Merge commit 'f1c4fb72009906244f512e82bb02c2f9435dbed0'

* commit 'f1c4fb72009906244f512e82bb02c2f9435dbed0': (52 commits)
  Add Nginx variable to set fastcgi_buffer_size (roots#586)
  Require Ansible 2.0.2 and remove deploy_helper
  Pass cli options to user role's admin_user ping test
  Add connection-related cli options to ping command
  Wrap my.cnf password in quotes
  Update to WP-CLI v0.23.1
  Fix roots#563 - Improve remote databases
  Update salts link to roots.io version
  Fix roots#569 Only skip subdomains for non-www domains
  Define development default for Let's Encrypt variable
  Enable Let's Encrypt to transition http sites to https
  Add 'reason' to attr extracted for pretty-print
  Adding dbus to essentials
  Pass vault cli args to remote-user ping task
  Tidy up sudoer password definitions and comments
  👮 Fix ssmtp role tags
  0.9.7
  Fix ansible.cfg and Ansible plugins for moved Vagrantfile
  Enable color output for Vagrant shell provisioner windows.sh
  Tidy up output.py by moving some methods to utils
  ...

# Conflicts:
#	roles/deploy/defaults/main.yml

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,63 @@
+## Submit a feature request or bug report
+
+- [ ] This is a feature request
+- [ ] This is a bug report
+- [ ] This request isn't a duplicate of an [existing issue](https://github.com/roots/trellis/issues)
+- [ ] I've read the [docs](https://roots.io/trellis/docs) and followed them (if applicable)
+
+Replace any `X` with your information.
+
+---
+
+**What is the current behavior?**
+
+X
+
+
+**What is the expected or desired behavior?**
+
+X
+
+---
+
+## Bug report
+
+(delete this section if not applicable)
+
+**Please provide steps to reproduce, including full log output:**
+
+X
+
+**Please describe your local environment:**
+
+Ansible version: X
+
+OS: X
+
+Vagrant version: X
+
+**Where did the bug happen? Development or remote servers?**
+
+X
+
+**Please provide a repository or your `wordpress_sites` config (if possible):**
+
+X
+
+**Is there a related [Discourse](https://discourse.roots.io/) thread or were any utilized (please link them)?**
+
+X
+
+---
+
+## Feature Request
+
+(delete this section if not applicable)
+
+**Please provide use cases for changing the current behavior:**
+
+X
+
+**Other relevant information:**
+
+X

.gitignore

@@ -2,3 +2,4 @@
 .vagrant
 vendor/roles
 *.py[co]
+*.retry

CHANGELOG.md

@@ -1,4 +1,33 @@
 ### HEAD
+* Require Ansible 2.0.2 and remove deploy_helper ([#579](https://github.com/roots/trellis/pull/579))
+* Add connection-related cli options to ping command ([#578](https://github.com/roots/trellis/pull/578))
+* Wrap my.cnf password in quotes ([#577](https://github.com/roots/trellis/pull/577))
+* Update to WP-CLI v0.23.1 ([#576](https://github.com/roots/trellis/pull/576))
+* Fix #563 - Improve remote databases ([#573](https://github.com/roots/trellis/pull/573))
+* Fix #569 - Only skip subdomains for non-www domains ([#570](https://github.com/roots/trellis/pull/570))
+* Enable Let's Encrypt to transition http sites to https ([#565](https://github.com/roots/trellis/pull/565))
+
+### 0.9.7: April 10th, 2016
+* Fix #550 - Properly skip permalink setup for MU ([#551](https://github.com/roots/trellis/pull/551))
+* Escape salts and keys to avoid templating errors ([#548](https://github.com/roots/trellis/pull/548))
+* Add plugin to pretty print Ansible msg output ([#544](https://github.com/roots/trellis/pull/544))
+* Fix #482 - Multisite is-installed deploy check ([#543](https://github.com/roots/trellis/pull/543))
+* Skip setting permalink for multisite installs ([#546](https://github.com/roots/trellis/pull/546))
+* Fix #489 - Add $realpath_root to fastcgi_cache_key ([#542](https://github.com/roots/trellis/pull/542))
+* Move modules and plugins to `lib/trellis` directory ([#538](https://github.com/roots/trellis/pull/538))
+* Automatically set `wp_home` and `wp_siteurl` variables ([#533](https://github.com/roots/trellis/pull/533))
+* Switch to Let's Encrypt X3 intermediate certificate and fix chain issues ([#534](https://github.com/roots/trellis/pull/534))
+* Supply better defaults for `db_name` and `db_user` ([#529](https://github.com/roots/trellis/pull/529))
+* Fix deploy env template to use valid ansible vars ([#530](https://github.com/roots/trellis/pull/530))
+* Simplify and improve `wordpress_sites` with better defaults ([#528](https://github.com/roots/trellis/pull/528))
+* Allow option for WinNFSD sync folder provider on Windows ([#527](https://github.com/roots/trellis/pull/527))
+* Improve Let's Encrypt challenge pre-flight tests ([#526](https://github.com/roots/trellis/pull/526))
+* `reverse_www` filter improvements (ignore subdomains) ([#525](https://github.com/roots/trellis/pull/525))
+* Fix deprecation warnings on deploy, use current stable WP-CLI ([#523](https://github.com/roots/trellis/pull/523))
+* Fix #520 - Disable MariaDB binary logging by default ([#521](https://github.com/roots/trellis/pull/521))
+* Let's Encrypt integration ([#518](https://github.com/roots/trellis/pull/518))
+* Improve Git repo format validation ([#516](https://github.com/roots/trellis/pull/516))
+* Fix #505 - Git ignore \*.retry file
 * Fix Ansible deprecations for bare variables ([#510](https://github.com/roots/trellis/pull/510))
 * Fixes #508 - update php-xdebug config file path ([#509](https://github.com/roots/trellis/pull/509))
 * Add php-mbstring extension ([#504](https://github.com/roots/trellis/pull/504))

