From 860c225880205ebaa57b88d181bdb5c76b1764bc Mon Sep 17 00:00:00 2001 From: GROUPE 6 Date: Wed, 17 May 2023 16:51:30 +0200 Subject: [PATCH] add:(Wordpress) --- group_vars/all/main.yml | 4 ++ playbooks/apache.yml | 10 ++++ playbooks/wordpress.yml | 10 ++++ requirements.yml | 2 + roles/apache/handlers/main.yml | 8 +++ roles/apache/tasks/main.yml | 5 ++ roles/apache/tasks/webserver.yml | 60 +++++++++++++++++++ roles/apache/templates/apache2-ports.conf.j2 | 10 ++++ roles/apache/templates/index.html.j2 | 1 + roles/apache/templates/wordpress-site.conf.j2 | 23 +++++++ roles/nginx/tasks/webserver.yml | 2 + roles/nginx/templates/infra.conf.j2 | 15 +++-- roles/wordpress/handlers/main.yml | 8 +++ roles/wordpress/tasks/main.yml | 10 ++++ roles/wordpress/tasks/mysql.yml | 22 +++++++ roles/wordpress/tasks/wordpress.yml | 30 ++++++++++ .../templates/config-localhost.php.j2 | 10 ++++ 17 files changed, 224 insertions(+), 6 deletions(-) create mode 100644 playbooks/apache.yml create mode 100644 playbooks/wordpress.yml create mode 100644 roles/apache/handlers/main.yml create mode 100644 roles/apache/tasks/main.yml create mode 100644 roles/apache/tasks/webserver.yml create mode 100644 roles/apache/templates/apache2-ports.conf.j2 create mode 100644 roles/apache/templates/index.html.j2 create mode 100644 roles/apache/templates/wordpress-site.conf.j2 create mode 100644 roles/wordpress/handlers/main.yml create mode 100644 roles/wordpress/tasks/main.yml create mode 100644 roles/wordpress/tasks/mysql.yml create mode 100644 roles/wordpress/tasks/wordpress.yml create mode 100644 roles/wordpress/templates/config-localhost.php.j2 diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index d689908..9c1cebe 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -10,3 +10,7 @@ ansible_become_method: "sudo" nginx_cert_position: "/etc/ssl/dmz.pem" nginx_key_position: "/etc/ssl/dmz.key.pem" + +mysql_db_name: "wordpress_db" +mysql_user_name: "wordpress_user" +mysql_user_pass: "ApacheCestPasTerribleQuandMeme" diff --git a/playbooks/apache.yml b/playbooks/apache.yml new file mode 100644 index 0000000..a435526 --- /dev/null +++ b/playbooks/apache.yml @@ -0,0 +1,10 @@ +--- + +- name: Apache + hosts: all + vars_files: + - ../group_vars/all/vault.yml + roles: + - apache + tags: + - apache diff --git a/playbooks/wordpress.yml b/playbooks/wordpress.yml new file mode 100644 index 0000000..f2c4cdf --- /dev/null +++ b/playbooks/wordpress.yml @@ -0,0 +1,10 @@ +--- + +- name: Wordpress + hosts: all + vars_files: + - ../group_vars/all/vault.yml + roles: + - wordpress + tags: + - wordpress diff --git a/requirements.yml b/requirements.yml index 29512cb..c670b46 100644 --- a/requirements.yml +++ b/requirements.yml @@ -7,3 +7,5 @@ collections: version: 2.10.0 - name: community.general version: 3.4.0 + - name: community.mysql + version: 3.7.0 diff --git a/roles/apache/handlers/main.yml b/roles/apache/handlers/main.yml new file mode 100644 index 0000000..9024a1a --- /dev/null +++ b/roles/apache/handlers/main.yml @@ -0,0 +1,8 @@ +--- + +- name: apache_reload + become: Yes + ansible.builtin.service: + name: apache2.service + state: reloaded + diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml new file mode 100644 index 