Merge branch 'master' of adellam/ansible-role-wordpress into master

defaults/main.yml

@@ -1,12 +1,15 @@
 ---
 wordpress_dist_name: wordpress
-wordpress_major: 4
-wordpress_minor: 9
-wordpress_fix: 5
+wordpress_major: 5
+wordpress_minor: 3
+wordpress_fix: 2
 wordpress_version: '{{ wordpress_major }}.{{ wordpress_minor }}.{{ wordpress_fix }} '
 wordpress_cli_url: 'https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar'
 wordpress_cli_bin: /usr/local/bin/wp
 wordpress_system_user: wp
+wordpress_auto_upgrade: True
+wordpress_auto_upgrade_minor_only: False
+wordpress_auto_upgrade_all_plugins: True
 
 wordpress_servername: '{{ ansible_fqdn }}'
 wordpress_url: 'https://{{ wordpress_servername }}'
@@ -19,6 +22,8 @@ wordpress_debug: 'false'
 
 # wordpress_plugins_install_list:
 
+# wordpress_plugins_upgrade_list: '{{ wordpress_plugins_install_list }}'
+
 # wordpress_plugins_delete_list:
   
 wordpress_php_prereq:

tasks/main.yml

@@ -2,5 +2,6 @@
 - import_tasks: wp_prerequisites.yml
 - import_tasks: wp_install.yml
 - import_tasks: wp_plugins.yml
+- import_tasks: wp_maintenance.yml
 - import_tasks: wp_nginx.yml
 

tasks/wp_install.yml

@@ -10,7 +10,7 @@
     register: wordpress_salt
 
   - name: Install the initial WordPress configuration file
-    template: src=wp-config.php dest={{ wordpress_doc_root }}/wp-config.php mode=0640 force=no
+    template: src=wp-config.php.j2 dest={{ wordpress_doc_root }}/wp-config.php mode=0640 force=no
 
   - name: Install the WP DB tables 
     command: wp core install --url={{ wordpress_servername }} --title="{{ wordpress_title }}" --admin_user={{ wordpress_admin_user }} --admin_password='{{ wordpress_admin_pwd }}' --admin_email={{ wordpress_admin_email }}
@@ -25,7 +25,7 @@
     shell: wp site empty --yes ; touch {{ wordpress_doc_root }}/.htemptied
     args:
       chdir: '{{ wordpress_doc_root }}'
-    when: not wp_wipe.stat.exists
+    when: not wp_wipe.stat.exists | bool
 
   become: True
   become_user: '{{ wordpress_system_user }}'

tasks/wp_maintenance.yml

@@ -0,0 +1,46 @@
+---
+- block:
+  - name: Create a directory to store the logs of the wp maintenance commands
+    file: /var/log/wordpress_maintenance state=directory owner={{ wordpress_system_user }} mode=0755
+  tags: wordpress
+
+- block:
+  - name: 
+    command: wp core update {% if wordpress_auto_upgrade_minor_only %} --minor{% endif %}
+    args:
+      chdir: '{{ wordpress_doc_root }}'
+    when: wordpress_auto_upgrade | bool
+
+  - name: Cron job that updates the Wordpress core
+    cron:
+      name: "Update the Wordpress core"
+      special_time: 'daily'
+      job: "cd {{ wordpress_doc_root }} && wp core update {% if wordpress_auto_upgrade_minor_only %} --minor{% endif %} > /var/log/wordpress_maintenance/wp_core_update.log 2>&1"
+      state: present
+      user: '{{ wordpress_system_user }}'
+
+  - name: Upgrade all the plugins
+    command: wp plugin update --all
+    args:
+      chdir: '{{ wordpress_doc_root }}'
+    when: wordpress_auto_upgrade_all_plugins | bool
+
+  - name: Upgrade a list of plugins
+    command: wp plugin update {{ item }}
+    args:
+      chdir: '{{ wordpress_doc_root }}'
+    with_items: '{{ wordpress_plugins_upgrade_list }}'
+    when: wordpress_plugins_upgrade_list is defined
+
+  - name: Cron job that updates the Wordpress plugins
+    cron:
+      name: "Update the Wordpress plugins"
+      special_time: 'daily'
+      job: "cd {{ wordpress_doc_root }} && wp plugin update --all > /var/log/wordpress_maintenance/wp_plugins_update.log 2>&1"
+      state: present
+      user: '{{ wordpress_system_user }}'
+
+  become: True
+  become_user: '{{ wordpress_system_user }}'
+  tags: wordpress
+

tasks/wp_nginx.yml

@@ -1,14 +1,14 @@
 ---
 - block:
   - name: Install the nginx virtualhost
-    template: src=nginx_wordpress.conf dest=/etc/nginx/sites-available/wordpress mode=0444
+    template: src=nginx_wordpress.conf.j2 dest=/etc/nginx/sites-available/wordpress.conf mode=0444
     with_items: '{{ phpfpm_pools }}'
     notify: Reload nginx
 
   - name: Enable the nginx virtualhost
-    file: src=/etc/nginx/sites-available/wordpress dest=/etc/nginx/sites-enabled/wordpress state=link
+    file: src=/etc/nginx/sites-available/wordpress.conf dest=/etc/nginx/sites-enabled/wordpress.conf state=link
     notify: Reload nginx
   
-  when: wordpress_local_nginx_virtualhost
+  when: wordpress_local_nginx_virtualhost | bool
   tags: [ 'wordpress', 'nginx', 'virtualhost' ]
   

tasks/wp_prerequisites.yml

@@ -1,7 +1,7 @@
 ---
 - block:
   - name: Install the wordpress php prerequisites
-    apt: name={{ item }} state=present
+    apt: name={{ item }} state=present cache_valid_time=1800
     with_items: '{{ wordpress_php_prereq }}'
 
