heat-templates/hot/F18/WordPress_NoKey.yaml

heat_template_version: 2013-05-23

description: >
  Heat WordPress template to support F18 with no SSH key requirements.
  WordPress is web software you can use to create a beautiful website or blog.
  This template installs a single-instance WordPress deployment using a local
  MySQL database to store the data.  

parameters:
  InstanceType:
    type: string
    description: Instance type for WordPress server
    default: m1.small
    constraints:
      - allowed_values: [m1.small, m1.medium, m1.large]
        description: InstanceType must be one of m1.small, m1.medium or m1.large
  ImageId:
    type: string
    description: ID of the image to use for the WordPress server
    default: F18-x86_64-cfntools
    constraints:
      - allowed_values: [ F18-i386-cfntools, F18-x86_64-cfntools ]
        description: >
          Image ID must be either F18-i386-cfntools or F18-x86_64-cfntools          
  DBName:
    type: string
    description: WordPress database name
    default: wordpress
    constraints:
      - length: { min: 1, max: 64 }
        description: DBName must be between 1 and 64 characters
      - allowed_pattern: '[a-zA-Z][a-zA-Z0-9]*'
        description: >
          DBName must begin with a letter and contain only alphanumeric
          characters          
  DBUsername:
    type: string
    description: The WordPress database admin account username
    default: admin
    hidden: true
    constraints:
      - length: { min: 1, max: 16 }
        description: DBUsername must be between 1 and 64 characters
      - allowed_pattern: '[a-zA-Z][a-zA-Z0-9]*'
        description: >
          DBUsername must begin with a letter and contain only alphanumeric
          characters          
  DBPassword:
    type: string
    description: The WordPress database admin account password
    default: admin
    hidden: true
    constraints:
      - length: { min: 1, max: 41 }
        description: DBUsername must be between 1 and 64 characters
      - allowed_pattern: '[a-zA-Z0-9]*'
        description: DBPassword must contain only alphanumeric characters
  DBRootPassword:
    type: string
    description: Root password for MySQL
    default: admin
    hidden: true
    constraints:
      - length: { min: 1, max: 41 }
        description: DBUsername must be between 1 and 64 characters
      - allowed_pattern: '[a-zA-Z0-9]*'
        description: DBPassword must contain only alphanumeric characters

resources:
  securitygroup:
    type: AWS::EC2::SecurityGroup
    properties:
      GroupDescription: 'Enable HTTP access via port 80 plus SSH access'
      SecurityGroupIngress:
        - IpProtocol: 'icmp'
          FromPort: '-1'
          ToPort: '-1'
          CidrIp: '0.0.0.0/0'
        - IpProtocol: 'tcp'
          FromPort: '80'
          ToPort: '80'
          CidrIp: '0.0.0.0/0'
        - IpProtocol: 'tcp'
          FromPort: '22'
          ToPort: '22'
          CidrIp: '0.0.0.0/0'

  wordpress_instance:
    # Use an AWS resource type and switch to native compute instance as
    # soon as it is available
    type: AWS::EC2::Instance
    # Have to use AWS::EC::Instance metadata syntax for now
    metadata:
      AWS::CloudFormation::Init:
        config:
          packages:
            yum:
              mysql: []
              mysql-server: []
              httpd: []
              wordpress: []
          services:
            systemd:
              mysqld: {enabled: 'true', ensureRunning: 'true'}
              httpd: {enabled: 'true', ensureRunning: 'true'}
    properties:
      ImageId: { get_param: ImageId }
      InstanceType: { get_param: InstanceType }
      SecurityGroups:
        - get_resource: securitygroup
      UserData:
        str_replace:
          template: |
            #!/bin/bash -v

            /opt/aws/bin/cfn-init
            firewall-cmd --add-service=http
            firewall-cmd --permanent --add-service=http

            # Setup MySQL root password and create a user
            mysqladmin -u root password $db_rootpassword
            cat << EOF | mysql -u root --password=$db_rootpassword
            CREATE DATABASE $db_name;
            GRANT ALL PRIVILEGES ON $db_name.* TO "$db_user"@"localhost"
            IDENTIFIED BY "$db_password";
            FLUSH PRIVILEGES;
            EXIT
            EOF

            sed -i "/Deny from All/d" /etc/httpd/conf.d/wordpress.conf
            sed -i "s/Require local/Require all granted/" /etc/httpd/conf.d/wordpress.conf
            sed -i s/database_name_here/$db_name/ /etc/wordpress/wp-config.php
            sed -i s/username_here/$db_user/ /etc/wordpress/wp-config.php
            sed -i s/password_here/$db_password/ /etc/wordpress/wp-config.php

            systemctl restart httpd.service            
          params:
            $db_rootpassword: { get_param: DBRootPassword }
            $db_name: { get_param: DBName }
            $db_user: { get_param: DBUsername }
            $db_password: { get_param: DBPassword }

outputs:
  WebsiteURL:
    description: URL for Wordpress wiki
    value:
      str_replace:
        template: http://$host/wordpress
        params:
          $host: { get_attr: [wordpress_instance, PublicIp] }