0000000..7899e94 --- /dev/null +++ b/roles/apache/tasks/main.yml @@ -0,0 +1,5 @@ +--- + +- name: Create Apache server + remote_user: ansible + ansible.builtin.import_tasks: webserver.yml diff --git a/roles/apache/tasks/webserver.yml b/roles/apache/tasks/webserver.yml new file mode 100644 index 0000000..b10849e --- /dev/null +++ b/roles/apache/tasks/webserver.yml @@ -0,0 +1,60 @@ +--- +- name: Install Apache2 + become: Yes + ansible.builtin.apt: + update_cache: true + state: latest + name: + - apache2 + - libapache2-mod-security2 + - libapache2-mod-php + + +- name: Check Wordpress default site status + stat: + path: "/etc/apache2/sites-enabled/000-default.conf" + register: default_active + +- name: Disable default HTTP website + become: Yes + ansible.builtin.command: + cmd: "/usr/sbin/a2dissite 000-default" + when: default_active.stat.exists # Skip if default don't exists + + +- name: Change ports config file + become: yes + ansible.builtin.template: + src: "apache2-ports.conf.j2" + dest: "/etc/apache2/ports.conf" + owner: root + group: root + mode: 0644 + notify: + - apache_reload + + +- name: import wordpress available configuration + become: yes + ansible.builtin.template: + src: "wordpress-site.conf.j2" + dest: "/etc/apache2/sites-available/wordpress-site.conf" + owner: root + group: root + mode: 0644 + notify: + - apache_reload + + +- name: Check Wordpress website status + stat: + path: "/etc/apache2/sites-enabled/wordpress-site.conf" + register: wp_active + +- name: Enable wordpress HTTP website + become: Yes + ansible.builtin.command: + cmd: "/usr/sbin/a2ensite wordpress-site.conf" + notify: + - apache_reload + when: not wp_active.stat.exists # Skip if simlink already exists diff --git a/roles/apache/templates/apache2-ports.conf.j2 b/roles/apache/templates/apache2-ports.conf.j2 new file mode 100644 index 0000000..f8ab4bd --- /dev/null +++ b/roles/apache/templates/apache2-ports.conf.j2 @@ -0,0 +1,10 @@ +# Listen 8000 + + + Listen 443 + + + + Listen 443 + + diff --git a/roles/apache/templates/index.html.j2 b/roles/apache/templates/index.html.j2 new file mode 100644 index 0000000..56db0b8 --- /dev/null +++ b/roles/apache/templates/index.html.j2 @@ -0,0 +1 @@ +TOP GUN diff --git a/roles/apache/templates/wordpress-site.conf.j2 b/roles/apache/templates/wordpress-site.conf.j2 new file mode 100644 index 0000000..5c92ff2 --- /dev/null +++ b/roles/apache/templates/wordpress-site.conf.j2 @@ -0,0 +1,23 @@ +Listen 8000 + + + DocumentRoot /usr/share/wordpress + + Alias /wp-content /var/lib/wordpress/wp-content + + + Options FollowSymLinks + AllowOverride Limit Options FileInfo + DirectoryIndex index.php + Require all granted + + + + Options FollowSymLinks + Require all granted + + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + diff --git a/roles/nginx/tasks/webserver.yml b/roles/nginx/tasks/webserver.yml index c96011e..66a299f 100644 --- a/roles/nginx/tasks/webserver.yml +++ b/roles/nginx/tasks/webserver.yml @@ -28,6 +28,8 @@ owner: root group: root mode: 0644 + notify: + - Nginx_Reload - name: Import index page become: Yes diff --git a/roles/nginx/templates/infra.conf.j2 b/roles/nginx/templates/infra.conf.j2 index d2ad4cc..e4dc2cc 100644 --- a/roles/nginx/templates/infra.conf.j2 +++ b/roles/nginx/templates/infra.conf.j2 @@ -16,15 +16,13 @@ server { return 301 https://$host$request_uri; } -# reverse-proxy to Apache -> 10000 +# reverse-proxy to Apache -> 8000 server { listen 443 ssl; # IPv4, on écoute sur le port HTTPS (443) listen [::]:443; # IPv6 - # server_name wiki.salo.pe; # Ce serveur répond au host 'wiki.salo.pe' - location /blog/ { - proxy_pass http://localhost:10000/; # Redirect localhost port 8080 + proxy_pass http://localhost:8000/; # Redirect localhost port 8000 } ssl_certificate {{ nginx_cert_position }}; @@ -48,8 +46,6 @@ server { listen 443 ssl; listen [::]:443; -# server_name grosse.salo.pe; - root /var/www/html; index index.html; @@ -65,4 +61,11 @@ server { ssl_stapling_verify on; add_header Strict-Transport-Security "max-age=63072000" always; + + location / { + limit_except GET POST PUT { + deny all; + } + # Autre directives + } } diff --git a/roles/wordpress/handlers/main.yml b/roles/wordpress/handlers/main.yml new file mode 100644 index 0000000..9024a1a --- /dev/null +++ b/roles/wordpress/handlers/main.yml @@ -0,0 +1,8 @@ +--- + +- name: apache_reload + become: Yes + ansible.builtin.service: + name: apache2.service + state: reloaded + diff --git a/roles/wordpress/tasks/main.yml b/roles/wordpress/tasks/main.yml new file mode 100644 index 0000000..88af375 --- /dev/null +++ b/roles/wordpress/tasks/main.yml @@ -0,0 +1,10 @@ +--- + +- name: Import Wordpress + remote_user: ansible + ansible.builtin.import_tasks: wordpress.yml + + +- name: Create MySQL Database + remote_user: ansible + ansible.builtin.import_tasks: mysql.yml diff --git a/roles/wordpress/tasks/mysql.yml b/roles/wordpress/tasks/mysql.yml new file mode 100644 index 0000000..74fe170 --- /dev/null +++ b/roles/wordpress/tasks/mysql.yml @@ -0,0 +1,22 @@ +--- +- name: Create MySQL Database for Wordpress + become: Yes + community.mysql.mysql_db: + name: "{{ mysql_db_name }}" + state: present + + +- name: Create MySQL user '{{ mysql_user_name }}' + become: Yes + community.mysql.mysql_user: + name: "{{ mysql_user_name }}" + password: "{{ mysql_user_pass }}" + priv: "{{ mysql_db_name }}.*:ALL" + host: localhost + state: present + +- name: Start MySQL server + become: Yes + ansible.builtin.service: + name: mysql.service + state: started diff --git a/roles/wordpress/tasks/wordpress.yml b/roles/wordpress/tasks/wordpress.yml new file mode 100644 index 0000000..b83c9b1 --- /dev/null +++ b/roles/wordpress/tasks/wordpress.yml @@ -0,0 +1,30 @@ +--- +- name: Install Wordpress Dependencies + become: Yes + ansible.builtin.apt: + update_cache: true + state: latest + name: + - ghostscript + - php + - php-bcmath + - php-curl + - php-intl + - php-json + - php-mbstring + - php-mysql + - php-xml + - php-zip + - wordpress + - mariadb-server + - python3-mysqldb + + +- name: Import Wordpress database config + become: yes + ansible.builtin.template: + src: "config-localhost.php.j2" + dest: "/etc/wordpress/config-localhost.php" + owner: root + group: root + mode: 0644 diff --git a/roles/wordpress/templates/config-localhost.php.j2 b/roles/wordpress/templates/config-localhost.php.j2 new file mode 100644 index 0000000..e3a74cc --- /dev/null +++ b/roles/wordpress/templates/config-localhost.php.j2 @@ -0,0 +1,10 @@ + +