From 084505c90e4d6a52fc18db49e6e1590b80086c01 Mon Sep 17 00:00:00 2001
From: "Justin W. Flory" <git@jwf.io>
Date: Wed, 17 Aug 2016 07:31:07 -0400
Subject: [PATCH] Add role and playbooks for installing and upgrading WordPress
 sites

This commit is related to my Google Summer of Code 2016 project proposal. The full details are described on my project proposal for the summer:

    https://fedoraproject.org/wiki/GSOC_2016/Student_Application_jflory7

A brief breakdown / description of what this commit includes as follows...

== What ==

Includes a role, a playbook, and a standalone playbook. The main playbook, which utilizes the `wordpress` role, is used for installing and adding new WordPress sites into Fedora's infrastructure. The playbook also stands up an Apache web server with a MariaDB database. These are the other key required features of a WordPress site, but already have roles in Fedora's infrastructure. Combined with my `wordpress` role, it is possible to install WordPress on any host or groups of hosts simultaneously.

The standalone playbook handles upgrading an existing WordPress instance in Fedora's infrastructure. It successfully works in my local environment, but it has not yet been tested in a production environment. Right now, it will upgrade the instance and then the user is required to complete the upgrade in the WordPress front-end. Using a tool like wp-cli...

    http://wp-cli.org/

...it should be possible to automate this process and have a full upgrade take place, without any interaction in a web interface. This is part of the plan for improvement past GSoC 2016. It should be fairly simple to incorporate into this playbook.

== Caveats ==

During the final week of GSoC, a few problems cropped up, but all of them were related to workflow-related issues. Without having sysadmin access to a staging instance that is actively "involved" in the rest of Fedora's Ansible set-up, it was difficult to test (e.g. I would have problems executing the Apache role in my environment, but it works as expected in Fedora's *actual* infrastructure). There may be a few caveats to work through from after merging into the mainline repository, but all WordPress-related activity was successfully tested in a local development environment, so modifications and changes should be minimal.

== Concerns ==

Any concerns over this commit or the files / role / playbooks introduced with these commits can be directed to myself or Patrick Uiterwijk, my GSoC 2016 mentor.

* Justin W. Flory, jflory7 <jflory7@fedoraproject.org>
* Patrick Uiterwijk, puiterwijk <puiterwijk@redhat.com>
---
 playbooks/manual/upgrade/wordpress.yml             |  43 ++++++
 playbooks/manual/wordpress-install.yml             |  16 +++
 roles/wordpress/tasks/main.yml                     | 121 +++++++++++++++++
 roles/wordpress/templates/app/tasks/main.retry     |   4 +
 roles/wordpress/templates/app/tasks/main.yml       | 144 +++++++++++++++++++++
 .../templates/app/templates/wp-config.php          |  90 +++++++++++++
 roles/wordpress/templates/app/vars/all.yml         |  27 ++++
 .../wordpress/templates/database/tasks/main.retry  |   4 +
 roles/wordpress/templates/database/tasks/main.yml  |  26 ++++
 roles/wordpress/templates/tasks/main.retry         |   4 +
 roles/wordpress/templates/tasks/main.yml           | 137 ++++++++++++++++++++
 roles/wordpress/templates/templates/wp-config.php  |  90 +++++++++++++
 roles/wordpress/templates/vars/all.yml             |  27 ++++
 roles/wordpress/templates/wp-config.php            |  88 +++++++++++++
 14 files changed, 821 insertions(+)
 create mode 100644 playbooks/manual/upgrade/wordpress.yml
 create mode 100644 playbooks/manual/wordpress-install.yml
 create mode 100644 roles/wordpress/tasks/main.yml
 create mode 100644 roles/wordpress/templates/app/tasks/main.retry
 create mode 100644 roles/wordpress/templates/app/tasks/main.yml
 create mode 100644 roles/wordpress/templates/app/templates/wp-config.php
 create mode 100644 roles/wordpress/templates/app/vars/all.yml
 create mode 100644 roles/wordpress/templates/database/tasks/main.retry
 create mode 100644 roles/wordpress/templates/database/tasks/main.yml
 create mode 100644 roles/wordpress/templates/tasks/main.retry
 create mode 100644 roles/wordpress/templates/tasks/main.yml
 create mode 100644 roles/wordpress/templates/templates/wp-config.php
 create mode 100644 roles/wordpress/templates/vars/all.yml
 create mode 100644 roles/wordpress/templates/wp-config.php

diff --git a/playbooks/manual/upgrade/wordpress.yml b/playbooks/manual/upgrade/wordpress.yml
new file mode 100644
index 0000000..facebf7
--- /dev/null
+++ b/playbooks/manual/upgrade/wordpress.yml
@@ -0,0 +1,43 @@
+---
+# Upgrading existing WordPress applications
+
+- name: "Upgrade WordPress on an existing host."