README.md

@@ -17,6 +17,7 @@ Trellis will configure a server with the following and more:
 * PHP 7.0
 * MariaDB (a drop-in MySQL replacement)
 * SSL support (scores an A+ on the [Qualys SSL Labs Test](https://www.ssllabs.com/ssltest/))
+* Let's Encrypt integration for free SSL certificates
 * HTTP/2 support (requires SSL)
 * Composer
 * WP-CLI
@@ -30,7 +31,7 @@ Trellis will configure a server with the following and more:
 
 Make sure all dependencies have been installed before moving on:
 
-* [Ansible](http://docs.ansible.com/ansible/intro_installation.html#latest-releases-via-pip) >= 2.0.0.2
+* [Ansible](http://docs.ansible.com/ansible/intro_installation.html#latest-releases-via-pip) >= 2.0.2
 * [Virtualbox](https://www.virtualbox.org/wiki/Downloads) >= 4.3.10
 * [Vagrant](http://www.vagrantup.com/downloads.html) >= 1.5.4
 * [vagrant-bindfs](https://github.com/gael-ian/vagrant-bindfs#installation) >= 0.3.1 (Windows users may skip this)

Vagrantfile

@@ -9,8 +9,13 @@ memory = 1024 # in MB
 
 ANSIBLE_PATH = __dir__ # absolute path to Ansible directory
 
-# Set Ansible roles_path relative to Ansible directory
+# Set Ansible paths relative to Ansible directory
+ENV['ANSIBLE_CONFIG'] = ANSIBLE_PATH
+ENV['ANSIBLE_CALLBACK_PLUGINS'] = "~/.ansible/plugins/callback_plugins/:/usr/share/ansible_plugins/callback_plugins:#{File.join(ANSIBLE_PATH, 'lib/trellis/plugins/callback')}"
+ENV['ANSIBLE_FILTER_PLUGINS'] = "~/.ansible/plugins/filter_plugins/:/usr/share/ansible_plugins/filter_plugins:#{File.join(ANSIBLE_PATH, 'lib/trellis/plugins/filter')}"
+ENV['ANSIBLE_LIBRARY'] = "/usr/share/ansible:#{File.join(ANSIBLE_PATH, 'lib/trellis/modules')}"
 ENV['ANSIBLE_ROLES_PATH'] = File.join(ANSIBLE_PATH, 'vendor', 'roles')
+ENV['ANSIBLE_VARS_PLUGINS'] = "~/.ansible/plugins/vars_plugins/:/usr/share/ansible_plugins/vars_plugins:#{File.join(ANSIBLE_PATH, 'lib/trellis/plugins/vars')}"
 
 config_file = File.join(ANSIBLE_PATH, 'group_vars', 'development', 'wordpress_sites.yml')
 
@@ -54,7 +59,7 @@ Vagrant.configure('2') do |config|
     fail_with_message "vagrant-hostmanager missing, please install the plugin with this command:\nvagrant plugin install vagrant-hostmanager"
   end
 
