diff --git a/Chart.yaml b/Chart.yaml index b07f4f1bac9792e44fac6d1bd0446aec7981ea05..5778010c0a997191ebf0f24d92d76dcc0cbd9f90 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -4,5 +4,5 @@ description: WordPress with a replicated MariaDB backend name: wordpress # Please only change the chart version as part of the release procedure: see # RELEASING.md -version: 0.1.1 +version: 0.1.0 icon: https://make.wordpress.org/design/files/2016/09/WordPress-logotype-wmark.png diff --git a/README.md b/README.md index e0d3275fa860a1e52665493bd7dfc76471ae178e..d341492734a62d6273b8af60a1928e6059d83876 100644 --- a/README.md +++ b/README.md @@ -146,7 +146,7 @@ You might have to edit the following variables to reflect your current site's: - Set `DB_PREFIX` to the database prefix that your current WordPress uses - Set `WP_VERSION` to the version of your current WordPress site. - Check if your current WordPress uses Redis. This is usually the case when you - have the `wp-redis` plugin installed. If so, enable redis in your + have the `redis-cache` plugin installed. If so, enable redis in your `values-local.yaml` by setting `redis.enabled` to `true`. After installing, check if your site is available at the URL you specified in diff --git a/RELEASING.md b/RELEASING.md index 46da487b9481d07ae7f22d22f81a93a0c090c0ec..84382326a05d821d6dcb9556681b6b4c8007660e 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -4,9 +4,9 @@ When releasing a new version of the wordpress-helm chart, please remember to do the following: * change the chart version in `Chart.yaml`; * change the default `image.tag` and `initImage.tag` in `values.yaml` to the new - version (e.g., "0.1.2"); -* create a git tag for the new version (e.g., "0.1.2") and push it to Gitlab + version (e.g., "0.1.0"); +* create a git tag for the new version (e.g., "0.1.0") and push it to Gitlab (any branch will do); the CI will create and push docker images tagged by that same version string. (You can push all git tags using `git push --tags`, or this specific one using - `git push origin 0.1.2`.) + `git push origin 0.1.0`.) diff --git a/delete.sh b/delete.sh index 5bc586a6e5db8ab9e69d7ffac374dcf87692254b..fb35ee822150fc396b9ae8e35b177a85b7acff19 100755 --- a/delete.sh +++ b/delete.sh @@ -8,5 +8,7 @@ set -v helm delete $releaseName ## Delete remaining PVCs: -kubectl delete pvc data-$releaseName-mariadb-master-0 data-$releaseName-mariadb-slave-0 data-$releaseName-database-0 redis-data-$releaseName-redis-master-0 - +kubectl delete pvc \ + data-$releaseName-database-master-0 \ + data-$releaseName-database-slave-0 \ + redis-data-$releaseName-redis-master-0 diff --git a/templates/statefulset.yaml b/templates/statefulset.yaml index 2967e4a39baffb2f55c8b0568a04aae835060e14..a5c296e687dd34e26c8850c48727ceb91babf885 100644 --- a/templates/statefulset.yaml +++ b/templates/statefulset.yaml @@ -22,9 +22,6 @@ spec: # gets re-run. checksum/config: {{ include (print $.Template.BasePath "/ansible-vars.yaml") . | sha256sum }} checksum/config: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - {{- if .Values.podAnnotations }} - {{- toYaml .Values.podAnnotations | nindent 8 }} - {{- end }} spec: imagePullSecrets: - name: {{ .Values.initImage.imagePullSecretName }} diff --git a/values-local.yaml.example