debops.wpcli default variables

APT packages

wpcli__base_packages

List of useful APT packages to install with WP-CLI.

wpcli__base_packages: [ 'bash-completion' ]
wpcli__packages

List of additional APT packages to install with WP-CLI.

wpcli__packages: []

WP-CLI installation from upstream

wpcli__gpg_key_id

The fingerprint of the GPG key used to sign the WP-CLI releases.

wpcli__gpg_key_id: '63AF 7AA1 5067 C056 16FD  DD88 A3A2 E8F2 26F0 BC06'
wpcli__version

The version of the WP-CLI framework to install. On changes, remember to update the meta/watch-wp-cli file as well.

wpcli__version: '2.2.0'
wpcli__release_files

List of files corresponding to a given WP-CLI version which should be downloaded to the source directory. The parameters have the same meaning as the get_url Ansible module parameters. The *.phar.gpg file will be decrypted and verified via the gpg command before installation.

wpcli__release_files:

  - url: 'https://github.com/wp-cli/wp-cli/releases/download/v2.2.0/wp-cli-2.2.0.phar.gpg'
    dest: '{{ wpcli__src }}/wp-cli-2.2.0.phar.gpg'
    checksum: 'sha256:6ed3c78adea2801ce900f3dc8f09ce799958955cc842b5f8d17d8ffb74eca7a2'
    version: '2.2.0'

  - url: 'https://raw.githubusercontent.com/wp-cli/wp-cli/v2.2.0/utils/wp-completion.bash'
    dest: '{{ wpcli__src }}/wp-cli-2.2.0.completion.bash'
    checksum: 'sha256:443ca0610ccae8d2d6aceba0ec4aa7929b87ed6cf54f666afed18d663a18a395'
    version: '2.2.0'
wpcli__src

Absolute path to the directory on the remote host, where the WP-CLI source files will be stored.

wpcli__src: '{{ (ansible_local.fhs.src | d("/usr/local/src"))
                + "/wpcli" }}'
wpcli__binary

Absolute path where the WP-CLI script will be installed. The wp command is hardcoded all over the place, therefore changing the name could result in issues during usage.

wpcli__binary: '/usr/local/bin/wp'
wpcli__bash_completion

Absolute path where the bash completion functions for WP-CLI script will be installed.

wpcli__bash_completion: '/etc/bash_completion.d/wp-completion'

Security of the wp-config.php files

WordPress installer creates the wp-config.php configuration files with insecure, world-writeable permissions (0666, the mode of the Beast). The debops.wpcli role by default creates a cron job that looks for such files once a day and changes their permission to 0600 to improve security in shared environments.

See also: https://core.trac.wordpress.org/ticket/37264

wpcli__secure_wpconfig_enabled

Enable or disable a cron job which will secure all wp-config.php files found on the server.

wpcli__secure_wpconfig_enabled: True
wpcli__secure_wpconfig_command

The command that will be executed by cron as root to find all wp-config.php files and secure them. System administrators will receive e-mail messages when permissions of found files are changed.

wpcli__secure_wpconfig_command: 'find /home /srv -type f -iname "wp-config.php" -perm /o+r -exec chmod -v 600 "{}" \;'
wpcli__secure_wpconfig_interval

The cron interval to use to look for insecure wp-config.php files on the server. Supported intervals: hourly, daily, weekly, monthly.

wpcli__secure_wpconfig_interval: 'daily'

Configuration for other Ansible roles

wpcli__keyring__dependent_gpg_keys

Configuration for the debops.keyring Ansible role.

wpcli__keyring__dependent_gpg_keys:

  # This key will be installed in the 'root' GPG keyring
  - '{{ wpcli__gpg_key_id }}'
wpcli__php__dependent_packages

List of PHP packages to install by debops.php role.

wpcli__php__dependent_packages:

  - 'mysql'