-  if Vagrant::Util::Platform.windows?
+  if Vagrant::Util::Platform.windows? and !Vagrant.has_plugin? 'vagrant-winnfsd'
     wordpress_sites.each_pair do |name, site|
       config.vm.synced_folder local_site_path(site), remote_site_path(name), owner: 'vagrant', group: 'www-data', mount_options: ['dmode=776', 'fmode=775']
     end
@@ -73,6 +78,8 @@ Vagrant.configure('2') do |config|
   if Vagrant::Util::Platform.windows?
     config.vm.provision :shell do |sh|
       sh.path = File.join(ANSIBLE_PATH, 'windows.sh')
+      sh.args = [Vagrant::VERSION]
+      sh.keep_color = true
     end
   else
     config.vm.provision :ansible do |ansible|
@@ -82,9 +89,10 @@ Vagrant.configure('2') do |config|
         'development' => ['default']
       }
 
+      ansible.extra_vars = {'vagrant_version' => Vagrant::VERSION}
       if vars = ENV['ANSIBLE_VARS']
         extra_vars = Hash[vars.split(',').map { |pair| pair.split('=') }]
-        ansible.extra_vars = extra_vars
+        ansible.extra_vars.merge(extra_vars)
       end
     end
   end

ansible.cfg

@@ -1,7 +1,13 @@
 [defaults]
-roles_path = vendor/roles
+callback_plugins = ~/.ansible/plugins/callback_plugins/:/usr/share/ansible_plugins/callback_plugins:lib/trellis/plugins/callback
+stdout_callback = output
+filter_plugins = ~/.ansible/plugins/filter_plugins/:/usr/share/ansible_plugins/filter_plugins:lib/trellis/plugins/filter
+force_color = True
 force_handlers = True
 inventory = hosts
+nocows = 1
+roles_path = vendor/roles
+vars_plugins = ~/.ansible/plugins/vars_plugins/:/usr/share/ansible_plugins/vars_plugins:lib/trellis/plugins/vars
 
 [ssh_connection]
 ssh_args = -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s

deploy.yml

@@ -13,6 +13,15 @@
     deploy_finalize_after: "{{ playbook_dir }}/roles/deploy/hooks/finalize-after.yml"
     project: "{{ wordpress_sites[site] }}"
     project_root: "{{ www_root }}/{{ site }}"
+    wordpress_env_defaults:
+      db_host: localhost
+      db_name: "{{ site | underscore }}_{{ env }}"
+      db_user: "{{ site | underscore }}"
+      disable_wp_cron: true
+      wp_env: "{{ env }}"
+      wp_home: "{{ project.ssl.enabled | default(false) | ternary('https', 'http') }}://${HTTP_HOST}"
+      wp_siteurl: "${WP_HOME}/wp"
+    site_env: "{{ wordpress_env_defaults | combine(project.env | default({}), vault_wordpress_sites[site].env) }}"
 
   pre_tasks:
     - name: Ensure site is valid
@@ -26,10 +35,10 @@
       fail:
         msg: |
           Invalid Git repository.
-          Ensure that your site's `repo` variable is defined in `group_vars/{{ env }}/wordpress_sites.yml` and uses the SSH format (example: [email protected]/roots/bedrock.git)
+          Ensure that your site's `repo` variable is defined in `group_vars/{{ env }}/wordpress_sites.yml` and uses the SSH format (example: [email protected]:roots/bedrock.git)
           More info:
           > https://roots.io/trellis/docs/deploys/
-      when: project.repo is not defined or not project.repo | match("git@.*.git")
+      when: project.repo is not defined or not project.repo | match(".*@.*:.*\.git")
 
   roles:
     - deploy

dev.yml

@@ -10,7 +10,7 @@
     - { role: ferm, tags: [ferm] }
     - { role: ntp }
     - { role: sshd, tags: [sshd] }
-    - { role: mariadb, tags: [mariadb], when: not mysql_remote_database }
+    - { role: mariadb, tags: [mariadb] }
     - { role: ssmtp, tags: [ssmtp mail] }
     - { role: mailhog, tags: [mailhog mail] }
     - { role: php, tags: [php] }

group_vars/all/main.yml

@@ -7,3 +7,14 @@ default_timezone: Etc/UTC
 www_root: /srv/www
 ip_whitelist:
   - "{{ lookup('pipe', 'curl -4 -s https://api.ipify.org') }}"
+
+wordpress_env_defaults:
+  db_host: localhost
+  db_name: "{{ item.key | underscore }}_{{ env }}"
+  db_user: "{{ item.key | underscore }}"
+  disable_wp_cron: true
+  wp_env: "{{ env }}"
+  wp_home: "{{ item.value.ssl.enabled | default(false) | ternary('https', 'http') }}://${HTTP_HOST}"
+  wp_siteurl: "${WP_HOME}/wp"
+
+site_env: "{{ wordpress_env_defaults | combine(item.value.env | default({}), vault_wordpress_sites[item.key].env) }}"

group_vars/all/security.yml

@@ -12,6 +12,6 @@ ferm_input_list:
 