+  hosts: wordpress
+
+  tasks:
+    - name: "Create folders for installation."
+      file:
+        path=/opt/wordpress-latest
+        state=directory
+        group=wordpress
+        recurse=true
+
+    - name: "Download and extract WordPress to /opt/."
+      unarchive: >
+        src=https://wordpress.org/latest.zip
+        dest=/opt/wordpress-latest
+        copy=no
+        creates=/opt/wordpress-latest/wordpress
+        group=wordpress
+        owner=wordpress
+      tags:
+      - upgrade
+      - wordpress
+
+    - name: "Synchronize upstream update to WordPress directories."
+      synchronize: >
+        src=/opt/wordpress-latest/wordpress/*
+        dest=/opt/wordpress-{{ inventory_hostname }}/wordpress
+
+    - name: "Change ownership of WordPress installation, in case it wasn't preserved."
+      file: >
+        path=/opt/wordpress-{{ inventory_hostname }}/wordpress/
+        owner=wordpress
+        group=wordpress
+        state=directory
+        recurse=yes
+      notify:
+      - service apache restart
+      tags:
+      - config
+      - wordpress
diff --git a/playbooks/manual/wordpress-install.yml b/playbooks/manual/wordpress-install.yml
new file mode 100644
index 0000000..9af41e6
--- /dev/null
+++ b/playbooks/manual/wordpress-install.yml
@@ -0,0 +1,16 @@
+---
+# requires --extra-vars="target='host1:host2:group etc' wp_domain='example.com:example.net'"
+
+- name: Install a new WordPress instance
+  hosts: "{{ target }}"
+  remote_user: root
+
+  roles:
+    - apache
+    - mariadb_server
+    - wordpress
+    - { role: wordpress, wp_domain: "{{ domains }}" }
+
+  handlers:
+  - include: "/home/jflory/Software/GSoC/ansible/handlers/restart_services.yml"
+    static: yes
diff --git a/roles/wordpress/tasks/main.yml b/roles/wordpress/tasks/main.yml
new file mode 100644
index 0000000..189a35b
--- /dev/null
+++ b/roles/wordpress/tasks/main.yml
@@ -0,0 +1,121 @@
+---
+# Installation for WordPress applications
+
+- name: "Install WordPress PHP dependencies."
+  yum: name={{ item }} state=present
+  with_items:
+  - MySQL-python
+  - php
+  - php-mysql
+  tags:
+  - packages
+  - wordpress
+
+- name: "Install SELinux toolset for defining policy."
+  yum: pkg=policycoreutils-python state=present
+  tags:
+  - selinux
+  - wordpress
+
+- name: "Add wordpress group."
+  group: name=wordpress
+  tags:
+  - config
+  - wordpress
+
+- name: "Add wordpress user."
+  user: >
+    name=wordpress
+    group=wordpress
+    home=/opt/wordpress-{{ wp_domain }}
+  tags:
+  - config
+  - wordpress
+
+- name: "Create folders for installation."
+  file:
+    path=/opt/wordpress-{{ wp_domain }}
+    state=directory
+    group=wordpress
+    recurse=true
+
+- name: "Download and extract WordPress to /opt/."
+  unarchive:
+    src=https://wordpress.org/wordpress-{{ wp_version }}.tar.gz
+    dest=/opt/wordpress-{{ wp_domain }}
+    copy=no
+    creates=/opt/wordpress-{{ wp_domain }}/wordpress
+    group=wordpress
+    owner=wordpress
+  tags:
+  - install
+  - wordpress
+
+- name: "Copy WordPress config file to the server directory."
+  template: >
+    src=wp-config.php
+    dest=/opt/wordpress-{{ wp_domain }}/wordpress/
+  notify:
+  - restart apache
+  tags:
+  - config
+  - wordpress
+
+- name: "Change ownership of WordPress installation."