   - name: Get the wordpress CLI tool

templates/nginx_wordpress.conf.j2

@@ -9,6 +9,15 @@ server {
         ## Your only path reference.
         root {{ item.doc_root }};
 
+        {% if nginx_block_dotfiles %}
+        location ~ /\.(?!well-known).* {
+                deny all;
+                access_log off;
+                log_not_found off;
+                return 404;
+        }
+        {% endif %}
+
         {% if letsencrypt_acme_install %}
         include /etc/nginx/snippets/letsencrypt-proxy.conf;
         {% endif %}
@@ -49,9 +58,9 @@ server {
 }
 
 server {
-        listen {{ https_port }} ssl;
+        listen {{ https_port }} ssl http2;
         ## Your website name goes here.
-        server_name {{ item.virthost }};
+        server_name {{ item.virthost }} {{ item.virthost_aliases }};
         ## Your only path reference.
         root {{ item.doc_root }};
 
@@ -62,6 +71,22 @@ server {
         ## This should be in your http block and if it is, it's not needed here.
         index index.php;
 
+        {% if nginx_block_dotfiles %}
+        location ~ /\. {
+                deny all;
+                access_log off;
+                log_not_found off;
+                return 404;
+        }
+        {% endif %}
+
+        {% if haproxy_ips is defined %}
+        # We are behind haproxy
+        {% for ip in haproxy_ips %}
+        set_real_ip_from {{ ip }};
+        {% endfor %}
+        real_ip_header X-Forwarded-For;
+        {% endif %}
 
         # redirect server error pages to the static page /50x.html
         #

vars/main.yml

@@ -5,7 +5,7 @@ https_port: 443
 letsencrypt_acme_dest_dir: '{{ wordpress_servername }}'
 
 php_from_ppa: True
-php_version: 5.6
+php_version: 7.2
 
 phpfpm_base_dir: '/etc/php/{{ php_version }}/fpm'
 phpfpm_cli_dir: '/etc/php{{ php_version }}/cli'
@@ -17,4 +17,4 @@ phpfpm_default_pool_name: '{{ wordpress_system_user }}'
 phpfpm_default_user: '{{ wordpress_system_user }}'
 
 phpfpm_pools:
-  - { pool_name: '{{ phpfpm_default_pool_name }}', app_context: '{{ phpfpm_default_context }}', user: '{{ phpfpm_default_user }}', group: '{{ phpfpm_default_group }}', listen: '{{ phpfpm_default_listen }}', allowed_clients: '{{ phpfpm_default_allowed_clients }}', pm: '{{ phpfpm_default_pm }}', pm_max_children: '{{ phpfpm_default_pm_max_children }}', pm_start_servers: '{{ phpfpm_default_pm_start_servers }}', pm_min_spare: '{{ phpfpm_default_pm_min_spare_servers }}', pm_max_spare: '{{ phpfpm_default_pm_max_spare_servers }}', pm_max_requests: '{{ phpfpm_default_pm_max_requests }}', pm_status_enabled: '{{ phpfpm_default_pm_status_enabled }}', pm_status_path: '{{ phpfpm_default_pm_status_path }}', ping_enabled: '{{ phpfpm_default_ping_enabled }}', ping_path: '{{ phpfpm_default_ping_path }}', ping_response: '{{ phpfpm_default_ping_response }}', display_errors: '{{ phpfpm_default_display_errors }}', log_errors: '{{ phpfpm_default_log_errors }}', memory_limit: '{{ phpfpm_default_memory_limit }}', slowlog_timeout: '{{ phpfpm_default_slowlog_timeout }}', rlimit_files: '{{ phpfpm_default_rlimit_files }}', php_extensions: '{{ phpfpm_default_extensions }}', define_custom_variables: '{{ phpfpm_default_define_custom_variables }}', admin_write: True, doc_root: '{{ wordpress_doc_root }}', virthost: '{{ wordpress_servername }}' }
+  - { pool_name: '{{ phpfpm_default_pool_name }}', app_context: '{{ phpfpm_default_context }}', user: '{{ phpfpm_default_user }}', group: '{{ phpfpm_default_group }}', listen: '{{ phpfpm_default_listen }}', allowed_clients: '{{ phpfpm_default_allowed_clients }}', pm: '{{ phpfpm_default_pm }}', pm_max_children: '{{ phpfpm_default_pm_max_children }}', pm_start_servers: '{{ phpfpm_default_pm_start_servers }}', pm_min_spare: '{{ phpfpm_default_pm_min_spare_servers }}', pm_max_spare: '{{ phpfpm_default_pm_max_spare_servers }}', pm_max_requests: '{{ phpfpm_default_pm_max_requests }}', pm_status_enabled: '{{ phpfpm_default_pm_status_enabled }}', pm_status_path: '{{ phpfpm_default_pm_status_path }}', ping_enabled: '{{ phpfpm_default_ping_enabled }}', ping_path: '{{ phpfpm_default_ping_path }}', ping_response: '{{ phpfpm_default_ping_response }}', display_errors: '{{ phpfpm_default_display_errors }}', log_errors: '{{ phpfpm_default_log_errors }}', memory_limit: '{{ phpfpm_default_memory_limit }}', slowlog_timeout: '{{ phpfpm_default_slowlog_timeout }}', rlimit_files: '{{ phpfpm_default_rlimit_files }}', php_extensions: '{{ phpfpm_default_extensions }}', define_custom_variables: '{{ phpfpm_default_define_custom_variables }}', admin_write: True, doc_root: '{{ wordpress_doc_root }}', virthost: '{{ wordpress_servername }}', virthost_aliases: '{{ wordpress_aliases | default('') }}' }