mysql 基于ansible的wordpress安装不工作

rjee0c15  于 2023-01-12  发布在  Mysql
关注(0)|答案(2)|浏览(130)
    • bounty将在3天后过期**。回答此问题可获得+50声望奖励。HighOnMeat希望引起更多人关注此问题。

希望你们都能享受假期。我正在尝试使用ansible在我的Linux VM上自动安装wordpress。为此,我编写了这段ansible代码,试图模仿官方的ubuntu指南。
下面是代码:

- name: "Installing wordpress dependencies"
  hosts: all
  become: True
  gather_facts: True
  vars:
    get_installer: 'curl -sS https://getcomposer.org/installer -o /tmp/composer-setup.php || /bin/true'
    get_signature: 'curl -sS https://composer.github.io/installer.sig'
  tasks:
        - name: "Update repository"
          apt: 
              update_cache: "yes"
        - name: "Installing requirements"
          apt:
            name:
                 - "curl"
                 - "php"
                 - "php-cli"
                 - "gnupg"
                 - "unzip"
                 - "mysql-server"
                 - "php-fpm"
                 - "php-mysql"
                 - "apache2"
                 - "ghostscript"
                 - "libapache2-mod-php"
                 - "php-bcmath"
                 - "php-curl"
                 - "php-imagick"
                 - "php-intl"
                 - "php-json"
                 - "php-mbstring"
                 - "php-xml"
                 - "php-zip"
            state: present
        - name: Populate service facts
          ansible.builtin.service_facts:
        - name: Print service facts
          ansible.builtin.debug:
            var: ansible_facts.services
        - name: "stopping nginx if running"
          service:
            name: nginx
            state: stopped
          when: "'nginx' in ansible_facts.services"
        - name: "remove nginx if installed"
          apt:
            name:
                - "nginx"
            state: absent
        - name: stop Mysql
          service:
            name: mysql
            state: stopped
          when: "'mysql' in ansible_facts.services"
        - name: stop apache2
          service:
            name: apache2
            state: stopped
          when: "'apache2' in ansible_facts.services"

- name: Installing wordpress through source
  hosts: all
  become: True
  gather_facts: False
  vars:
    wprootdir: "/srv/www/wordpress"
  tasks:
    - name: checking if wp src dir exists
      stat:
        path: "{{ wprootdir }}"
      register: dir_details
    - name: delete existing wordpress source files
      become_user: www-data
      no_log: True
      file:
        #path: "{{ item.path }}"
        #recurse: True
        path: "{{ wprootdir }}"
        state: absent
      #with_items: "{{ path_list.files }}"
    - name: creating /var/www for wordpress source
      file:
        #path: "'{{ wp-root-dir }}' + 'wordpress'" 
        path: "/srv/www/wordpress" 
        recurse: yes
        state: directory
        owner: www-data
        mode: '0755'  
    - name: downloading and extracting wordpress source
      shell:
        cmd: "curl https://wordpress.org/latest.tar.gz | sudo -u www-data tar zx -C /srv/www"
      register: status
    - fail:
        msg: "Unable to download or extract wordpress source"
      when: (status.rc != 0)

- name: Configuring apache for wordpress
  hosts: all
  become: True
  gather_facts: False
  vars:
    wprootdir: "/srv/www/wordpress"
    wpconffile: "/etc/apache2/sites-available/wordpress.conf"
  tasks:
    - name: deleting the file if it exists
      file:
        path: "{{ wpconffile }}"
        state: absent
    - name: creating wordpress conf file
      file:
        path: "{{ wpconffile }}"
        state: touch
        owner: www-data
    - name: populating wordpress conf file
      template:
        src: apache2.j2
        dest: "{{ wpconffile }}"
    - name: enabling the site
      shell:
        cmd: "a2ensite wordpress"
    - name: enable URL rewriting
      shell:
        cmd: "a2enmod rewrite"
    - name: disable default "it works" site
      shell:
        cmd: "a2dissite 000-default"
    - name: restart apache2
      service:
        name: apache2
        state: reloaded

