onjen/hetzner-ha-wordpress
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add ansible roles and playbook to setup LEMP stack

Browse Source 
Ansible roles added:
 * nginx
 * php
 * mysql
 * wordpress

Additionally adds a Vagrantfile to setup two machines using the new
playbook for testing.
This commit is contained in:
Johannes Rothe 2023-08-17 20:53:23 +02:00
parent d860eccc4d
commit 649e48930e
Signed by: onjen
GPG Key ID: 73F092605AF3286C
15 changed files with 422 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -36,4 +36,7 @@ terraform.rc
# ---> Ansible # ---> Ansible
*.retry *.retry
vault_pass
# ---> vagrant
.vagrant

22
Vagrantfile vendored Normal file
View File

@ -0,0 +1,22 @@
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.box = "ubuntu/jammy64"
config.vm.define "web1" do |master|
master.vm.hostname = "web1"
master.vm.network "forwarded_port", guest: 80, host: 8080
master.vm.network "private_network", ip: "192.168.56.2"
end
config.vm.define "web2" do |master|
master.vm.hostname = "web2"
master.vm.network "forwarded_port", guest: 80, host: 8081
master.vm.network "private_network", ip: "192.168.56.3"
end
config.vm.provider "virtualbox" do |v|
v.memory = 1024
v.cpus = 2
end
config.vm.provision "ansible" do |ansible|
ansible.playbook = "ansible/playbook.yaml"
ansible.vault_password_file = "vault_pass"
end
end

19
ansible/playbook.yaml Normal file
View File

@ -0,0 +1,19 @@
---
- name: Setup LEMP stack
hosts: all
vars_files:
- vault.yaml
vars:
server_name: wordpress-jr.senecops.com
wordpress:
dir: /var/www/html/wordpress
db_name: wordpress
db_user: wp
db_pass: 12345678
php:
version: 8.1
roles:
- nginx
- mysql
- php
- wordpress

7
ansible/roles/mysql/handlers/main.yaml Normal file
View File

@ -0,0 +1,7 @@
---
- name: restart mysql
ansible.builtin.service:
name: mysql
state: restarted
enabled: true
become: true

46
ansible/roles/mysql/tasks/main.yaml Normal file
View File

@ -0,0 +1,46 @@
---
- name: Install relevant packages
ansible.builtin.apt:
update_cache: true
cache_valid_time: 3600
name:
- mariadb-client
- mariadb-server
- python3-pymysql
state: present
become: true
- name: Set new root user password
community.mysql.mysql_user:
name: root
password: "{{ mysql_root_password }}"
check_implicit_admin: true
login_unix_socket: /var/run/mysqld/mysqld.sock
become: true
- name: Create wordpress user with password, grant wordpress permissions
community.mysql.mysql_user:
state: present
name: "{{ wordpress.db_user }}"
login_user: root
login_password: "{{ mysql_root_password }}"
password: "{{ wordpress.db_pass }}"
priv:
"wordpress.*": "ALL,GRANT"
login_unix_socket: /var/run/mysqld/mysqld.sock
become: true
- name: Store the config for task indempotency as written in the mysql collection docs
ansible.builtin.template:
src: "my.cnf.j2"
dest: "/root/.my.cnf"
mode: "0400"
become: true
notify: restart mysql
- name: Setup database for wordpress
community.mysql.mysql_db:
name: "{{ wordpress.db_name }}"
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
become: true

3
ansible/roles/mysql/templates/my.cnf.j2 Normal file
View File

@ -0,0 +1,3 @@
[client]
user=root
password={{ mysql_root_password }}

7
ansible/roles/nginx/handlers/main.yaml Normal file
View File

@ -0,0 +1,7 @@
---
- name: restart nginx
ansible.builtin.service:
name: nginx
state: restarted
enabled: true
become: true

21
ansible/roles/nginx/tasks/main.yaml Normal file
View File

@ -0,0 +1,21 @@
---
- name: Install packages
ansible.builtin.apt:
update_cache: true
cache_valid_time: 3600
name:
- nginx
become: true
- name: Remove default nginx config
ansible.builtin.file:
path: "/etc/nginx/sites-enabled/default"
state: absent
become: true
- name: Copy wordpress nginx config
ansible.builtin.template:
src: "wordpress.conf.j2"
dest: "/etc/nginx/sites-enabled/wordpress.conf"
notify: restart nginx
become: true

36
ansible/roles/nginx/templates/wordpress.conf.j2 Normal file
View File

@ -0,0 +1,36 @@
server {
listen 80 default_server;
server_name {{ server_name }};
root {{ wordpress.dir }};
index index.php;
# Deny access to any files with a .php extension in the uploads directory
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php/wordpress.sock;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
include fastcgi_params;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
}

5
ansible/roles/php/handlers/main.yaml Normal file
View File

@ -0,0 +1,5 @@
---
- name: restart php-fpm
service:
name: php{{ php.version }}-fpm
state: restarted

