I'm using an ansible playbook (ansible ver. 2.9) to install WordPress using wp-cli tool.
Here's the playbook:
- name: Create WordPress database
mysql_db: name="{{ db_name }}"
state=present
login_user=root
login_password="{{ mysql_root_password }}"
- name: Create WordPress DB user and grant permissions to WordPress DB
mysql_user: name="{{ db_user }}"
password="{{ db_pwd }}"
priv="{{ db_name }}.*:ALL"
state=present
login_user="root"
login_password="{{ mysql_root_password }}"
- name: Is WordPress downloaded?
stat: path="/var/www/{{ domain_name }}/html/index.php"
register: wp_dir
- name: Download WordPress
command: wp core download
args:
chdir: "/var/www/{{ domain_name }}/html/"
remote_user: "{{ web_user }}"
when: wp_dir.stat.isdir is not defined
- name: Configure WordPress
command: wp core config
--path="/var/www/{{ domain_name }}/html"
--dbname="{{ db_name }}"
--dbuser="{{ db_user }}"
--dbpass="{{ db_pwd }}"
--dbprefix="{{ db_prefix }}"
remote_user: "{{ web_user }}"
when: wp_dir.stat.isdir is not defined
- name: Is WordPress installed?
command: wp core is-installed
args:
chdir: "/var/www/{{ domain_name }}/html/"
register: wordpress_is_installed
ignore_errors: True
remote_user: "{{ web_user }}"
- name: Install WordPress tables
command: wp core install
--url="{{ wp_home_url }}"
--title="{{ wp_site_title }}"
--admin_user="{{ wp_admin_user }}"
--admin_password="{{ wp_admin_pwd }}"
--admin_email="{{ wp_admin_email }}"
args:
chdir: "/var/www/{{ domain_name }}/html/"
when: wordpress_is_installed|failed
remote_user: "{{ web_user }}"
At the "Download WordPress" task, a fatal error shows up:
"Error: YIKES! It looks like you're running this as root. You probably meant to run this as the user that your WordPress installation exists under."
I run the playbook as a sudo user ("ansible_user" in hosts file). And I have setup an additional user to manage WordPress setup (remote_user: "{{ web_user }}").
Any help would be much appreciated!
In the tasks you need to use become and become_user instead remote_user as below
- name: Download WordPress
command: wp core download
args:
chdir: "/var/www/{{ domain_name }}/html/"
become: yes
become_user: "{{ web_user }}"
when: wp_dir.stat.isdir is not defined
Now a different error is showing up when running the same code:
FAILED! => {"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: changing ownership of '/var/tmp/ansible-tmp-1613648876.307028-8235-221563540981220/': Operation not permitted\nchown: changing ownership of '/var/tmp/ansible-tmp-1613648876.307028-8235-221563540981220/AnsiballZ_command.py': Operation not permitted\n}). For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user"}
I updated Ansible to the last version available (2.10).
The only solution I've found so far is adding allow_world_readable_tmpfiles = Yes to ansible.cfg file...
Any ideas?
Thanks
Related
Is there a way to use the ansible.builtin.uri module to post / put an encrypted file while seamlessly decrypting it from the vault? Or is there a safe workaround (i.e. a secure sequence of tasks?).
The use case is to upload a licence file which is stored encrypted with ansible vault in the roles/the_role/files folder of a project.
The ansible.builtin.uri module is able to find the encrypted file, but it does not decrypt it before the upload.
- name: "Nexus Update License: Uploading new License file"
ansible.builtin.uri:
url: "http://{{ inventory_hostname }}:{{ nexus_default_port }}{{ nexus_default_context_path | regex_replace('\\/$', '')}}/service/rest/v1/system/license"
user: "{{ nexus_admin_account }}"
password: "{{ nexus_admin_password }}"
headers:
Content-Type: application/octet-stream
method: POST
force_basic_auth: yes
status_code: 200,204
src: "license.lic.enc" # this uploads the license still encrypted...
This question is similar, but I cannot use the copy module:
How to upload encrypted file using ansible vault?
I wasn't able to find a way to upload a file while decrypting it from the vault on the fly.