+  file: >
+    path=/opt/wordpress-{{ wp_domain }}/wordpress/
+    owner=wordpress
+    group=wordpress
+    state=directory
+    recurse=yes
+  tags:
+  - config
+  - wordpress
+
+- name: "Set SELinux policy for the WordPress directory."
+  command: semanage fcontext -a -t httpd_sys_content_t "/opt/wordpress-{{ wp_domain }}/wordpress(/.*)?"
+  tags:
+  - selinux
+  - wordpress
+  
+- name: "Set SELinux policy for wp-config.php."
+  command: semanage fcontext -a -t httpd_sys_script_exec_t "/opt/wordpress-{{ wp_domain }}/wordpress/wp-config\.php"
+  tags:
+  - selinux
+  - wordpress
+
+- name: "Set SELinux policy for wp-content directory."
+  command: semanage fcontext -a -t httpd_sys_rw_content_t "/opt/wordpress-{{ wp_domain }}/wordpress/wp-content(/.*)?"
+  tags:
+  - selinux
+  - wordpress
+
+- name: "Set SELinux policy for the *.php files."
+  command: semanage fcontext -a -t httpd_sys_script_exec_t "/opt/wordpress-{{ wp_domain }}/wordpress/.*\.php"
+  tags:
+  - selinux
+  - wordpress
+
+- name: "Set SELinux policy for the Upgrade directory."
+  command: semanage fcontext -a -t httpd_sys_rw_content_t "/opt/wordpress-{{ wp_domain }}/wordpress/wp-content/upgrade(/.*)?"
+  tags:
+  - selinux
+  - wordpress
+
+- name: "Set SELinux policy for the Uploads directory."
+  command: semanage fcontext -a -t httpd_sys_rw_content_t "/opt/wordpress-{{ wp_domain }}/wordpress/wp-content/uploads(/.*)?"
+  tags:
+  - selinux
+  - wordpress
+
+- name: "Set SELinux policy for the wp-includes php files."
+  command: semanage fcontext -a -t httpd_sys_script_exec_t "/opt/wordpress-{{ wp_domain }}/wordpress/wp-includes/.*\.php"
+  tags:
+  - selinux
+  - wordpress
+
+- name: "Restore SELinux context on all files."
+  command: restorecon -Rv /opt/wordpress-{{ wp_domain }}/wordpress
+  tags:
+  - selinux
+  - wordpress
diff --git a/roles/wordpress/templates/app/tasks/main.retry b/roles/wordpress/templates/app/tasks/main.retry
new file mode 100644
index 0000000..09674a6
--- /dev/null
+++ b/roles/wordpress/templates/app/tasks/main.retry
@@ -0,0 +1,4 @@
+b1.stg.derezzed.justinwflory.com
+b2.stg.derezzed.justinwflory.com
+b3.stg.derezzed.justinwflory.com
+b4.stg.derezzed.justinwflory.com
diff --git a/roles/wordpress/templates/app/tasks/main.yml b/roles/wordpress/templates/app/tasks/main.yml
new file mode 100644
index 0000000..d277369
--- /dev/null
+++ b/roles/wordpress/templates/app/tasks/main.yml
@@ -0,0 +1,144 @@
+---
+# Installation for WordPress applications
+
+- name: Install WordPress on a new host.
+  hosts: wordpress
+
+  tasks:
+    - name: "Install WordPress PHP dependencies."
+      yum: name={{ item }} state=present
+      with_items:
+      - MySQL-python
+      - php
+      - php-mysql
+#      - httpd
+#      - mariadb-server
+      tags:
+      - packages
+      - wordpress
+
+    - name: "Download WordPress from wordpress.com."
+      get_url: >
+        url=https://wordpress.org/wordpress-{{ wp_version }}.tar.gz
+        dest=/srv/wordpress-{{ wp_version }}.tar.gz
+        sha256sum="{{ wp_sha256sum }}"
+      tags:
+      - install
+      - wordpress
+
+    - name: "Extract WordPress to /opt/."
+      command: >
+        chdir=/opt/ tar xvf wordpress-{{ wp_version }}.tar.gz
+        creates=/opt/wordpress-{{ inventory_hostname }}
+      tags:
+      - install
+      - wordpress
+
+    - name: "Add wordpress group."
+      group: name=wordpress
+      tags:
+      - config
+      - wordpress
+
+    - name: "Add wordpress user."