40
ansible/roles/php/tasks/main.yaml Normal file
View File

@ -0,0 +1,40 @@
---
- name: Install relevant packages
ansible.builtin.apt:
cache_valid_time: 3600
update_cache: true
name:
- php{{ php.version }}-cli
- php{{ php.version }}-fpm
- php{{ php.version }}-mysql
- php{{ php.version }}-opcache
- php{{ php.version }}-mbstring
- php{{ php.version }}-xml
- php{{ php.version }}-gd
- php{{ php.version }}-curl
- php-json
state: present
become: true
- name: Disable default pool
ansible.builtin.command: mv /etc/php/{{ php.version }}/fpm/pool.d/www.conf /etc/php/{{ php.version }}/fpm/pool.d/www.conf.disabled
args:
creates: /etc/php/{{ php.version }}/fpm/pool.d/www.conf.disabled
notify: restart php-fpm
become: true
- name: Create socket
ansible.builtin.file:
path: /var/run/php/wordpress.sock
state: touch
owner: www-data
group: www-data
notify: restart php-fpm
become: true
- name: Copy php-fpm configuration
ansible.builtin.template:
src: wordpress.conf.j2
dest: "/etc/php/{{ php.version }}/fpm/pool.d/wordpress.conf"
notify: restart php-fpm
become: true

15
ansible/roles/php/templates/wordpress.conf.j2 Normal file
View File

@ -0,0 +1,15 @@
[wordpress]
listen = /var/run/php/wordpress.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
user = wordpress
group = wordpress
pm = dynamic
pm.max_children = 10
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.max_requests = 500
chdir = {{ wordpress.dir }}
php_admin_value[open_basedir] = {{ wordpress.dir }}:/tmp

39
ansible/roles/wordpress/tasks/main.yaml Normal file
View File

@ -0,0 +1,39 @@
---
- name: Download wordpress archive
ansible.builtin.get_url:
url: https://de.wordpress.org/latest-de_DE.tar.gz
dest: /tmp/wordpress.tar.gz
- name: Extract wordpress
ansible.builtin.unarchive:
src: /tmp/wordpress.tar.gz
dest: "{{ wordpress.dir | dirname }}"
remote_src: true
become: true
- name: Add wordpress group
ansible.builtin.group:
name: wordpress
become: true
- name: Add wordpress user
ansible.builtin.user:
name: wordpress
group: www-data
become: true
- name: Add wordpress config
ansible.builtin.template:
src: "wp-config.php.j2"
dest: "{{ wordpress.dir }}/wp-config.php"
become: true
- name: Change ownership of wordpress installation
ansible.builtin.file:
path: "{{ wordpress.dir }}"
owner: wordpress
group: www-data
state: directory
recurse: true
become: true

116
ansible/roles/wordpress/templates/wp-config.php.j2 Normal file
View File

@ -0,0 +1,116 @@
<?php
/**
* Grundeinstellungen für WordPress
*
* Diese Datei wird zur Erstellung der wp-config.php verwendet.
* Du musst aber dafür nicht das Installationsskript verwenden.
* Stattdessen kannst du auch diese Datei als „wp-config.php“ mit
* deinen Zugangsdaten für die Datenbank abspeichern.
*
* Diese Datei beinhaltet diese Einstellungen:
*
* * Datenbank-Zugangsdaten,
* * Tabellenpräfix,
* * Sicherheitsschlüssel
* * und ABSPATH.
*
* @link https://wordpress.org/support/article/editing-wp-config-php/
*
* @package WordPress
*/
// ** Datenbank-Einstellungen - Diese Zugangsdaten bekommst du von deinem Webhoster. ** //
/**
* Ersetze datenbankname_hier_einfuegen
* mit dem Namen der Datenbank, die du verwenden möchtest.
*/
define( 'DB_NAME', '{{ wordpress.db_name }}' );
/**
* Ersetze benutzername_hier_einfuegen
* mit deinem Datenbank-Benutzernamen.
*/
define( 'DB_USER', '{{ wordpress.db_user }}' );
/**
* Ersetze passwort_hier_einfuegen mit deinem Datenbank-Passwort.
*/
define( 'DB_PASSWORD', '{{ wordpress.db_pass }}' );
/**
* Ersetze localhost mit der Datenbank-Serveradresse.
*/
define( 'DB_HOST', 'localhost' );
/**
* Der Datenbankzeichensatz, der beim Erstellen der
* Datenbanktabellen verwendet werden soll
*/
define( 'DB_CHARSET', 'utf8' );
/**
* Der Collate-Type sollte nicht geändert werden.
*/
define( 'DB_COLLATE', '' );
/**#@+
* Sicherheitsschlüssel
*
* Ändere jeden untenstehenden Platzhaltertext in eine beliebige,
* möglichst einmalig genutzte Zeichenkette.
* Auf der Seite {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* kannst du dir alle Schlüssel generieren lassen.
*
* Du kannst die Schlüssel jederzeit wieder ändern, alle angemeldeten
* Benutzer müssen sich danach erneut anmelden.
*
* @since 2.6.0
*/
define( 'AUTH_KEY', '{{ wordpress_auth_key }}' );
define( 'SECURE_AUTH_KEY', '{{ wordpress_secure_auth_key }}' );
define( 'LOGGED_IN_KEY', '{{ wordpress_logged_in_key }}' );
define( 'NONCE_KEY', '{{ wordpress_nonce_key }}' );
define( 'AUTH_SALT', '{{ wordpress_auth_salt }}' );
define( 'SECURE_AUTH_SALT', '{{ wordpress_secure_auth_salt }}' );
define( 'LOGGED_IN_SALT', '{{ wordpress_logged_in_salt }}' );
define( 'NONCE_SALT', '{{ wordpress_nonce_salt }}' );
/**#@-*/
/**
* WordPress Datenbanktabellen-Präfix
*
* Wenn du verschiedene Präfixe benutzt, kannst du innerhalb einer Datenbank
* verschiedene WordPress-Installationen betreiben.
* Bitte verwende nur Zahlen, Buchstaben und Unterstriche!
*/
$table_prefix = 'wp_';
/**
* Für Entwickler: Der WordPress-Debug-Modus.
*
* Setze den Wert auf „true“, um bei der Entwicklung Warnungen und Fehler-Meldungen angezeigt zu bekommen.
* Plugin- und Theme-Entwicklern wird nachdrücklich empfohlen, WP_DEBUG
* in ihrer Entwicklungsumgebung zu verwenden.
*
* Besuche den Codex, um mehr Informationen über andere Konstanten zu finden,
* die zum Debuggen genutzt werden können.
*
* @link https://wordpress.org/support/article/debugging-in-wordpress/
*/
define( 'WP_DEBUG', false );
/* Füge individuelle Werte zwischen dieser Zeile und der „Schluss mit dem Bearbeiten“ Zeile ein. */
/* Das wars, Schluss mit dem Bearbeiten! Viel Spaß. */
/* That's all, stop editing! Happy publishing. */
/** Der absolute Pfad zum WordPress-Verzeichnis. */
if ( ! defined( 'ABSPATH' ) ) {
define( 'ABSPATH', __DIR__ . '/' );
}
/** Definiert WordPress-Variablen und fügt Dateien ein. */
require_once ABSPATH . 'wp-settings.php';