b/values-local.yaml.example index 927720357d0499d8570c10ffd9f3a9beb49a5198..fb6ea9d28b72f569d0076bb6b5015f03e742acff 100644 --- a/values-local.yaml.example +++ b/values-local.yaml.example @@ -28,8 +28,7 @@ wordpress: theme: twentynineteen # NOTE: Make sure you use underscore and that the localisation is in full caps locale: en_US - # NOTE: Optionally set a Wordpress version number to override the default version: in values.yaml - # version: LOCAL-WORDPRESS-VERSION-NUMBER-OR-DELETE-THIS-LINE + version: 5.2.4 # NOTE: This is the URL that points to your WordPress installation. If this # URL is set incorrectly your site will most likely not work. You can not # change it after you have run helm install once because WordPress saves the @@ -38,11 +37,12 @@ wordpress: # WordPress database fields that contain the URL. url: "http://localhost" title: "Wordpress Helm" - # If you are including a plugin to alias wp login then set an alt_path and set alt_config options - # NOTE: A value for alt_enabled must be set. Select either true or false - alt_enabled: false - # alt_config: PATH-SETTING-IN-OPTIONS-TABLE - # alt_path: SOME-LOGIN-PATH + # If you are including a plugin to alias wp login then set an alt.path and set alt.config options + # NOTE: The value of alt enabled must be set as true or false + alt: + enabled: false + # config: PATH-SETTING-IN-OPTIONS-TABLE + # path: SOME-LOGIN-PATH # # Path used by the liveness and readiness probes to see if the site runs # # correctly. Defaults to `/wp-login.php`. Be sure to make this the same as # # alt_path if you use it! @@ -66,29 +66,25 @@ wordpress: ## mu_plugins are installed as hidden and cannot be updated from the UI ## mu_dir 'mu-plugins' maps to wp-content/mu-plugins ## mu_plugins supplies a detailed list of mu values and plugins with versions - # NOTE: A value for mu_plugins_enabled must be set. Select either true or false mu_plugins_enabled: false mu_plugins_dir: mu-plugins mu_plugins: block-bad-queries: name: Block Bad Queries - version: 20191109 + version: 20200319 phpfile: block-bad-queries.php - # redis-cache: - # name: Redis Cache - # version: 1.5.6 - # phpfile: redis-cache.php - ## Enable externally triggered cron if a cron plugin is installed + ## Enable externally triggered cron for an MU cron plugin # NOTE: A value for mu_cron_enabled must be set. Select either true or false - mu_cron_enabled: false - # mu_cron: - # name: Cron Control - # repo: https://github.com/Automattic/Cron-Control.git - # slug: cron-control - # version: master - # phpfile: cron-control.php + # NOTE: This cron must be triggered by a call you have set up outside the server + mu_cron: + enabled: false + # name: Cron Control + # repo: https://github.com/Automattic/Cron-Control.git + # slug: cron-control + # version: master + # phpfile: cron-control.php # These settings make sense to overwrite if you want to use the OpenID connect # plugin @@ -112,16 +108,24 @@ database: replication: password: <SET A REPLICATION USER PASSWORD IF YOU HAVE REPLICATION ENABLED> -# To enabe redis, uncomment this: -# redis: -# enabled: true -# password: <SET A REDIS PASSWORD HERE> +# Set this to true to have a Redis container next to your WP. The WP will be +# configured to connect to this Redis and `Redis Object