+      user: >
+        name=wordpress
+        group=wordpress
+        home=/opt/wordpress-{{ inventory_hostname }}/
+      tags:
+      - config
+      - wordpress
+
+    - name: "Create WordPress MySQL database."
+      mysql_db: name={{ wp_db_name }} state=present
+      tags:
+      - config
+      - mysql
+      - wordpress
+
+    - name: "Create WordPress MySQL database user."
+      mysql_user: >
+        name={{ wp_db_user }}
+        password={{ wp_db_password }}
+        priv={{ wp_db_name }}.*:ALL
+        host='localhost'
+        state=present
+      tags:
+      - config
+      - mysql
+      - wordpress
+
+    - name: "Copy WordPress config file to the server directory."
+      template: >
+        src=wp-config.php
+        dest=/opt/wordpress-{{ inventory_hostname }}/
+      notify:
+      - restart apache
+      tags:
+      - config
+      - wordpress
+
+    - name: "Change ownership of WordPress installation."
+      file: >
+        path=/opt/wordpress-{{ inventory_hostname }}/
+        owner=wordpress
+        group=wordpress
+        state=directory
+        recurse=yes
+      tags:
+      - config
+      - wordpress
+
+    - name: "Install SELinux toolset for defining policy."
+      yum: pkg=policycoreutils-python state=present
+      tags:
+      - selinux
+      - wordpress
+
+    - name: "Set SELinux policy for the WordPress directory."
+      command: semanage fcontext -a -t httpd_sys_content_t "/opt/wordpress-{{ inventory_hostname }}(/.*)?"
+      tags:
+      - selinux
+      - wordpress
+      
+    - name: "Set SELinux policy for wp-config.php."
+      command: semanage fcontext -a -t httpd_sys_script_exec_t "/opt/wordpress-{{ inventory_hostname }}/wp-config\.php"
+      tags:
+      - selinux
+      - wordpress
+
+    - name: "Set SELinux policy for wp-content directory."
+      command: semanage fcontext -a -t httpd_sys_rw_content_t "/opt/wordpress-{{ inventory_hostname }}/wp-content(/.*)?"
+      tags:
+      - selinux
+      - wordpress
+
+    - name: "Set SELinux policy for the *.php files."
+      command: semanage fcontext -a -t httpd_sys_script_exec_t "/opt/wordpress-{{ inventory_hostname }}/.*\.php"
+      tags:
+      - selinux
+      - wordpress
+
+    - name: "Set SELinux policy for the Upgrade directory."
+      command: semanage fcontext -a -t httpd_sys_rw_content_t "/opt/wordpress-{{ inventory_hostname }}/wp-content/upgrade(/.*)?"
+      tags:
+      - selinux
+      - wordpress
+
+    - name: "Set SELinux policy for the Uploads directory."
+      command: semanage fcontext -a -t httpd_sys_rw_content_t "/opt/wordpress-{{ inventory_hostname }}/wp-content/uploads(/.*)?"
+      tags:
+      - selinux
+      - wordpress
+
+    - name: "Set SELinux policy for the wp-includes php files."
+      command: semanage fcontext -a -t httpd_sys_script_exec_t "/opt/wordpress-{{ inventory_hostname }}/wp-includes/.*\.php"
+      tags:
+      - selinux
+      - wordpress
+
+    - name: "Restore SELinux context on all files."
+      command: restorecon -Rv /opt/wordpress-{{ inventory_hostname }}
+      tags:
+      - selinux
+      - wordpress
diff --git a/roles/wordpress/templates/app/templates/wp-config.php b/roles/wordpress/templates/app/templates/wp-config.php
new file mode 100644
index 0000000..5694520
--- /dev/null
+++ b/roles/wordpress/templates/app/templates/wp-config.php
@@ -0,0 +1,90 @@
+<?php
+/**
+ * The base configurations of the WordPress.
+ *
+ * This file has the following configurations: MySQL settings, Table Prefix,
+ * Secret Keys, WordPress Language, and ABSPATH. You can find more information
+ * by visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing
+ * wp-config.php} Codex page. You can get the MySQL settings from your web host.
+ *
+ * This file is used by the wp-config.php creation script during the
+ * installation. You don't have to use the web site, you can just copy this file
+ * to "wp-config.php" and fill in the values.