43
ansible/vault.yaml Normal file
View File

@ -0,0 +1,43 @@
$ANSIBLE_VAULT;1.1;AES256
32613037373933666161383738313531306336633666333332383066316566363033616237303436
6632323331346634316630646566393639376339653334630a333861613934623337383839333031
34356237636465646537616661643234316533633735343233383230386665303935313065656662
3130386366643061390a396266336231633265663762653330306238313431343537356263316664
31373063623535653232373863633864643364633137363130643865646266306634633939396139
31353431393831383531633862336533303731346133633864343938383632336639373065613062
31633438643633623462316232313437396631313163653539616166373530646530633530336461
31376236316639356365323366306634373235643638653433303638653631666461353064666431
34393165653730316237353439336531383865373462386232313635313436333862346339633235
37393839356461323730353261303462663230303734313036346430373434376631626232626639
39306665356139663730356238346634653561326662353331613064316363373339313562666339
62363232306331373432393339303663306331663737633534623332616238343938373531616231
66366464353134363139376635643366386530373963336566626136383031373634343866363130
36383930396334376561653564623439366230646361633738323763336466343938363339646464
31613936306133666366373065363062633337616131386137343366326131303365366265643032
62646434356135653031373039636333346135646261643834643439656361653031663634636564
66666234333364386436356265343635393664346131653035623961343266666339313763363237
62306139323336326463326230313630643337353535313239393130373735346466353335613032
35396538396566326137316161333032363330653434363637366430396331333065336564373366
36323832643535663065316438393734353435363536643033326134396465383863363265373230
64626639346330306466656636323834353664353863373537393862326366343062313535326363
63353933366235663364333234636235633037303732366663383538616535623635326663356230
61626561383735623035366563393639373037646631336164323561313763326163636466636434
66663935303339313338396436353632653062396563623664336264313265376262386537356432
30366137323037653038656365666239666136666239323133333632623864663364303330623166
64323332356539313933646564303864346535376536316335653735393037386164343536313939
65376539643334633834656537646532323135326639353663633365343666313231346164663131
32306334396537306633393632343033336437373666643561343166316334623261663361653436
30616162623534313336313865316134613032386638303261383739383135363135316337666234
39363130306633646631373934326436313630366133363033326164343463333934633835383036
31613731356630363866386462363932633737363861626535306435366162663533316365353561
35666336616336386639366364363736663762636231386664333030373234653738356435306530
32333664383734353633366137303837393835306637663665623330323065613731623165633532
65373135346636303531353830656563633063383138336433376234636434353064376463643366
32636565336237373166333134396532616166626135613662636566313936383130353039336539
30656265373364396334346539376431373439393634323833633336643435623166393766336432
31386330636365383438356639356161333535623632616366653933313834373664326464373238
62323637333939356332643461303630353064336631646337373239383031373733663037376634
30366337303263653035356264363332653535336466363737343166363966353935366137383861
30306131616336333430663239393030626166646432653033633837633139333031663939373135
37313438333661373330663735633565653364336138323135636532363665646136336132393739
3934333330316564643237643434333230306161633230623939