Cache` plugin will be +# installed as a convential plugin and configured to connect to this Redis +# Change Redis MU plugin configurations to use MU instead +redis: + enabled: false +# password: <SET A REDIS PASSWORD HERE> +# +# # Set to true you want redis to have persistence: +# master: +# persistence: +# enabled: false # -# # If you want redis to have persistence: -# master: -# persistence: -# enabled: -# storageClass: +# # Set to true to have a master and a slave redis. Not necessary for caching +# cluster: +# enabled: false + + # This will add a cronjob that performs a daily backup of the wordpress # database, copying an sql file created by `wp db export` to the given PVC. diff --git a/values.yaml b/values.yaml index a54ce2478e0a6e59a2416dab7c31875bd17b4d93..e26d1baaa3e29465db97c7d9511d9ae1d8eda9d8 100644 --- a/values.yaml +++ b/values.yaml @@ -87,14 +87,15 @@ wordpress: theme_fallback: twentytwenty # NOTE: Make sure you use underscore and that the localisation is in full caps locale: en_US - version: 5.4.1 + version: 5.2.3 url: "http://localhost" title: "Wordpress Helm" - ## If including a plugin to alias wp login then set an alt_path and set the alt_config - # NOTE: A value for alt_enabled must be set. Select either true or false - alt_enabled: false - # alt_config: PATH-SETTING-IN-OPTIONS-TABLE - # alt_path: SOME-LOGIN-PATH + ## If including a plugin to alias wp login then set a path for alt and also set the config + # NOTE: The value of alt enabled must be set as true or false + alt: + enabled: false + # config: PATH-SETTING-IN-OPTIONS-TABLE + # path: SOME-LOGIN-PATH # Path used by the liveness and readiness probes to see if the site runs # correctly. Defaults to `/wp-login.php` probe_path: /wp-login.php @@ -124,10 +125,10 @@ wordpress: mu_plugins: {} ## Enable externally triggered cron if a cron plugin is installed - # NOTE: A value for mu_cron_enabled must be set. Use either true or false - mu_cron_enabled: false + # NOTE: mu_cron must be have the "enabled" value set as either true or false + mu_cron: + enabled: false # See values-local.yaml.example for an example value - mu_cron: {} persistence: ## Enable the use of a persistent volume @@ -161,7 +162,8 @@ ansibleVars: mode_0440: u+r-wxs,u+r-wxs,o-rwx mode_0600: u+rw-xs,g-rwxs,o-rwx - config_files: "[wp-config.php, .htaccess]" + #Config Directory + config_dir: /var/www ## Plugins wordpress_default_plugins: "[classic-editor]" @@ -169,14 +171,15 @@ ansibleVars: wpSalts: {} image: - repository: open.greenhost.net:4567/open/wordpress-helm/wordpress - tag: 0.1.1 + repository: docker.greenhost.net/open/wordpress-helm/wordpress + tag: 0.1.0 pullPolicy: Always initImage: - repository: open.greenhost.net:4567/open/wordpress-helm/wordpress-cli-ansible - tag: 0.1.1 + repository: docker.greenhost.net/open/wordpress-helm/wordpress-cli-ansible + tag: 0.1.0 pullPolicy: Always + imagePullSecretName: greenhost-registry-pull ingress: enabled: false @@ -191,9 +194,6 @@ nodeSelector: {} tolerations: [] affinity: {} - -podAnnotations: {} - database: db: user: wordpress @@ -251,13 +251,17 @@ database: socket=/opt/bitnami/mariadb/tmp/mysql.sock redis: - # Set this to true to have a Redis container next to your WP. The WP will be - # configured to connect to this Redis and `Redis Object Cache` plugin will be - # installed +# Set this to true to have a Redis container next to your WP. The WP will be +# configured to connect to this Redis and `Redis Object Cache` plugin will be +# installed as a conventional plugin. enabled: false - cluster: - # Set to true to have a master and a slave redis. Not necessary for caching - enabled: false + # # Set to true you want redis to have persistence: + # master: + # persistence: + # enabled: false + # # Set to true to have a master and a slave redis. Not necessary for caching + # cluster: + # enabled: false backup: enabled: false @@ -289,13 +293,13 @@ ansibleSecrets: | WP_URL: {{ .Values.wordpress.site.url }} WP_USER: {{ .Values.wordpress.config.adm.usid }} WP_VERSION: {{ .Values.wordpress.site.version }} - WP_ALT_ENABLED: {{ .Values.wordpress.site.alt_enabled }} - WP_ALT_CONFIG: {{ .Values.wordpress.site.alt_config }} - WP_ALT_PATH: {{ .Values.wordpress.site.alt_path }} + WP_ALT_ENABLED: {{ .Values.wordpress.site.alt.enabled }} + WP_ALT_CONFIG: {{ .Values.wordpress.site.alt.config }} + WP_ALT_PATH: {{ .Values.wordpress.site.alt.path }} WP_MU_PLUGINS_ENABLED: {{ .Values.wordpress.mu_plugins_enabled }} WP_MU_PLUGINS_DIR: {{ .Values.wordpress.mu_plugins_dir }} WP_MU_PLUGINS: {{ .Values.wordpress.mu_plugins | toJson }} - WP_MU_CRON_ENABLED: {{ .Values.wordpress.mu_cron_enabled }} + WP_MU_CRON_ENABLED: {{ .Values.wordpress.mu_cron.enabled }} WP_MU_CRON_SETTINGS: {{ .Values.wordpress.mu_cron | toJson }} WP_MULTILINGUAL_ENABLED: {{ .Values.wordpress.site.multilingual.enabled }} WP_MULTILINGUAL_PLUGINS: {{ .Values.wordpress.site.multilingual.plugins }} diff --git a/wp-cli-docker/Dockerfile b/wp-cli-docker/Dockerfile index ea50924a552b75c74883b9dbe7a3f36b7664c536..92c155a1fafb51aa800ed0e743f7c2bab194f1f5 100644 --- a/wp-cli-docker/Dockerfile +++ b/wp-cli-docker/Dockerfile @@ -1,4 +1,4 @@ -FROM wordpress:cli-2.4-php7.3 +FROM wordpress:cli-2.1.0-php7.3 USER root diff --git a/wp-cli-docker/roles/wordpress-init/tasks/main.yml b/wp-cli-docker/roles/wordpress-init/tasks/main.yml index 5922862f6dc17a3e0c7614ad8a57eeb2a52a861e..03e643f8e89fd545aa0f788ef2c8780f7195ffa1 100644 --- a/wp-cli-docker/roles/wordpress-init/tasks/main.yml +++ b/wp-cli-docker/roles/wordpress-init/tasks/main.yml @@ -34,6 +34,18 @@ msg: "Wordpress Core failed checksums" when: checksum is failed +- name: Check if wp-config exists + stat: + path: "{{ wordpress_homedir }}/wp-config.php" + register: config + +- name: Prepare wp-config permissions if it exists + file: + path: "{{ wordpress_homedir }}/wp-config.php" + owner: "{{ wp_user }}" + group: "{{ wp_group }}" + ignore_errors: true + when: config.stat.exists - name: Create wp-config from zero shell: @@ -86,8 +98,10 @@ shell: wp {{ cli_args }} core language install "{{ LOCALE }}" --activate - name: Set key and salt values - shell: wp config {{ cli_args }} set {{ item.key }} {{ item.value }} --add --type=constant - with_dict: "{{ WP_SALTS }}" + shell: wp config {{ cli_args }} set {{ wp_salt.key }} {{ wp_salt.value }} --add --type=constant + loop: "{{ WP_SALTS|dict2items }}" + loop_control: + loop_var: wp_salt - name: Copy htaccess config file template: @@ -126,10 +140,12 @@ # Plugins - name: Install WordPress plugins that are activated - shell: wp {{ cli_args }} plugin install "{{ item }}" --force --activate - with_items: "{{ wordpress_default_plugins }}" + shell: wp {{ cli_args }} plugin install "{{ wordpress_default_plugin }}" --force --activate + loop: "{{ wordpress_default_plugins }}" + loop_control: + loop_var: wordpress_default_plugin -# Option for an alt login - when an alt_path is set and an alt_config exists +# Option for an alt login - when an alt.path is set and an alt.config exists - name: Set alt path shell: wp {{ cli_args }} option set {{ WP_ALT_CONFIG }} {{ WP_ALT_PATH }} when: WP_ALT_ENABLED diff --git a/wp-cli-docker/roles/wordpress-init/tasks/mu-plugins-cron.yml b/wp-cli-docker/roles/wordpress-init/tasks/mu-plugins-cron.yml index 3f2d2566c9c32d717e24bde37188c5112c1c9dc6..c60495eab7264d547db98106966ef166ee47557a 100644 --- a/wp-cli-docker/roles/wordpress-init/tasks/mu-plugins-cron.yml +++ b/wp-cli-docker/roles/wordpress-init/tasks/mu-plugins-cron.yml @@ -13,55 +13,69 @@ - name: Add a MU plugins directory when WP_MU_PLUGINS_DIR is set file: - path: "{{ wordpress_homedir }}/wp-content/{{ WP_MU_PLUGINS_DIR }}" + path: "{{ WP_CONTENT_DIR }}/{{ WP_MU_PLUGINS_DIR }}" mode: 0750 state: directory -- name: Add MU plugins load.php file - file: - path: "{{ wordpress_homedir }}/wp-content/{{ WP_MU_PLUGINS_DIR }}/load.php" - mode: 0640 - - name: Insert the base code into MU plugins load.php file lineinfile: - dest: "{{ wordpress_homedir }}/wp-content/{{ WP_MU_PLUGINS_DIR }}/load.php" + dest: "{{ WP_CONTENT_DIR }}/{{ WP_MU_PLUGINS_DIR }}/load.php" line: "<?php // {{ WP_MU_PLUGINS_DIR }}/load.php" + create: yes - -### Install plugins then move them to the MU plugins folder +## Ansible unarchive is broken so two step process - name: Install plugins before they are MU - shell: wp {{ cli_args }} plugin install {{ item.key }} --version={{ item.value.version}} --force + shell: wp {{ cli_args }} plugin install {{ wp_mu_plugin.key }} --version={{ wp_mu_plugin.value.version}} --force loop: "{{ WP_MU_PLUGINS | dict2items }}" + loop_control: + loop_var: wp_mu_plugin + +- name: Copy all the plugins to the mu-plugins folder where they are activated by default + copy: + src: "{{ WP_CONTENT_DIR }}/plugins/{{ wp_mu_plugin.key }}" + dest: "{{ WP_CONTENT_DIR }}/{{ WP_MU_PLUGINS_DIR }}" + remote_src: yes + force: yes + loop: "{{ WP_MU_PLUGINS | dict2items }}" + loop_control: + loop_var: wp_mu_plugin -- name: Move all the plugins to the mu-plugins folder where they are activated by default - command: mv {{ wordpress_homedir }}/wp-content/plugins/{{ item.key }} {{ wordpress_homedir }}/wp-content/{{ WP_MU_PLUGINS_DIR }}/{{ item.key }} - with_items: "{{ WP_MU_PLUGINS | dict2items }}" +- name: Delete all the src plugin folders + file: + path: "{{ WP_CONTENT_DIR }}/plugins/{{ wp_mu_plugin.key }}" + state: absent + loop: "{{ WP_MU_PLUGINS | dict2items }}" + loop_control: + loop_var: wp_mu_plugin - name: Echo all the MU plugins filenames into the load.php file lineinfile: - dest: "{{ wordpress_homedir }}/wp-content/{{ WP_MU_PLUGINS_DIR }}/load.php" - line: "require(WPMU_PLUGIN_DIR . '/{{ item.key }}/{{ item.value.phpfile }}');" + dest: "{{ WP_CONTENT_DIR }}/{{ WP_MU_PLUGINS_DIR }}/load.php" + line: "require(WPMU_PLUGIN_DIR . '/{{ wp_mu_plugin.key }}/{{ wp_mu_plugin.value.phpfile }}');" insertbefore: EOF - with_items: "{{ WP_MU_PLUGINS | dict2items }}" + loop: "{{ WP_MU_PLUGINS | dict2items }}" + loop_control: + loop_var: wp_mu_plugin ### Install wp-cron as mu - name: Shallow clone from the github repository git: repo: "{{ WP_MU_CRON_SETTINGS.repo}}" - dest: "{{ wordpress_homedir }}/wp-content/{{ WP_MU_PLUGINS_DIR }}/{{ WP_MU_CRON_SETTINGS.slug }}" + dest: "{{ WP_CONTENT_DIR }}/{{ WP_MU_PLUGINS_DIR }}/{{ WP_MU_CRON_SETTINGS.slug }}" + force: yes depth: 1 version: "{{ WP_MU_CRON_SETTINGS.version}}" when: WP_MU_CRON_ENABLED - name: Append cron control plugin filename to the load.php file lineinfile: - dest: "{{ wordpress_homedir }}/wp-content/{{ WP_MU_PLUGINS_DIR }}/load.php" + dest: "{{ WP_CONTENT_DIR }}/{{ WP_MU_PLUGINS_DIR }}/load.php" line: "require(WPMU_PLUGIN_DIR . '/{{ WP_MU_CRON_SETTINGS.slug }}/{{ WP_MU_CRON_SETTINGS.phpfile}}');" insertbefore: EOF when: WP_MU_CRON_ENABLED - name: Switch off wordpress native cron - shell: wp {{ cli_args }} config set 'DISABLE_WP_CRON' 'true' --type=constant + shell: wp {{ cli_args }} config set DISABLE_WP_CRON true --add --raw --type=constant when: WP_MU_CRON_ENABLED diff --git a/wp-cli-docker/roles/wordpress-init/tasks/multilingual.yml b/wp-cli-docker/roles/wordpress-init/tasks/multilingual.yml index 8bf215b80cf62806280d0221442323528704ddd4..50a0bee213c3116f99de1d7ae2b28e8991410827 100644 --- a/wp-cli-docker/roles/wordpress-init/tasks/multilingual.yml +++ b/wp-cli-docker/roles/wordpress-init/tasks/multilingual.yml @@ -13,15 +13,19 @@ - debug: msg: "Trying the configured plugins" - name: Activate multilingual plugins if they exist in wp-content-repo - shell: wp {{ cli_args }} plugin activate {{ item }} - with_items: "{{ WP_MULTILINGUAL_PLUGINS }}" + shell: wp {{ cli_args }} plugin activate {{ wp_multilingual_plugin }} + loop: "{{ WP_MULTILINGUAL_PLUGINS }}" + loop_control: + loop_var: wp_multilingual_plugin - debug: msg: 'Success' rescue: - debug: msg: 'Multilingual plugins do not exist or error' - name: Run wp plugin deativate for all - shell: wp {{ cli_args }} plugin deactivate {{ item }} - with_items: "{{ WP_MULTILINGUAL_PLUGINS }}" + shell: wp {{ cli_args }} plugin deactivate {{ wp_multilingual_plugin }} + loop: "{{ WP_MULTILINGUAL_PLUGINS }}" + loop_control: + loop_var: wp_multilingual_plugin - debug: msg: "Multilingual plugins are now deactivated" diff --git a/wp-cli-docker/roles/wordpress-init/tasks/redis.yml b/wp-cli-docker/roles/wordpress-init/tasks/redis.yml index aa0f9f30a7d553fd06c07268109527961454a821..bc365641581d2b65590877551563063b03093cae 100644 --- a/wp-cli-docker/roles/wordpress-init/tasks/redis.yml +++ b/wp-cli-docker/roles/wordpress-init/tasks/redis.yml @@ -1,4 +1,5 @@ --- +## Changes to wordpress config - name: Set redis host shell: wp {{ cli_args }} config set WP_REDIS_HOST "{{ WP_REDIS_HOST }}" --add --type=constant @@ -7,7 +8,8 @@ shell: wp {{ cli_args }} config set WP_REDIS_PASSWORD "{{ WP_REDIS_PASSWORD }}" --add --type=constant - name: Install redis-cache WordPress plugin - shell: wp {{ cli_args }} plugin install wp-redis --activate + shell: wp {{ cli_args }} plugin install redis-cache --activate - name: Enable redis object cache shell: wp {{ cli_args }} redis enable + diff --git a/wp-cli-docker/roles/wordpress-permissions/tasks/main.yml