Merge pull request 'automotive' (#7) from automotive into main

Reviewed-on: #7

ansible/inventories/group_vars/automotive/automotive.yaml

@@ -1,30 +1,31 @@
 ---
-#Common Docker 
+# Docker 
-docker_network_name: wp_net
+wordpress_docker_tag: 7.0.0-php8.2-apache
+mysql_docker_tag: 9.7.0
+nginx_docker_tag: 1.31.1
+
 docker_base_volume_path: /usr/data/wp
 
 
 # MYSQL Docker 
-mysql_docker_tag: 9.7.0
+db_name: automotive_db
-docker_mysql_hostname: web_db
+db_user: automotive_db_u
-
-db_name: automotive_test_db
-db_user: automotive_test_db_u
 db_password:  "{{ automotive_mysql_user_password }}"
 db_root_password: "{{ automotive_mysql_root_password }}"
 
 
 #NGINX Docker 
-nginx_docker_tag: 1.31.1
 nginx_server_name: automotive.sse.cloud.isti.cnr.it
 ssl: true
 
-#WORDPRESS Docker
-wordpress_docker_tag: 7.0.0-php8.2-apache
-docker_wordpress_hostname: automotive_test
 
-#CERTBOT for letsencrypt
+# WORDPRESS
-certbot_create_method: webroot
+wordpress_debug : true
+wordpress_debug_log: true
+
+
+#******* CERTBOT for letsencrypt
+certbot_create_method: standalone
 certbot_create_if_missing: true
 certbot_admin_email: fabio.sinibaldi@isti.cnr.it
 
@@ -35,5 +36,5 @@ certbot_certs:
     - "{{ nginx_server_name }}"
 
 #Certbot verbose level
-certbot_create_extra_args: "-vvv --force-renewal"
+certbot_create_extra_args: "-vvv"
 certbot_testmode: false

ansible/playbooks/docker_deploy_image.yaml

@@ -0,0 +1,29 @@
+---
+- name: Create and run container
+  hosts: all
+  become : true
+  vars:
+    image_name: ubuntu
+    image_tag: latest
+    image_hostname: ubuntu
+    image_network:
+      - wp_net
+    image_volumes:
+      - "/usr/data/wp/wordpress/:/var/www"
+
+
+  tasks:
+  - name: Pull Image
+    docker_image:
+      name: "{{ image_name }}:{{ image_tag }}"
+      source: pull
+
+  - name: Create container with pulled image
+    docker_container:
+      name: "{{ image_name }}"
+      image: "{{ image_name }}"
+      networks:
+        - name: "{{ image_network }}"
+      hostname: "{{ image_hostname }}"
+      volumes: "{{image_volumes}}"
+      restart: true

ansible/playbooks/misc_tests.yaml

@@ -0,0 +1,9 @@
+---
+- name: Misc tests
+  hosts: web
+
+  tasks:
+    - name: Using dict2items
+      ansible.builtin.debug:
+        msg: "{{ item.name }}"
+      loop: "{{ certbot_certs }}"

ansible/playbooks/roles/certbot/tasks/certbot_with_dockered_nginx.yaml

@@ -1,16 +1,9 @@
 ---
-# Need to stop using port 80 for certbot webroot validation
+# Stop NGINX
-- name: Gathering NGINX container state
+- name: Stop NGINX 
-  docker_container_info:
-    name: nginx
-  register: nginx_info
-
-- name: Stop NGINX if present
   docker_container:
     name: nginx
     state: stopped
-  when: 
-    - nginx_info.exists
 
 # Manage certbot
 
@@ -18,6 +11,7 @@
   include_role:
     name: geerlingguy.certbot
 
+
 - name: Copy fullchain files to nginx volume
   ansible.builtin.copy:
     src: "/etc/letsencrypt/live/{{ item.name }}/fullchain.pem"
@@ -54,9 +48,7 @@
     - "/etc/letsencrypt/renewal-hooks/pre/stop_services"
     - "/etc/letsencrypt/renewal-hooks/post/start_services"
 
-
+# Start NGINX
-# Installs dockered NGINX if needed and start it 
+- name: Start NGINX
-
+  docker_container:
-- name: Installing and (Re)starting NGINX
+    name: nginx
-  include_role:
-    name: chrissayon.wordpress_docker.nginx

ansible/playbooks/roles/docker-certbot/tasks/main.yaml

@@ -8,8 +8,11 @@
   docker_container:
     name: certbot
     image: certbot/certbot
+    command: "certonly --standalone --non-interactive -v --dry-run -d {{ nginx_server_name}} --agree-tos -m {{ certbot_domain_mail }}"
     networks:
       - name: "{{ docker_network_name }}"
+    ports: 
+      - "81:80"
     hostname: certbot
     volumes:
       - "{{ docker_base_volume_path }}/certbot/logs:/var/log/letsencrypt"

ansible/playbooks/roles/wordpress-docker/defaults/main.yaml

@@ -0,0 +1,27 @@
+---
+wordpress_docker_tag: latest
+nginx_docker_tag: latest
+mysql_docker_tag: latest
+
+docker_network_name: wordpress_network
+docker_wordpress_hostname: wordpress_host
+docker_nginx_hostname: nginx_host
+docker_mysql_hostname: mysql_host
+
+docker_base_volume_path: /home/wordpress_docker
+
+
+nginx_server_name: default_server
+ssl: false
+
+db_name: wordpress_database
+db_user: wordpress_user
+db_password: wordpress_password
+db_root_password: wordpress_rootpassword
+
+wordpress_debug : false
+wordpress_debug_log: false
+
+
+
+

