cnf.j2 dest=/etc/my.cnf |
||||
notify: |
||||
- restart mysql |
||||
|
||||
- name: Start Mysql Service |
||||
service: name=mysqld state=started enabled=true |
@ -0,0 +1,11 @@ |
||||
[mysqld] |
||||
datadir=/var/lib/mysql |
||||
socket=/var/lib/mysql/mysql.sock |
||||
user=mysql |
||||
# Disabling symbolic-links is recommended to prevent assorted security risks |
||||
symbolic-links=0 |
||||
port={{ mysql_port }} |
||||
|
||||
[mysqld_safe] |
||||
log-error=/var/log/mysqld.log |
||||
pid-file=/var/run/mysqld/mysqld.pid |
@ -0,0 +1,3 @@ |
||||
--- |
||||
- name: restart nginx |
||||
service: name=nginx state=restarted |
@ -0,0 +1,7 @@ |
||||
--- |
||||
- name: Install nginx |
||||
yum: name=nginx state=present |
||||
|
||||
- name: Copy nginx configuration for wordpress |
||||
template: src=default.conf dest=/etc/nginx/conf.d/default.conf |
||||
notify: restart nginx |
@ -0,0 +1,31 @@ |
||||
server { |
||||
listen 80 default_server; |
||||
server_name {{ server_hostname }}; |
||||
root /srv/wordpress/ ; |
||||
|
||||
client_max_body_size 64M; |
||||
|
||||
# Deny access to any files with a .php extension in the uploads directory |
||||
location ~* /(?:uploads|files)/.*\.php$ { |
||||
deny all; |
||||
} |
||||
|
||||
location / { |
||||
index index.php index.html index.htm; |
||||
try_files $uri $uri/ /index.php?$args; |
||||
} |
||||
|
||||
location ~* \.(gif|jpg|jpeg|png|css|js)$ { |
||||
expires max; |
||||
} |
||||
|
||||
location ~ \.php$ { |
||||
try_files $uri =404; |
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$; |
||||
fastcgi_index index.php; |
||||
fastcgi_pass unix:/var/run/php-fpm/wordpress.sock; |
||||
fastcgi_param SCRIPT_FILENAME |
||||
$document_root$fastcgi_script_name; |
||||
include fastcgi_params; |
||||
} |
||||
} |
@ -0,0 +1,3 @@ |
||||
--- |
||||
- name: restart php-fpm |
||||
service: name=php-fpm state=restarted |
@ -0,0 +1,22 @@ |
||||
--- |
||||
- name: Install php-fpm and deps |
||||
yum: name={{ item }} state=present |
||||
with_items: |
||||
- php |
||||
- php-fpm |
||||
- php-enchant |
||||
- php-IDNA_Convert |
||||
- php-mbstring |
||||
- php-mysql |
||||
- php-PHPMailer |
||||
- php-process |
||||
- php-simplepie |
||||
- php-xml |
||||
|
||||
- name: Disable default pool |
||||
command: mv /etc/php-fpm.d/www.conf /etc/php-fpm.d/www.disabled creates=/etc/php-fpm.d/www.disabled |
||||
notify: restart php-fpm |
||||
|
||||
- name: Copy php-fpm configuration |
||||
template: src=wordpress.conf dest=/etc/php-fpm.d/ |
||||
notify: restart php-fpm |
@ -0,0 +1,15 @@ |
||||
[wordpress] |
||||
listen = /var/run/php-fpm/wordpress.sock |
||||
listen.owner = nginx |
||||
listen.group = nginx |
||||
listen.mode = 0660 |
||||
user = wordpress |
||||
group = wordpress |
||||
pm = dynamic |
||||
pm.max_children = 10 |
||||
pm.start_servers = 1 |
||||
pm.min_spare_servers = 1 |
||||
pm.max_spare_servers = 3 |
||||
pm.max_requests = 500 |
||||
chdir = /srv/wordpress/ |
||||
php_admin_value[open_basedir] = /srv/wordpress/:/tmp |
@ -0,0 +1,28 @@ |
||||
--- |
||||
- name: Download Wordpress |
||||
get_url: url=http://wordpress.org/wordpress-{{ wp_version }}.tar.gz dest=/srv/wordpress-{{ wp_version }}.tar.gz |
||||
|
||||
- name: Extract archive |
||||
command: chdir=/srv/ /bin/tar xvf wordpress-{{ wp_version }}.tar.gz creates=/srv/wordpress |
||||
|
||||
- name: Add group "wordpress" |
||||
group: name=wordpress |
||||
|
||||
- name: Add user "wordpress" |
||||
user: name=wordpress group=wordpress home=/srv/wordpress/ |
||||
|
||||
- name: Change ownership of Wordpress installation |
||||
file: path=/srv/wordpress/ owner=wordpress group=wordpress state=directory recurse=yes |
||||
|
||||
- name: Fetch random salts for Wordpress config |
||||