- name: Configuring database
  hosts: all
  become: True
  gather_facts: True
  #gather_facts: yes
  vars:
    mysql_port: 3306
    mysql_socket: /var/run/mysqld/mysqld.sock
    mysql_superuser: root
    mysql_superuser_home: "{% if mysql_superuser == 'root' %}/root{% else %}/home/{{ mysql_superuser }}{% endif %}"
    mysql_superuser_password: SuperUserPwd
    mysql_wordpress_password: WordpressPwd
    http_port: 80  
  tasks:
    - name: Installing PyMySql through pip
      pip:
        name: PyMySql
        state: present
    - name: ensure mysql is running and starts on boot
      service:
        name: mysql
        state: started
        enabled: True
          
    - name: Removes anonymous user account for localhost
      community.mysql.mysql_user:
        name: ''
        state: absent
        login_user: root
        login_password: ""
        login_unix_socket: "{{ mysql_socket }}"
      when: ansible_local.mysqlinfo is undefined      

    - name: adding a password for root user
      mysql_user:
        # Update the superuser to have all grants and a password
        name: "{{ mysql_superuser }}"
        host: localhost
        password: "{{ mysql_superuser_password }}"
        priv: "*.*:ALL,GRANT"
        # Login *as root* to perform this change, even though you might
        # be altering the root user itself
        login_user: root
        login_password: ""
        login_port: "{{ mysql_port }}"
        login_host: localhost
        login_unix_socket: "{{ mysql_socket }}"
        # As a good measure,have ansible check whether an implicit login
        # is possible first
        check_implicit_admin: yes
      when: ansible_local.mysqlinfo is undefined      
    - name: "Create custom fact directory"
      file:
        path: "/etc/ansible/facts.d"
        state: "directory"
        recurse: yes
      when: ansible_local.mysqlinfo is undefined      
    - name: "record mysql info in custom fact"
      template:
        src: mysqlinfo.j2
        dest: /etc/ansible/facts.d/mysqlinfo.fact
        mode: 0644
      when: ansible_local.mysqlinfo is undefined      
    - name: "re-run setup to use custom facts"
      setup:
        filter: ansible_local
      when: ansible_local.mysqlinfo is undefined      
    - debug:
        msg:
          - "mysqlinfo is {{ ansible_local.mysqlinfo }}"
      when: ansible_local.mysqlinfo is defined
        
        #- name: Create system-wide mysql configuration file
        #template:
        #src: mysql_sys.cnf.j2
        #dest: /etc/my.cnf

        #- name: Create mysql configuration file for `{{ mysql_superuser }}`
        #template:
        #src: mysql_superuser.cnf.j2
        #dest: "{{ mysql_superuser_home }}/.my.cnf"

    - name: create database wordpress
      mysql_db: 
        db: wordpress
        state: present
        login_user: "{{ ansible_local.mysqlinfo.mysql_superuser }}"
        login_password: "{{ ansible_local.mysqlinfo.mysql_superuser_password }}"
        login_unix_socket: "{{ mysql_socket }}"
      when: ansible_local.mysqlinfo is defined

    - name: Create database user 'wordpress' with all database privileges
      community.mysql.mysql_user:
        name: wordpress
        password: "{{ mysql_wordpress_password }}"
        login_user: "{{ ansible_local.mysqlinfo.mysql_superuser }}"
        login_password: "{{ ansible_local.mysqlinfo.mysql_superuser_password }}"
        priv: '*.*:ALL'
        state: present
      when: ansible_local.mysqlinfo is defined

    - name: Flush privileges
      mysql_query:
        login_db: wordpress
        login_user: "{{ ansible_local.mysqlinfo.mysql_superuser }}"
        login_password: "{{ ansible_local.mysqlinfo.mysql_superuser_password }}"
        login_unix_socket: "{{ mysql_socket }}"
        query: FLUSH PRIVILEGES 

