MariaDB on a separate host

2022-01-04 17:55:37 +01:00
parent 119e95b79f
commit a32a665890
2 changed files with 166 additions and 126 deletions
--- a/site.yml
+++ b/site.yml
@ -4,96 +4,136 @@
  hosts: localhost
  become: true
  vars:
-    jail:
-      name: wp1xx
-      fbsd_version: 13.0-RELEASE
-      ip: 192.168.0.33
-      host_interface: em0
+    jails:
+      webserver:
+          name: wp1xx
+          fbsd_version: 13.0-RELEASE
+          ip: 192.168.0.33
+          host_interface: em0
+
+      database:
+        name: db1xx
+        fbsd_version: 13.0-RELEASE
+        ip: 192.168.0.34
+        host_interface: em0
+
+    database:
+      port: 3007
+      dbname: wordpress
+      username: wordpress
+      password: secret password

    website:
      name: wordpress
      port: 82

-    database:
-      host: "localhost:/var/run/mysql/mysql.sock"
-      dbname: wordpress
-      username: wordpress
-      password: secret password
-
    skip_create_jail: false

  tasks:
-    - name: Create Jail
-      command: "bastille create {{jail.name}} {{jail.fbsd_version}} {{jail.ip}} {{jail.host_interface}}"
-      when: skip_create_jail==0
+    - name: Find existing jails
+      become: true
+      shell: |
+        bastille list | cut -f2 -d ' ' |tail -n +2
+      register: existing_jails

-    - name: Install packages
-      command: "bastille pkg {{jail.name}} install -y nginx wordpress mariadb105-server \
+    - name: Find started jails
+      become: true
+      shell: |
+        jls| tr -s ' ' |cut -d ' ' -f4|tail -n +2
+      register: started_jails
+
+    - block:
+      - name: Stop existing jails
+        command: "bastille stop {{ item.value.name }}"
+        when: skip_create_jail==0 and item.value.name in started_jails.stdout_lines
+        loop: "{{jails|dict2items}}"
+        ignore_errors: true
+
+      - name: delete existing jails
+        command: "bastille destroy {{ item.value.name }}"
+        when: skip_create_jail==0 and item.value.name in existing_jails.stdout_lines
+        loop: "{{jails|dict2items}}"
+
+    - name: Create Jail
+      command: "bastille create {{item.value.name}} {{item.value.fbsd_version}} {{item.value.ip}} {{item.value.host_interface}}"
+      when: skip_create_jail==0
+      loop: "{{jails|dict2items}}"
+
+    - name: Install packages on webserver
+      command: "bastille pkg {{jails['webserver'].name}} install -y nginx wordpress \
                php74-mbstring php74-dom php74-openssl php74-filter php74-iconv"

+    - name: Install packages database server
+      command: "bastille pkg {{jails['database'].name}} install -y mariadb105-server"
+
+    - name: Set bind port for mariadb
+      lineinfile:
+        regex: "^port"
+        line: "port = {{database.port}}" 
+        path: "/usr/local/bastille/jails/{{jails['database'].name}}/root/usr/local/etc/mysql/my.cnf"
+
    - name: sysrc enable mariadb
-      command: "bastille sysrc {{jail.name}} mysql_enable='YES'"
+      command: "bastille sysrc {{jails['database'].name}} mysql_enable='YES'"

    - name: start mariadb server
-      command: "bastille service {{jail.name}} mysql-server start"
+      command: "bastille service {{jails['database'].name}} mysql-server restart"

    - name: "mariadb: remove anonymous users"
-      command: "bastille cmd {{jail.name}} mysql -e \"DELETE FROM mysql.user WHERE user=''\""
+      command: "bastille cmd {{jails['database'].name}} mysql -e \"DELETE FROM mysql.user WHERE user=''\""

    - name: "mariadb: Disallow root login remotely"
-      command: "bastille cmd {{jail.name}} mysql -e \"DELETE FROM mysql.global_priv WHERE user='root' AND host NOT IN ('localhost', '127.0.0.1', '::1')\""
+      command: "bastille cmd {{jails['database'].name}} mysql -e \"DELETE FROM mysql.global_priv WHERE user='root' AND host NOT IN ('localhost', '127.0.0.1', '::1')\""

    - name: "mariadb: Drop database test"
-      command: "bastille cmd {{jail.name}} mysql -e \"DROP DATABASE IF EXISTS test\""
+      command: "bastille cmd {{jails['database'].name}} mysql -e \"DROP DATABASE IF EXISTS test\""

    - name: "mariadb: Remove privileges on database test"
-      command: "bastille cmd {{jail.name}} mysql -e \"DELETE FROM mysql.db WHERE SUBSTR(db, 4) == 'test' and user=''\""
+      command: "bastille cmd {{jails['database'].name}} mysql -e \"DELETE FROM mysql.db WHERE SUBSTR(db, 4) == 'test' and user=''\""