local_action: command curl https://api.wordpress.org/secret-key/1.1/salt/ |
||||
register: wp_salt |
||||
|
||||
- name: Create Wordpress database |
||||
mysql_db: name={{ wp_db_name }} state=present |
||||
|
||||
- name: Create Wordpress database user |
||||
mysql_user: name={{ wp_db_user }} password={{ wp_db_password }} priv={{ wp_db_name }}.*:ALL host='localhost' state=present |
||||
|
||||
- name: Copy Wordpress config file |
||||
template: src=wp-config.php dest=/srv/wordpress/ |
@ -0,0 +1,84 @@ |
||||
<?php |
||||
/** |
||||
* The base configurations of the WordPress. |
||||
* |
||||
* This file has the following configurations: MySQL settings, Table Prefix, |
||||
* Secret Keys, WordPress Language, and ABSPATH. You can find more information |
||||
* by visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing |
||||
* wp-config.php} Codex page. You can get the MySQL settings from your web host. |
||||
* |
||||
* This file is used by the wp-config.php creation script during the |
||||
* installation. You don't have to use the web site, you can just copy this file |
||||
* to "wp-config.php" and fill in the values. |
||||
* |
||||
* @package WordPress |
||||
*/ |
||||
|
||||
// ** MySQL settings - You can get this info from your web host ** // |
||||
/** The name of the database for WordPress */ |
||||
define('DB_NAME', '{{ wp_db_name }}'); |
||||
|
||||
/** MySQL database username */ |
||||
define('DB_USER', '{{ wp_db_user }}'); |
||||
|
||||
/** MySQL database password */ |
||||
define('DB_PASSWORD', '{{ wp_db_password }}'); |
||||
|
||||
/** MySQL hostname */ |
||||
define('DB_HOST', 'localhost'); |
||||
|
||||
/** Database Charset to use in creating database tables. */ |
||||
define('DB_CHARSET', 'utf8'); |
||||
|
||||
/** The Database Collate type. Don't change this if in doubt. */ |
||||
define('DB_COLLATE', ''); |
||||
|
||||
/**#@+ |
||||
* Authentication Unique Keys and Salts. |
||||
* |
||||
* Change these to different unique phrases! |
||||
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service} |
||||
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again. |
||||
* |
||||
* @since 2.6.0 |
||||
*/ |
||||
|
||||
{{ wp_salt.stdout }} |
||||
|
||||
/**#@-*/ |
||||
|
||||
/** |
||||
* WordPress Database Table prefix. |
||||
* |
||||
* You can have multiple installations in one database if you give each a unique |
||||
* prefix. Only numbers, letters, and underscores please! |
||||
*/ |
||||
$table_prefix = 'wp_'; |
||||
|
||||
/** |
||||
* WordPress Localized Language, defaults to English. |
||||
* |
||||
* Change this to localize WordPress. A corresponding MO file for the chosen |
||||
* language must be installed to wp-content/languages. For example, install |
||||
* de_DE.mo to wp-content/languages and set WPLANG to 'de_DE' to enable German |
||||
* language support. |
||||
*/ |
||||
define('WPLANG', ''); |
||||
|
||||
/** |
||||
* For developers: WordPress debugging mode. |
||||
* |
||||
* Change this to true to enable the display of notices during development. |
||||
* It is strongly recommended that plugin and theme developers use WP_DEBUG |
||||
* in their development environments. |
||||
*/ |
||||
define('WP_DEBUG', false); |
||||
|
||||
/* That's all, stop editing! Happy blogging. */ |
||||
|
||||
/** Absolute path to the WordPress directory. */ |
||||
if ( !defined('ABSPATH') ) |
||||
define('ABSPATH', dirname(__FILE__) . '/'); |
||||
|
||||
/** Sets up WordPress vars and included files. */ |
||||
require_once(ABSPATH . 'wp-settings.php'); |
@ -0,0 +1,11 @@ |
||||
--- |
||||
- name: Install Wordpress, MySQL, Nginx, and PHP-FPM |
||||
hosts: wordpress-server |
||||
user: root |
||||
|
||||
roles: |
||||
- common |
||||
- mysql |
||||
- nginx |
||||
- php-fpm |
||||
- wordpress |
Reference in new issue