b/wp-cli-docker/roles/wordpress-permissions/tasks/main.yml index c251ff29251082fb97b01ffd1566d04ad8551440..3f108b7bc5a4a29f66e54950905af3c7065fcb20 100644 --- a/wp-cli-docker/roles/wordpress-permissions/tasks/main.yml +++ b/wp-cli-docker/roles/wordpress-permissions/tasks/main.yml @@ -6,40 +6,39 @@ # Ensure there is a cache outside uploads - name: Add a wp-content cache directory file: - path: "{{ wordpress_homedir }}/wp-content/cache" + path: "{{ WP_CONTENT_DIR }}/cache" mode: 0750 state: directory # Directories - name: Bulk directory ownership - command: find -L {{ wordpress_homedir }} -type d -exec chown {{ wp_user }}:{{ wp_group }} {} \; + command: find {{ config_dir }} -type d -exec chown -c {{ wp_user }}:{{ wp_group }} {} \; - name: Bulk directory permissions - command: find -L {{ wordpress_homedir }} -type d -exec chmod -c {{ mode_0750 }} {} \; + command: find {{ config_dir }} -type d -exec chmod -c {{ mode_0750 }} {} \; # Files - - name: Bulk file ownership - command: find -L {{ wordpress_homedir }} -type f -not -name '{{ item }}' -exec chown {{ wp_user }}:{{ wp_group }} {} \; - with_items: "{{ config_files }}" + command: find {{ config_dir }} -type f \( -iname "*.*" ! -iname "*htaccess" ! -iname "wp-config*" \) -exec chown -c {{ wp_user }}:{{ wp_group }} {} \; - name: Dot file ownership - command: find -L {{ wordpress_homedir }} -type f -maxdepth 1 -not -name '{{ item }}' -name '\.*' -exec chown {{ config_user }}:{{ config_group }} {} \; - with_items: "{{ config_files }}" + command: find {{ wordpress_homedir }} -type f -maxdepth 1 \( -iname "\.*" ! -iname "*htaccess" ! -iname "wp-config*" \) -exec chown -c {{ config_user }}:{{ config_group }} {} \; - name: Config file ownership - command: find -L {{ wordpress_homedir }} -type f -name '{{ item }}' -exec chown {{ config_user }}:{{ config_group }} {} \; - with_items: "{{ config_files }}" + command: find {{ config_dir }} -type f \( -iname "*htaccess" -o -iname "wp-config*" ! -path "*wp-content-mount/.htaccess" \) -exec chown -c {{ config_user }}:{{ config_group }} {} \; - name: Bulk file permissions - command: find -L {{ wordpress_homedir }} -type f -not -name '{{ item }}' -exec chmod -c {{ mode_0640 }} {} \; - with_items: "{{ config_files }}" + command: find {{ config_dir }} -type f \( -iname "*.*" ! -iname "*htaccess" ! -iname "wp-config*" \) -exec chmod -c {{ mode_0640 }} {} \; - name: Dot file permissions - command: find -L {{ wordpress_homedir }} -type f -maxdepth 1 -not -name '{{ item }}' -name '\.*' -exec chmod -c {{ mode_0440 }} {} \; - with_items: "{{ config_files }}" + command: find {{ wordpress_homedir }} -type f -maxdepth 1 \( -iname "\.*" ! -iname "*htaccess" ! -iname "wp-config*" \) -exec chmod -c {{ mode_0440 }} {} \; + +- name: HTaccess file permissions + command: find {{ config_dir }} -type f -maxdepth 1 \( -iname "*htaccess" ! -path "wp-content-mount/.htaccess" \) -exec chmod -c {{ mode_0640 }} {} \; + +- name: WPconfig file permission + command: find {{ wordpress_homedir }} -type f -name "wp-config.php" -exec chmod -c {{ mode_0440 }} {} \; + + -- name: Config file permissions - command: find -L {{ wordpress_homedir }} -type f -name '{{ item }}' -exec chmod -c {{ mode_0440 }} {} \; - with_items: "{{ config_files }}"