+ *
+ * @package WordPress
+ */
+
+// ** MySQL settings - You can get this info from your web host ** //
+/** The name of the database for WordPress */
+define('DB_NAME', '{{ wp_db_name }}');
+
+/** MySQL database username */
+define('DB_USER', '{{ wp_db_user }}');
+
+/** MySQL database password */
+define('DB_PASSWORD', '{{ wp_db_password }}');
+
+/** MySQL hostname */
+define('DB_HOST', 'localhost');
+
+/** Database Charset to use in creating database tables. */
+define('DB_CHARSET', 'utf8');
+
+/** The Database Collate type. Don't change this if in doubt. */
+define('DB_COLLATE', '');
+
+/**#@+
+ * Authentication Unique Keys and Salts.
+ *
+ * Change these to different unique phrases!
+ * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
+ * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
+ *
+ * @since 2.6.0
+ */
+
+{{ wp_salt.stdout }}
+
+/**#@-*/
+
+/**
+ * WordPress Database Table prefix.
+ *
+ * You can have multiple installations in one database if you give each a unique
+ * prefix. Only numbers, letters, and underscores please!
+ */
+$table_prefix  = 'wp_';
+
+/**
+ * WordPress Localized Language, defaults to English.
+ *
+ * Change this to localize WordPress. A corresponding MO file for the chosen
+ * language must be installed to wp-content/languages. For example, install
+ * de_DE.mo to wp-content/languages and set WPLANG to 'de_DE' to enable German
+ * language support.
+ */
+define('WPLANG', '');
+
+/**
+ * For developers: WordPress debugging mode.
+ *
+ * Change this to true to enable the display of notices during development.
+ * It is strongly recommended that plugin and theme developers use WP_DEBUG
+ * in their development environments.
+ */
+define('WP_DEBUG', false);
+
+/** Disable Automatic Updates Completely */
+define( 'AUTOMATIC_UPDATER_DISABLED', {{auto_up_disable}} );
+
+/** Define AUTOMATIC Updates for Components. */
+define( 'WP_AUTO_UPDATE_CORE', {{core_update_level}} );
+
+/* That's all, stop editing! Happy blogging. */
+
+/** Absolute path to the WordPress directory. */
+if ( !defined('ABSPATH') )
+	define('ABSPATH', dirname(__FILE__) . '/');
+
+/** Sets up WordPress vars and included files. */
+require_once(ABSPATH . 'wp-settings.php');
diff --git a/roles/wordpress/templates/app/vars/all.yml b/roles/wordpress/templates/app/vars/all.yml
new file mode 100644
index 0000000..5da856f
--- /dev/null
+++ b/roles/wordpress/templates/app/vars/all.yml
@@ -0,0 +1,27 @@
+---
+# WordPress version settings
+wp_version: 4.5.3
+wp_sha256sum: fd94288cd6fc657b2d8061737fcb121fc6acbe18acfcff80661e49fd2d3ee17c
+
+# MySQL settings
+mysqlservice: mysqld
+mysql_port: 3306
+
+# WordPress database settings
+wp_db_name: wordpress
+wp_db_user: wordpress
+wp_db_password: ThisIsNotSecure
+
+# Apache server configuration
+apache_port: 80
+server_hostname: derezzed.justinwflory.com
+
+# Disable All Updates
+# By default automatic updates are enabled, set this value to true to disable all automatic updates
+auto_up_disable: false
+
+#Define Core Update Level
+# true  = Development, minor, and major updates are all enabled
+# false = Development, minor, and major updates are all disabled
+# minor = Minor updates are enabled, development, and major updates are disabled
+core_update_level: true
diff --git a/roles/wordpress/templates/database/tasks/main.retry b/roles/wordpress/templates/database/tasks/main.retry
new file mode 100644
index 0000000..09674a6
--- /dev/null
+++ b/roles/wordpress/templates/database/tasks/main.retry
@@ -0,0 +1,4 @@
+b1.stg.derezzed.justinwflory.com
+b2.stg.derezzed.justinwflory.com
+b3.stg.derezzed.justinwflory.com
+b4.stg.derezzed.justinwflory.com
diff --git a/roles/wordpress/templates/database/tasks/main.yml b/roles/wordpress/templates/database/tasks/main.yml
new file mode 100644
index 0000000..8361ef3
--- /dev/null
+++ b/roles/wordpress/templates/database/tasks/main.yml
@@ -0,0 +1,26 @@
+---
+# Installation of a database for a WordPress site
+
+- name: "Install WP DB."