    - name: "mariadb: create database for wordpress"
-      command: "bastille cmd {{jail.name}} mysqladmin create {{database.dbname}}"
+      command: "bastille cmd {{jails['database'].name}} mysqladmin create {{database.dbname}}"

    - name: "mariadb: Create a database user for wordpress"
-      command: "bastille cmd {{jail.name}} mysql -e \"GRANT ALL PRIVILEGES ON {{database.dbname}}.* TO '{{database.username}}'@'localhost' IDENTIFIED BY '{{database.password}}'\""
+      command: "bastille cmd {{jails['database'].name}} mysql -e \"GRANT ALL PRIVILEGES ON {{database.dbname}}.* TO '{{database.username}}'@'{{jails['webserver'].ip}}' IDENTIFIED BY '{{database.password}}'\""

    - name: "mariadb: Flush privileges"
-      command: "bastille cmd {{jail.name}} mysqladmin flush-privileges"
+      command: "bastille cmd {{jails['database'].name}} mysqladmin flush-privileges"

    - name: "php: create php.ini"
-      command: "bastille cmd {{jail.name}} cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini"
+      command: "bastille cmd {{jails['webserver'].name}} cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini"

    - name: "php enable php-fpm service"
-      command: "bastille sysrc {{jail.name}} php_fpm_enable='YES'"
+      command: "bastille sysrc {{jails['webserver'].name}} php_fpm_enable='YES'"

    - name: "php start php-fpm service"
-      command: "bastille service {{jail.name}} php-fpm start"
+      command: "bastille service {{jails['webserver'].name}} php-fpm start"

    - name: "nginx: create sites-enabled directory"
-      command: "bastille cmd {{jail.name}} mkdir /usr/local/etc/nginx/sites-enabled"
+      command: "bastille cmd {{jails['webserver'].name}} mkdir /usr/local/etc/nginx/sites-enabled"

    - name: "nginx: configure website"
      template:
        src: wordpress.conf.j2
-        dest: "/usr/local/bastille/jails/{{jail.name}}/root/usr/local/etc/nginx/sites-enabled/{{website.name}}.conf"
+        dest: "/usr/local/bastille/jails/{{jails['webserver'].name}}/root/usr/local/etc/nginx/sites-enabled/{{website.name}}.conf"

    - name: "nginx: configure nginx.conf to include sites-enabled directory"
      lineinfile:
        insertbefore: "}"
        line: "    include sites-enabled/*.conf;"
-        path: "/usr/local/bastille/jails/{{jail.name}}/root/usr/local/etc/nginx/nginx.conf"
+        path: "/usr/local/bastille/jails/{{jails['webserver'].name}}/root/usr/local/etc/nginx/nginx.conf"

    - name: "nginx: enable nginx service"
-      command: "bastille sysrc {{jail.name}} nginx_enable='YES'"
+      command: "bastille sysrc {{jails['webserver'].name}} nginx_enable='YES'"

    - name: "nginx: start nginx service"
-      command: "bastille service {{jail.name}} nginx restart"
+      command: "bastille service {{jails['webserver'].name}} nginx restart"

    - name: "copy wordpress folder for new website"
-      command: "bastille cmd {{jail.name}} cp -R /usr/local/www/wordpress /usr/local/www/{{website.name}}"
+      command: "bastille cmd {{jails['webserver'].name}} cp -R /usr/local/www/wordpress /usr/local/www/{{website.name}}"

    - name: "wordpress: create wp-config.php"
      template:
        src: wp-config.php.j2
-        dest: "/usr/local/bastille/jails/{{jail.name}}/root/usr/local/www/{{website.name}}/wp-config.php"
-
+        dest: "/usr/local/bastille/jails/{{jails['webserver'].name}}/root/usr/local/www/{{website.name}}/wp-config.php"