One workaround is to upload the file to the remote host, using it and then being sure it is removed in any case.
It is better than decrypting the file on the host running ansible as other users might have access to it, while the task performed by ansible should be quite quick.
# The following is slightly better as it will remove the license after use
- name: "Deploy new license"
block:
- name: "Copy license file"
ansible.builtin.copy:
src: "{{ nexus_license_file }}"
dest: "/tmp/license"
owner: "{{ nexus_os_user }}"
group: "{{ nexus_os_group }}"
mode: 0400
- name: "Nexus Update License ({{ ansible_hostname }}): Uploading new License file"
ansible.builtin.uri:
url: "http://{{ inventory_hostname }}:{{ nexus_default_port }}{{ nexus_default_context_path | regex_replace('\\/$', '')}}/service/rest/v1/system/license"
user: "{{ nexus_admin_account }}"
password: "{{ nexus_admin_password }}"
headers:
Content-Type: application/octet-stream
method: POST
force_basic_auth: yes
status_code: 200,204
src: "/tmp/license"
remote_src: true
always: # Always remove the license file
- name: "Remove license file"
ansible.builtin.file:
path: "/tmp/license"
state: absent
This is cross posted on the RStudio Community site. I am using r-lib/setup-r-dependencies#v2 for a bookdown project on GitHub action. However, the job is stalling when pak tries to create a lock file. Here is an example run , and here is the workflow.
As you can see, eventually the job just times out.
The issue seems similar to this post. The solution there was to use the most current RSPM, but I believe that is already what I am using (I don't specify anything different in the workflow).
Any ideas on what might be causing this?
Edit: Here is the full yaml code for the workflow (linked above)
on:
push:
branches: [main, master]
workflow_dispatch:
name: bookdown
jobs:
bookdown:
runs-on: ubuntu-latest
# Only restrict concurrency for non-PR jobs
concurrency:
group: pkgdown-${{ github.event_name != 'pull_request' || github.run_id }}
env:
GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
steps:
- uses: actions/checkout#v2
- uses: r-lib/actions/setup-pandoc#v2
- uses: r-lib/actions/setup-r#v2
with:
use-public-rspm: true
- uses: r-lib/actions/setup-r-dependencies#v2
with:
cache-version: 1
- name: Cache bookdown results
uses: actions/cache#v2
with:
path: _bookdown_files
key: bookdown-${{ hashFiles('**/*Rmd') }}
restore-keys: bookdown-
- name: Build site
run: bookdown::render_book("index.Rmd", quiet = TRUE)
shell: Rscript {0}
- name: Deploy to GitHub pages 🚀
if: github.event_name != 'pull_request'
uses: JamesIves/github-pages-deploy-action#4.1.4
with:
branch: gh-pages
folder: _book
I want to install nginx with particular version. There are servers with different OS, so I want to avoid using similar typed "dnf", "apt", "yum" commands.
By now it looks like this
- name: Install ngnix
dnf:
name: nginx <= "{{ version_needed }}"
state: latest
when: (ansible_os_family == "RedHat")
...
# same commands with "yum" and "apt"
So I want to exclude "when" and change "dnf" with "package" but "dnf", "apt", "yum" accept using "<=" and "package" does not. Any suggestions or tricks?
P.S. The body
name: nginx <= "{{ version_needed }}"
state: latest
must stay due to problems with compatibility on some machines.
Found solution myself.
The nginx <= "{{ version_needed }}" is still a case for me, so I ended up on using "use".
So now, it looks like this:
- name: Install nginx
package:
name: nginx <= "{{ version_needed }}"
state: present
use: "{{ item }}"
with_items:
- dnf
- yum
- apt
ignore_errors: yes
Now it works perfectly fine for me. Only workaround is "ignore_errors" because without this statement it stops on installing.
I make a playbook in order to make alls updates available on my Wordpress serveurs.