+  hosts: wordpress
+
+  vars:
+    - ansible_user: centos
+
+  tasks:
+    - name: "Create WordPress MySQL database."
+      mysql_db: name={{ wp_db_name }} state=present
+      tags:
+      - mysql
+      - wordpress
+
+    - name: "Create WordPress MySQL database user."
+      mysql_user: >
+        name={{ wp_db_user }}
+        password={{ wp_db_password }}
+        priv={{ wp_db_name }}.*:ALL
+        host='localhost'
+        state=present
+      tags:
+      - mysql
+      - wordpress
\ No newline at end of file
diff --git a/roles/wordpress/templates/tasks/main.retry b/roles/wordpress/templates/tasks/main.retry
new file mode 100644
index 0000000..09674a6
--- /dev/null
+++ b/roles/wordpress/templates/tasks/main.retry
@@ -0,0 +1,4 @@
+b1.stg.derezzed.justinwflory.com
+b2.stg.derezzed.justinwflory.com
+b3.stg.derezzed.justinwflory.com
+b4.stg.derezzed.justinwflory.com
diff --git a/roles/wordpress/templates/tasks/main.yml b/roles/wordpress/templates/tasks/main.yml
new file mode 100644
index 0000000..5c7f3e8
--- /dev/null
+++ b/roles/wordpress/templates/tasks/main.yml
@@ -0,0 +1,137 @@
+---
+# Installation for WordPress applications
+
+- name: "Install WordPress PHP dependencies."
+  yum: name={{ item }} state=present
+  with_items:
+  - php
+  - php-mysql
+#  - httpd
+#  - mariadb-server
+  tags:
+  - packages
+  - wordpress
+
+- name: "Download WordPress from wordpress.com."
+  get_url: >
+    url=https://wordpress.org/wordpress-{{ wp_version }}.tar.gz
+    dest=/srv/wordpress-{{ wp_version }}.tar.gz
+    sha256sum="{{ wp_sha256sum }}"
+  tags:
+  - install
+  - wordpress
+
+- name: "Extract WordPress to /opt/."
+  command: >
+    chdir=/opt/ tar xvf wordpress-{{ wp_version }}.tar.gz
+    creates=/opt/wordpress
+  tags:
+  - install
+  - wordpress
+
+- name: "Add group "wordpress"."
+  group: name=wordpress
+  tags:
+  - config
+  - wordpress
+
+- name: "Add user "wordpress"."
+  user: >
+    name=wordpress
+    group=wordpress
+    home=/opt/wordpress/
+  tags:
+  - config
+  - wordpress
+
+- name: "Create WordPress MySQL database."
+  mysql_db: name={{ wp_db_name }} state=present
+  tags:
+  - config
+  - mysql
+  - wordpress
+
+- name: "Create WordPress MySQL database user."
+  mysql_user: >
+    name={{ wp_db_user }}
+    password={{ wp_db_password }}
+    priv={{ wp_db_name }}.*:ALL
+    host='localhost'
+    state=present
+  tags:
+  - config
+  - mysql
+  - wordpress
+
+- name: "Copy WordPress config file to the server directory."
+  template: >
+    src=wp-config.php
+    dest=/opt/wordpress/
+  tags:
+  - config
+  - wordpress
+
+- name: "Change ownership of WordPress installation."
+  file: >
+    path=/opt/wordpress/
+    owner=wordpress
+    group=wordpress
+    state=directory
+    recurse=yes
+  tags:
+  - config
+  - wordpress
+
+- name: "Install SELinux toolset for defining policy."
+  yum: pkg=policycoreutils-python state=present
+  tags:
+  - selinux
+  - wordpress
+
+- name: "Set SELinux policy for the WordPress directory."
+  command: semanage fcontext -a -t httpd_sys_content_t "/opt/wordpress(/.*)?"
+  tags:
+  - selinux
+  - wordpress
+  
+- name: "Set SELinux policy for wp-config.php."
+  command: semanage fcontext -a -t httpd_sys_script_exec_t "/opt/wordpress/wp-config\.php"
+  tags:
+  - selinux
+  - wordpress
+
+- name: "Set SELinux policy for wp-content directory."
+  command: semanage fcontext -a -t httpd_sys_rw_content_t "/opt/wordpress/wp-content(/.*)?"