     # UFW Configuration
    - name: "UFW - Allow HTTP on port {{ http_port }}"
      ufw:
        rule: allow
        port: "{{ http_port }}"
        proto: tcp
      notify:
      - Restart Mysql
      tags: [ system ]

  handlers:
    - name: Restart Mysql
      service:
        name: mysql
        state: restarted
    - name: Restart Apache2
      service:
        name: apache2
        state: restarted

- name: Configuring wordpress to connect to the database
  hosts: all
  gather_facts: False
  become: true
  vars:
    wpconfigfile: "/srv/www/wordpress/wp-config.php"
  tasks:
    - name: copy sample config to wp-config.php
      #become_user: www-data
      copy:
        remote_src: yes
        src: /srv/www/wordpress/wp-config-sample.php
        dest: "{{ wpconfigfile }}"
        owner: www-data

    - name: "re-run setup to use custom facts"
      setup:
        filter: ansible_local
    - name: set database credentials in the config file
      become: false
      #become_user: www-data
      #become_method: "su"
      # multiple commands are run like this whereas with
      # single command one can use a cmd paramater
      # since this is technically *not* a list passed to /bin/sh
      # we do not need a list here. Instead it is a series of 
      # commands being passed to /bin/sh
      #shell: |
      # apparently, passing this list directly doesn't seem to work
      # what works is this loop
      command: "{{ item }}"
      with_items:
        - "sudo -u www-data sed -i s/database_name_here/wordpress/ {{ wpconfigfile }}"
        - "sudo -u www-data sed -i s/username_here/wordpress/ {{ wpconfigfile }}"
        - "sudo -u www-data sed -i s/password_here/{{ ansible_local.mysqlinfo.mysql_wordpress_password }}/ {{ wpconfigfile }}"
    - name: get random secret keys
      uri:
        url: https://api.wordpress.org/secret-key/1.1/salt/
        return_content: yes
        body_format: json
      register: wordpress_keys
    - debug:
        var: wordpress_keys.content
    - name: delete existing bak file
      file:
        path: "{{ wpconfigfile }}.bak"
        state: absent
    - name: run script to remove key placeholders
      become_user: www-data
      script:
        chdir: /srv/www/wordpress/
        cmd: replacelines.py
        executable: /usr/bin/python3
        environment: /srv/www/wordpress/
    - name: update config file
      become_user: www-data
      copy:
        remote_src: yes
        src: "{{ wpconfigfile }}.bak"
        dest: "{{ wpconfigfile }}"
    - blockinfile:
        path: "{{ wpconfigfile }}"
        marker: // {mark} ANSIBLE MANAGED BLOCK  
        # having this separator here was giving me issues   
        #block: |
        block:
          "{{ wordpress_keys.content }}"

  handlers:
    - name: Restart Mysql
      service:
        name: mysql
        state: restarted
    - name: Restart Apache2
      service:
        name: apache2
        state: restarted

相关jinja2模板文件如下:
Apache2模板:

<VirtualHost *:80>
    Servername {{ ansible_hostname }}
    DocumentRoot "{{ wprootdir }}"
    <Directory "{{ wprootdir }}">
        Options FollowSymLinks
        AllowOverride Limit Options FileInfo
        DirectoryIndex index.php
        Require all granted
    </Directory>
    <Directory "{{ wprootdir }}/wp-content">
        Options FollowSymLinks
        Require all granted
    </Directory>
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

mysqlinfo模板

{
    "mysql_port": "{{ mysql_port }}",
    "mysql_socket": "{{ mysql_socket }}",
    "mysql_superuser": "{{ mysql_superuser }}",
    "mysql_superuser_password": "{{ mysql_superuser_password }}",
    "mysql_wordpress_password": "{{ mysql_wordpress_password }}"
}

replacelines.py script:

import re

with open("wp-config.php", "r") as wpconfig, open("wp-config.php.bak", "w") as wpconfigbak:
    for line in wpconfig:
        found = re.search(r'AUTH_KEY|SECURE_AUTH_KEY|LOGGED_IN_KEY|NONCE_KEY|AUTH_SALT|SECURE_AUTH_SALT|LOGGED_IN_SALT|NONCE_SALT', line.strip());
        if (not found):
            wpconfigbak.write(line)
        else:
            continue