It works but, I want to rewrite it with a loop to respect "Don't Repeat Yourself"
It is not a playbook. Just some tasks in roles > Intranet > tasks > main.yaml
---
# Main tasks for wordpress serveurs
# Updates
- name: Update WP command line tool
command: wp cli update
register: wpcli_result
- name: Update Wordpress Core
command: wp core update --allow-root --path=/var/www/html
register: update_core
- name: Update Wordpress Core Data Base
command: wp core update-db --allow-root --path=/var/www/html
register: update_core_db
- name: Update Plugins
command: wp plugin update --all --allow-root --path=/var/www/html
register: update_plugins
- name: Update Themes
command: wp theme update --all --allow-root --path=/var/www/html
register: update_themes
...
# Debug
- name: Debug wp cli update
ansible.builtin.debug:
var: wpcli_result.stdout
- name: Debug wp Core update
ansible.builtin.debug:
var: update_core.stdout
- name: Debug wp Core update data base
ansible.builtin.debug:
var: update_core_db.stdout
- name: Debug wp plugins update
ansible.builtin.debug:
var: update_plugins.stdout
- name: Debug wp Themes update
ansible.builtin.debug:
var: update_themes.stdout
...
# Call to Zabbix tasks
- include: zabbix.yml
It is a little noisy when you look at the stdout during playbook execution but the job is done :
Edit: items.name are not necessary but I let them for better reading.
---
# Main tasks for wordpress serveurs
- name: Loop through Wordpress Updates items
command: "{{ item.command }}"
register: var_cmd
with_items:
- { name: Update WP command line tool,
command: wp cli update}
- { name: Update Wordpress Core,
command: "wp core update {{wp_allow}} {{wp_path}}"}
- { name: Update Wordpress Core Data Base,
command: "wp core update-db {{wp_allow}} {{wp_path}}"}
- { name: Update Plugins,
command: "wp plugin update --all {{wp_allow}} {{wp_path}}"}
- { name: Update Themes,
command: "wp theme update --all {{wp_allow}} {{wp_path}}"}
- { name: Update Core Translations,
command: "wp language core update {{wp_allow}} {{wp_path}}"}
- { name: Update Plugins Translations,
command: "wp language plugin update --all {{wp_allow}} {{wp_path}}"}
- { name: Update Themes Translations,
command: "wp language theme update --all {{wp_allow}} {{wp_path}}"}
- name: Debug Wordpress Updates
debug:
msg: "{{ item.stdout_lines }}"
verbosity: 0
with_items: "{{ var_cmd['results'] }}"
# Call to Zabbix tasks
- include: zabbix.yml
[☺ first time posting here, I have huge problems with formating so sorry, I really dont understand how to get that code to the grey boxes, sorry!)
Hello, so I am supposed to set up a server using Ansible for a high school graduation project. All I have to do is basicaly install a few programs like htop, httpd ..... and finally set up a wordpress server. I am folowing this guide.
Problem is that this code:
---
# tasks file for wp-dependencies
- name: Update packages (this is equivalent to yum update -y)
yum: name=* state=latest
- name: Install dependencies for WordPress
yum:
name:
- php
- php-mysql
- MySQL-python
state: present
- name: Ensure MariaDB is running (and enable it at boot)
service: name=mariadb state=started enabled=yes
- name: Copy ~/.my.cnf to nodes
copy: src=.my.cnf dest=/root/.my.cnf
- name: Create MariaDB database
mysql_db: name={{ wp_mysql_db }} state=present
- name: Create MariaDB username and password
mysql_user: login_user=root login_password=root name = {{ wp_mysql_user }} password = {{ wp_mysql_password }}
priv=*.*:ALL`
Results in this error:
TASK [wp-dependencies : Create MariaDB username and password] ******************************************
fatal: [192.168.56.101]: FAILED! => {"changed": false, "msg": "missing required arguments: user"}
to retry, use: --limit #/home/Admin/wordpress.retry
COuld you tell whats the problem?
Your task is this:
- name: Create MariaDB username and password
mysql_user: login_user=root login_password=root name = {{ wp_mysql_user }} password = {{ wp_mysql_password }}
priv=*.*:ALL`
You have spaces between name and password and the values they are to take. And for safe variable handling you should also place quotation marks (") around the variables.
Try this:
- name: Create MariaDB username and password
mysql_user: login_user=root login_password=root name="{{ wp_mysql_user }}" password="{{ wp_mysql_password }}" priv=*.*:ALL