+  tags:
+  - selinux
+  - wordpress
+
+- name: "Set SELinux policy for the *.php files."
+  command: semanage fcontext -a -t httpd_sys_script_exec_t "/opt/wordpress/.*\.php"
+  tags:
+  - selinux
+  - wordpress
+
+- name: "Set SELinux policy for the Upgrade directory."
+  command: semanage fcontext -a -t httpd_sys_rw_content_t "/opt/wordpress/wp-content/upgrade(/.*)?"
+  tags:
+  - selinux
+  - wordpress
+
+- name: "Set SELinux policy for the Uploads directory."
+  command: semanage fcontext -a -t httpd_sys_rw_content_t "/opt/wordpress/wp-content/uploads(/.*)?"
+  tags:
+  - selinux
+  - wordpress
+
+- name: "Set SELinux policy for the wp-includes php files."
+  command: semanage fcontext -a -t httpd_sys_script_exec_t "/opt/wordpress/wp-includes/.*\.php"
+  tags:
+  - selinux
+  - wordpress
+
+- name: "Restore SELinux context on all files."
+  command: restorecon -Rv /opt/wordpress
+  tags:
+  - selinux
+  - wordpress
diff --git a/roles/wordpress/templates/templates/wp-config.php b/roles/wordpress/templates/templates/wp-config.php
new file mode 100644
index 0000000..5694520
--- /dev/null
+++ b/roles/wordpress/templates/templates/wp-config.php
@@ -0,0 +1,90 @@
+<?php
+/**
+ * The base configurations of the WordPress.
+ *
+ * This file has the following configurations: MySQL settings, Table Prefix,
+ * Secret Keys, WordPress Language, and ABSPATH. You can find more information
+ * by visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing
+ * wp-config.php} Codex page. You can get the MySQL settings from your web host.
+ *
+ * This file is used by the wp-config.php creation script during the
+ * installation. You don't have to use the web site, you can just copy this file
+ * to "wp-config.php" and fill in the values.
+ *
+ * @package WordPress
+ */
+
+// ** MySQL settings - You can get this info from your web host ** //
+/** The name of the database for WordPress */
+define('DB_NAME', '{{ wp_db_name }}');
+
+/** MySQL database username */
+define('DB_USER', '{{ wp_db_user }}');
+
+/** MySQL database password */
+define('DB_PASSWORD', '{{ wp_db_password }}');
+
+/** MySQL hostname */
+define('DB_HOST', 'localhost');
+
+/** Database Charset to use in creating database tables. */
+define('DB_CHARSET', 'utf8');
+
+/** The Database Collate type. Don't change this if in doubt. */
+define('DB_COLLATE', '');
+
+/**#@+
+ * Authentication Unique Keys and Salts.
+ *
+ * Change these to different unique phrases!
+ * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
+ * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
+ *
+ * @since 2.6.0
+ */
+
+{{ wp_salt.stdout }}
+
+/**#@-*/
+
+/**
+ * WordPress Database Table prefix.
+ *
+ * You can have multiple installations in one database if you give each a unique
+ * prefix. Only numbers, letters, and underscores please!
+ */
+$table_prefix  = 'wp_';
+
+/**
+ * WordPress Localized Language, defaults to English.
+ *
+ * Change this to localize WordPress. A corresponding MO file for the chosen
+ * language must be installed to wp-content/languages. For example, install
+ * de_DE.mo to wp-content/languages and set WPLANG to 'de_DE' to enable German
+ * language support.
+ */
+define('WPLANG', '');
+
+/**
+ * For developers: WordPress debugging mode.
+ *
+ * Change this to true to enable the display of notices during development.
+ * It is strongly recommended that plugin and theme developers use WP_DEBUG
+ * in their development environments.