 # Documentation: https://roots.io/trellis/docs/security/
 # If sshd_permit_root_login: false, admin_user must be in 'users' (`group_vars/all/users.yml`) with sudo group
-# and in 'sudoer_passwords' (`group_vars/<environment>/main.yml`)
+# and in 'vault_sudoer_passwords' (`group_vars/staging/vault.yml`, `group_vars/production/vault.yml`)
 sshd_permit_root_login: true
 sshd_password_authentication: false

group_vars/all/users.yml

@@ -1,7 +1,7 @@
 # Documentation: https://roots.io/trellis/docs/ssh-keys/
 admin_user: admin
 
-# Also define sudoer_passwords in group_vars/<environment>/main.yml
+# Also define 'vault_sudoer_passwords' (`group_vars/staging/vault.yml`, `group_vars/production/vault.yml`)
 users:
   - name: "{{ web_user }}"
     groups:

group_vars/development/main.yml

@@ -1,4 +1,5 @@
+acme_tiny_challenges_directory: "{{ www_root }}/letsencrypt"
+env: development
 ferm_enabled: false
 mysql_root_password: "{{ vault_mysql_root_password }}" # Define this variable in group_vars/development/vault.yml
-sudoer_passwords: "{{ vault_sudoer_passwords }}" # Define this variable in group_vars/development/vault.yml
 web_user: vagrant

group_vars/development/vault.yml

@@ -1,11 +1,8 @@
 # Documentation: https://roots.io/trellis/docs/vault/
 vault_mysql_root_password: devpw
 
-# Documentation: https://roots.io/trellis/docs/security/
-vault_sudoer_passwords:
-  admin: $6$rounds=100000$JUkj1d3hCa6uFp6R$3rZ8jImyCpTP40e4I5APx7SbBvDCM8fB6GP/IGOrsk/GEUTUhl1i/Q2JNOpj9ashLpkgaCxqMqbFKdZdmAh26/
-
 # Variables to accompany `group_vars/development/wordpress_sites.yml`
+# Note: the site name (`example.com`) must match up with the site name in the above file.
 vault_wordpress_sites:
   example.com:
     admin_password: admin

group_vars/development/wordpress_sites.yml

@@ -1,28 +1,17 @@
 # Documentation: https://roots.io/trellis/docs/local-development-setup/
+# `wordpress_sites` options: https://roots.io/trellis/docs/wordpress-sites
+# Define accompanying passwords/secrets in group_vars/development/vault.yml
+
 wordpress_sites:
   example.com:
     site_hosts:
       - example.dev
     local_path: ../site # path targeting local Bedrock site directory (relative to Ansible root)
-    site_install: true
-    site_title: Example Site
-    admin_user: admin
-    # admin_password: (defined in group_vars/development/vault.yml)
     admin_email: [email protected]
-    initial_permalink_structure: /%postname%/ # applied only at time of WP install and when `site_install: true`
     multisite:
       enabled: false
-      subdomains: false
     ssl:
       enabled: false
+      provider: self-signed
     cache:
       enabled: false
-      duration: 30s
-    env:
-      disable_wp_cron: true
-      wp_home: http://example.dev
-      wp_siteurl: http://example.dev/wp
-      wp_env: development
-      db_name: example_dev
-      db_user: example_dbuser
-      # db_password: (defined in group_vars/development/vault.yml)

group_vars/production/vault.yml

@@ -6,12 +6,12 @@ vault_sudoer_passwords:
   admin: $6$rounds=100000$JUkj1d3hCa6uFp6R$3rZ8jImyCpTP40e4I5APx7SbBvDCM8fB6GP/IGOrsk/GEUTUhl1i/Q2JNOpj9ashLpkgaCxqMqbFKdZdmAh26/
 
 # Variables to accompany `group_vars/production/wordpress_sites.yml`
+# Note: the site name (`example.com`) must match up with the site name in the above file.
 vault_wordpress_sites:
   example.com:
     env:
       db_password: example_dbpassword
-      # Generate your keys here: https://api.wordpress.org/secret-key/1.1/salt/
-      # These CANNOT contain the characters "{%" or "{{" in succession
+      # Generate your keys here: https://roots.io/salts.html
       auth_key: "generateme"
       secure_auth_key: "generateme"
       logged_in_key: "generateme"