清单文件:

[local]
localhost ansible_connection=local

有了这个剧本,当我在Linux机器上打开"localhost:80/"时,我可以看到wordpress的登录页面。但是,我无法进入wordpress的 Jmeter 板。ansible-playbook -i inventory SetupWordpress.yaml
为了节省时间,您可以使用我的github repo:

git clone -b WIP git@github.com:redbilledpanda/DevOpsScripts.git
cd DevOpsScripts && ansible-playbook -i inventory SetupWordpress.yaml

完成行动手册后,我转到http://localhost:80,看到安装程序:

我填写详细信息:

显然,它成功了:

当我尝试登录时,我看不到控制面板,相反,我从来没有跳过登录屏幕(虽然它没有说不正确的凭据或任何东西):

我不知道我做错了什么。很想听听你们的意见。

***UPDATE1:***如果我跳过生成wordpress "salts "/键的部分,它就可以工作。我可以看到 Jmeter 板等。但是,使用这些盐,它就不会到达wordpress管理 Jmeter 板。

2uluyalo

2uluyalo1#

您可以尝试重新生成安全密钥和salt,并确保使用最新版本的密钥。使用此链接:https://api.wordpress.org/secret-key/1.1/salt/以获取一组新的密钥
检查wordpress安装的wp-config文件,验证密钥输入是否正确,同时确保该文件具有正确的权限,以便webserver进程可以访问该文件。

dgiusagp

dgiusagp2#

使用最小示例配置文件wpconfig.file

<?php
/**
 * The base configuration for WordPress
 * ...
 * Authentication unique keys and salts.
 *
 * Change these to different unique phrases! You can generate these using
 * the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}.
 *
 * You can change these at any point in time to invalidate all existing cookies.
 * This will force all users to have to log in again.
 * ...
 */

以及minimal example行动手册

---
- hosts: localhost
  become: false
  gather_facts: false

  tasks:

  - name: Get random secret keys
    uri:
      url: https://api.wordpress.org/secret-key/1.1/salt/
      return_content: yes
      body_format: json
    register: wordpress_keys

  - name: Show keys
    debug:
      var: wordpress_keys.content

  - name: Write keys to config
    blockinfile:
      path: wpconfig.file
      marker: // {mark} ANSIBLE MANAGED BLOCK
      block:
        "{{ wordpress_keys.content }}"

它产生预期的并且可能正确的输出。
一个二个一个一个

    • 摘要**
  • 你现在的问题和描述似乎没有集中在必要的部分,而是在周围不那么相关的一切
  • 在Ansible任务中,我无法(重新)产生问题
  • 本部分仅涉及第三方Web服务或PHP的配置
  • 根据这一点,它似乎与Ansible完全无关
  • 问题域似乎只是Wordpress和PHP的设置和配置,即配置文件
  • 要进一步排除故障,您可以尝试template module – Template a file out to a target host,配置文件包括生成的密钥define('AUTH_KEY', '{{ lookup('password', '/dev/null chars=ascii_letters length=64') }}');
  • 由于Cookie无效,请在隐身模式下检查浏览器
  • 因此,它也根本不是编程
  • Stack上的其他网站,如www.example.com、www.example.com、www.example.com或www.example.com可能更适合您的问题serverfault.com, superuser.com, devops.staexchange.com or wordpress.stackexchange.com might fit better for your question

相关问题