--- a/templates/wp-config.php.j2
+++ b/templates/wp-config.php.j2
@ -1,90 +1,90 @@
-<?php
-/**
- * The base configuration for WordPress
- *
- * The wp-config.php creation script uses this file during the
- * installation. You don't have to use the web site, you can
- * copy this file to "wp-config.php" and fill in the values.
- *
- * This file contains the following configurations:
- *
- * * MySQL settings
- * * Secret keys
- * * Database table prefix
- * * ABSPATH
- *
- * @link https://wordpress.org/support/article/editing-wp-config-php/
- *
- * @package WordPress
- */
-
-// ** MySQL settings - You can get this info from your web host ** //
-/** The name of the database for WordPress */
-define( 'DB_NAME', '{{database.dbname}}' );
-
-/** MySQL database username */
-define( 'DB_USER', '{{database.username}}' );
-
-/** MySQL database password */
-define( 'DB_PASSWORD', '{{database.password}}' );
-
-/** MySQL hostname */
-define( 'DB_HOST', '{{database.host}}' );
-
-/** Database Charset to use in creating database tables. */
-define( 'DB_CHARSET', 'utf8' );
-
-/** The Database Collate type. Don't change this if in doubt. */
-define( 'DB_COLLATE', '' );
-
-/**#@+
- * Authentication Unique Keys and Salts.
- *
- * Change these to different unique phrases!
- * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
- * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
- *
- * @since 2.6.0
- */
-define( 'AUTH_KEY',         'put your unique phrase here' );
-define( 'SECURE_AUTH_KEY',  'put your unique phrase here' );
-define( 'LOGGED_IN_KEY',    'put your unique phrase here' );
-define( 'NONCE_KEY',        'put your unique phrase here' );
-define( 'AUTH_SALT',        'put your unique phrase here' );
-define( 'SECURE_AUTH_SALT', 'put your unique phrase here' );
-define( 'LOGGED_IN_SALT',   'put your unique phrase here' );
-define( 'NONCE_SALT',       'put your unique phrase here' );
-
-/**#@-*/
-
-/**
- * WordPress Database Table prefix.
- *
- * You can have multiple installations in one database if you give each
- * a unique prefix. Only numbers, letters, and underscores please!
- */
-$table_prefix = 'wp_';
-
-/**
- * For developers: WordPress debugging mode.
- *
- * Change this to true to enable the display of notices during development.
- * It is strongly recommended that plugin and theme developers use WP_DEBUG
- * in their development environments.
- *
- * For information on other constants that can be used for debugging,
- * visit the documentation.
- *
- * @link https://wordpress.org/support/article/debugging-in-wordpress/
- */
-define( 'WP_DEBUG', false );
-
-/* That's all, stop editing! Happy publishing. */
-
-/** Absolute path to the WordPress directory. */
-if ( ! defined( 'ABSPATH' ) ) {
-	define( 'ABSPATH', __DIR__ . '/' );
-}
-
-/** Sets up WordPress vars and included files. */
-require_once ABSPATH . 'wp-settings.php';
+<?php
+/**
+ * The base configuration for WordPress
+ *
+ * The wp-config.php creation script uses this file during the
+ * installation. You don't have to use the web site, you can
+ * copy this file to "wp-config.php" and fill in the values.
+ *
+ * This file contains the following configurations:
+ *
+ * * MySQL settings
+ * * Secret keys
+ * * Database table prefix
+ * * ABSPATH
+ *
+ * @link https://wordpress.org/support/article/editing-wp-config-php/
+ *
+ * @package WordPress
+ */
+
+// ** MySQL settings - You can get this info from your web host ** //
+/** The name of the database for WordPress */
+define( 'DB_NAME', '{{database.dbname}}' );
+
+/** MySQL database username */
+define( 'DB_USER', '{{database.username}}' );
+
+/** MySQL database password */
+define( 'DB_PASSWORD', '{{database.password}}' );
+
+/** MySQL hostname */
+define( 'DB_HOST', '{{jails['database'].ip}}:{{database.port}}' );
+
+/** Database Charset to use in creating database tables. */
+define( 'DB_CHARSET', 'utf8' );
+
+/** The Database Collate type. Don't change this if in doubt. */
+define( 'DB_COLLATE', '' );
+
+/**#@+
+ * Authentication Unique Keys and Salts.
+ *
+ * Change these to different unique phrases!
+ * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
+ * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
+ *
+ * @since 2.6.0
+ */
+define( 'AUTH_KEY',         'put your unique phrase here' );
+define( 'SECURE_AUTH_KEY',  'put your unique phrase here' );
+define( 'LOGGED_IN_KEY',    'put your unique phrase here' );
+define( 'NONCE_KEY',        'put your unique phrase here' );
+define( 'AUTH_SALT',        'put your unique phrase here' );
+define( 'SECURE_AUTH_SALT', 'put your unique phrase here' );
+define( 'LOGGED_IN_SALT',   'put your unique phrase here' );
+define( 'NONCE_SALT',       'put your unique phrase here' );
+
+/**#@-*/
+
+/**
+ * WordPress Database Table prefix.
+ *
+ * You can have multiple installations in one database if you give each
+ * a unique prefix. Only numbers, letters, and underscores please!
+ */
+$table_prefix = 'wp_';
+
+/**
+ * For developers: WordPress debugging mode.
+ *
+ * Change this to true to enable the display of notices during development.
+ * It is strongly recommended that plugin and theme developers use WP_DEBUG
+ * in their development environments.
+ *
+ * For information on other constants that can be used for debugging,
+ * visit the documentation.
+ *
+ * @link https://wordpress.org/support/article/debugging-in-wordpress/
+ */
+define( 'WP_DEBUG', false );
+
+/* That's all, stop editing! Happy publishing. */
+
+/** Absolute path to the WordPress directory. */
+if ( ! defined( 'ABSPATH' ) ) {
+	define( 'ABSPATH', __DIR__ . '/' );
+}
+
+/** Sets up WordPress vars and included files. */
+require_once ABSPATH . 'wp-settings.php';