ansible/playbooks/roles/wordpress-docker/tasks/main.yml

@@ -0,0 +1,57 @@
+---
+- name: Pull docker images
+  docker_image:
+    name: "{{ item.name }}"
+    tag: "{{ item.tag }}"
+    source: pull
+  loop:
+    - name : wordpress
+      tag: "{{ wordpress_docker_tag }}"
+    - name: mysql
+      tag : "{{ mysql_docker_tag }}"
+    - name: nginx
+      tag : "{{ nginx_docker_tag }}"
+    
+
+- name: Create docker network
+  docker_network:
+    name: "{{ docker_network_name }}"
+    state: present
+
+
+- name: Create container with mysql image
+  docker_container:
+    name: mysql
+    image: mysql
+    networks:
+      - name: "{{ docker_network_name }}"
+    hostname: "{{ docker_mysql_hostname }}"
+    env:
+      MYSQL_DATABASE: "{{ db_name }}"
+      MYSQL_USER: "{{ db_user }}"
+      MYSQL_PASSWORD: "{{ db_password }}"
+      MYSQL_ROOT_PASSWORD: "{{ db_root_password }}"
+    volumes:
+      - "{{ docker_base_volume_path }}/temp_db_data:/var/tmp"
+
+
+- name: Create container with Wordpress image
+  docker_container:
+    name: wordpress
+    image: wordpress
+    networks:
+      - name: "{{ docker_network_name }}"
+    hostname: "{{ docker_wordpress_hostname }}"
+    env:
+      WORDPRESS_DB_HOST: "{{ docker_mysql_hostname }}"
+      WORDPRESS_DB_NAME: "{{ db_name }}"
+      WORDPRESS_DB_USER: "{{ db_user }}"
+      WORDPRESS_DB_PASSWORD: "{{ db_password }}"
+      WORDPRESS_DEBUG: " {{ wordpress_debug }} "
+      WORDPRESS_DEBUG_LOG: " {{ wordpress_debug_log }} "
+    volumes:
+      - "{{ docker_base_volume_path }}/wordpress:/var/www/html"
+    restart: true
+
+- include_tasks: nginx.yaml
+  when: ssl is true

ansible/playbooks/roles/wordpress-docker/tasks/nginx.yaml

@@ -0,0 +1,18 @@
+---
+- name: Create conf folder to put nginx folder
+  ansible.builtin.file:
+    path: "{{ docker_base_volume_path }}/nginx/conf"
+    state: directory
+    mode: "0755"
+
+- name: Copy nginx.conf to server
+  template:
+    src: templates/nginx.j2
+    dest: "{{ docker_base_volume_path }}/nginx/conf/nginx.conf"
+
+
+- include_tasks: nginx_http.yml
+  when: ssl is false
+
+- include_tasks: nginx_https.yml
+  when: ssl is true

ansible/playbooks/roles/wordpress-docker/tasks/nginx_http.yml

@@ -0,0 +1,15 @@
+---
+- name: Start Nginx Container (HTTP)
+  docker_container:
+    name: nginx
+    image: nginx
+    ports:
+      - "80:80"
+    networks:
+      - name: "{{ docker_network_name }}"
+    hostname: "{{ docker_nginx_hostname }}"
+    volumes:
+      - "{{ docker_base_volume_path }}/wordpress:/var/www/html"
+      - "{{ docker_base_volume_path }}/nginx/conf:/etc/nginx/conf.d"
+      - "{{ docker_base_volume_path }}/nginx/logs:/var/log/nginx"
+    restart: true

ansible/playbooks/roles/wordpress-docker/tasks/nginx_https.yml

@@ -0,0 +1,17 @@
+---
+- name: Start Nginx Container (HTTPS)
+  docker_container:
+    name: nginx
+    image: nginx
+    ports:
+      - "80:80"
+      - "443:443"
+    networks:
+      - name: "{{ docker_network_name }}"
+    hostname: "{{ docker_nginx_hostname }}"
+    volumes:
+      - "{{ docker_base_volume_path }}/wordpress:/var/www/html"
+      - "{{ docker_base_volume_path }}/nginx/conf:/etc/nginx/conf.d"
+      - "{{ docker_base_volume_path }}/nginx/logs:/var/log/nginx"
+      - "{{ docker_base_volume_path }}/nginx/ssl:/etc/nginx/ssl/:ro"
+    restart: true

ansible/playbooks/roles/wordpress-docker/templates/nginx.j2

@@ -15,13 +15,22 @@ server {
     root   /var/www/html;
     index  index.php;
 
-
+    # Needed to upload backups 
-    ssl_certificate /etc/nginx/ssl/fullchain.pem;
-    ssl_certificate_key /etc/nginx/ssl/privatekey.pem;
 
     client_max_body_size 40M;
 
 
+    # Try to support website restore plugin 
+
+    proxy_read_timeout 600s;
+    keepalive_timeout 600s;
+
+
+
+     ssl_certificate /etc/nginx/ssl/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/privatekey.pem;
+
+
     location / {
         proxy_pass http://{{ docker_wordpress_hostname }}:80;
         proxy_set_header Host $host;
@@ -29,4 +38,5 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
     }
+
 }

ansible/playbooks/wordpress.yaml

@@ -2,12 +2,9 @@
 - name: Install and configure Wordpress
   hosts: web
   become : True
-  collections:
+  
-    - chrissayon.wordpress_docker
 
   roles:
     - geerlingguy.docker
-    - chrissayon.wordpress_docker.network
+    - wordpress-docker
-    - chrissayon.wordpress_docker.mysql
-    - chrissayon.wordpress_docker.wordpress
     - certbot