+ */
+define('WP_DEBUG', false);
+
+/** Disable Automatic Updates Completely */
+define( 'AUTOMATIC_UPDATER_DISABLED', {{auto_up_disable}} );
+
+/** Define AUTOMATIC Updates for Components. */
+define( 'WP_AUTO_UPDATE_CORE', {{core_update_level}} );
+
+/* That's all, stop editing! Happy blogging. */
+
+/** Absolute path to the WordPress directory. */
+if ( !defined('ABSPATH') )
+	define('ABSPATH', dirname(__FILE__) . '/');
+
+/** Sets up WordPress vars and included files. */
+require_once(ABSPATH . 'wp-settings.php');
diff --git a/roles/wordpress/templates/vars/all.yml b/roles/wordpress/templates/vars/all.yml
new file mode 100644
index 0000000..5da856f
--- /dev/null
+++ b/roles/wordpress/templates/vars/all.yml
@@ -0,0 +1,27 @@
+---
+# WordPress version settings
+wp_version: 4.5.3
+wp_sha256sum: fd94288cd6fc657b2d8061737fcb121fc6acbe18acfcff80661e49fd2d3ee17c
+
+# MySQL settings
+mysqlservice: mysqld
+mysql_port: 3306
+
+# WordPress database settings
+wp_db_name: wordpress
+wp_db_user: wordpress
+wp_db_password: ThisIsNotSecure
+
+# Apache server configuration
+apache_port: 80
+server_hostname: derezzed.justinwflory.com
+
+# Disable All Updates
+# By default automatic updates are enabled, set this value to true to disable all automatic updates
+auto_up_disable: false
+
+#Define Core Update Level
+# true  = Development, minor, and major updates are all enabled
+# false = Development, minor, and major updates are all disabled
+# minor = Minor updates are enabled, development, and major updates are disabled
+core_update_level: true
diff --git a/roles/wordpress/templates/wp-config.php b/roles/wordpress/templates/wp-config.php
new file mode 100644
index 0000000..9198787
--- /dev/null
+++ b/roles/wordpress/templates/wp-config.php
@@ -0,0 +1,88 @@
+<?php
+/**
+ * The base configurations of the WordPress.
+ *
+ * This file has the following configurations: MySQL settings, Table Prefix,
+ * Secret Keys, WordPress Language, and ABSPATH. You can find more information
+ * by visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing
+ * wp-config.php} Codex page. You can get the MySQL settings from your web host.
+ *
+ * This file is used by the wp-config.php creation script during the
+ * installation. You don't have to use the web site, you can just copy this file
+ * to "wp-config.php" and fill in the values.
+ *
+ * @package WordPress
+ */
+
+// ** MySQL settings - You can get this info from your web host ** //
+/** The name of the database for WordPress */
+define('DB_NAME', '{{ wp_db_name }}');
+
+/** MySQL database username */
+define('DB_USER', '{{ wp_db_user }}');
+
+/** MySQL database password */
+define('DB_PASSWORD', '{{ wp_db_password }}');
+
+/** MySQL hostname */
+define('DB_HOST', 'localhost');
+
+/** Database Charset to use in creating database tables. */
+define('DB_CHARSET', 'utf8');
+
+/** The Database Collate type. Don't change this if in doubt. */
+define('DB_COLLATE', '');
+
+/**#@+
+ * Authentication Unique Keys and Salts.
+ *
+ * Change these to different unique phrases!
+ * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
+ * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
+ *
+ * @since 2.6.0
+ */
+
+/**#@-*/
+
+/**
+ * WordPress Database Table prefix.
+ *
+ * You can have multiple installations in one database if you give each a unique
+ * prefix. Only numbers, letters, and underscores please!
+ */
+$table_prefix  = 'wp_';
+
+/**
+ * WordPress Localized Language, defaults to English.
+ *
+ * Change this to localize WordPress. A corresponding MO file for the chosen
+ * language must be installed to wp-content/languages. For example, install
+ * de_DE.mo to wp-content/languages and set WPLANG to 'de_DE' to enable German
+ * language support.
+ */
+define('WPLANG', '');
+
+/**
+ * For developers: WordPress debugging mode.
+ *
+ * Change this to true to enable the display of notices during development.
+ * It is strongly recommended that plugin and theme developers use WP_DEBUG
+ * in their development environments.
+ */
+define('WP_DEBUG', false);
+
+/** Disable Automatic Updates Completely */
+define( 'AUTOMATIC_UPDATER_DISABLED', {{auto_up_disable}} );
+
+/** Define AUTOMATIC Updates for Components. */
+define( 'WP_AUTO_UPDATE_CORE', {{core_update_level}} );
+
+/* That's all, stop editing! Happy blogging. */
+
+/** Absolute path to the WordPress directory. */
+if ( !defined('ABSPATH') )
+	define('ABSPATH', dirname(__FILE__) . '/');
+
+/** Sets up WordPress vars and included files. */
+require_once(ABSPATH . 'wp-settings.php');
-- 
2.7.4