diff --git a/CHANGELOG.md b/CHANGELOG.md index 2364de7c..ceab3785 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,7 @@ The **patch** part changes incrementally at each release. * evolinux-users: add sudo permission for bkctld check * minifirewall: the tail file can be overwritten, or not (default: `True`) * nagios-nrpe: use bkctld internal check instead of nrpe plugin +* php: reorganization of the role for Sury overrides and more clear configuration * rbenv: change default Ruby version (2.5.1) * rbenv: switch from copy to lineinfile for default gems * squid: add a few news sites to the whitelist diff --git a/php/tasks/apache.yml b/php/tasks/config_apache.yml similarity index 51% rename from php/tasks/apache.yml rename to php/tasks/config_apache.yml index 32ad6040..a199c651 100644 --- a/php/tasks/apache.yml +++ b/php/tasks/config_apache.yml @@ -1,35 +1,5 @@ --- -- name: "Install mod_php packages (jessie)" - apt: - name: '{{ item }}' - state: present - with_items: - - libapache2-mod-php5 - - php5 - when: ansible_distribution_release == "jessie" - -- name: "Install mod_php packages (Debian 9 or later)" - apt: - name: '{{ item }}' - state: present - with_items: - - libapache2-mod-php - - php - when: ansible_distribution_major_version | version_compare('9', '>=') - -- name: "Set php.ini config for apache2 (jessie)" - set_fact: - php_apache_defaults_ini_file: /etc/php5/apache2/conf.d/z-evolinux-defaults.ini - php_apache_custom_ini_file: /etc/php5/apache2/conf.d/zzz-evolinux-custom.ini - when: ansible_distribution_release == "jessie" - -- name: "Set php.ini config for apache2 (Debian 9 or later)" - set_fact: - php_apache_defaults_ini_file: /etc/php/7.0/apache2/conf.d/z-evolinux-defaults.ini - php_apache_custom_ini_file: /etc/php/7.0/apache2/conf.d/zzz-evolinux-custom.ini - when: ansible_distribution_major_version | version_compare('9', '>=') - - name: Set default values for PHP ini_file: dest: "{{ php_apache_defaults_ini_file }}" @@ -56,7 +26,7 @@ - name: Custom php.ini copy: - dest: "{{ php_apache_custom_file }}" + dest: "{{ php_apache_custom_ini_file }}" content: | ; Put customized values here. ; default_charset = "ISO-8859-1" @@ -65,7 +35,7 @@ - name: "Set custom values for PHP to enable Symfony" ini_file: - dest: "{{ php_apache_custom_file }}" + dest: "{{ php_apache_custom_ini_file }}" section: PHP option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/php/tasks/php_jessie.yml b/php/tasks/config_cli.yml similarity index 62% rename from php/tasks/php_jessie.yml rename to php/tasks/config_cli.yml index e1f4b64f..75c81080 100644 --- a/php/tasks/php_jessie.yml +++ b/php/tasks/config_cli.yml @@ -1,31 +1,7 @@ --- - -- name: "Install PHP packages (jessie)" - apt: - name: '{{ item }}' - state: present - with_items: - - php5-cli - - php5-gd - - php5-imap - - php5-ldap - - php5-mcrypt - - php5-mysql - - php5-pgsql - - php-gettext - - php5-intl - - php5-curl - - php5-ssh2 - - libphp-phpmailer - -- name: "Set php.ini config for CLI (jessie)" - set_fact: - phpini_cli_defaults_file: /etc/php5/cli/conf.d/z-evolinux-defaults.ini - phpini_cli_custom_file: /etc/php5/cli/conf.d/zzz-evolinux-custom.ini - - name: "Set default php.ini values for CLI (jessie)" ini_file: - dest: "{{ phpini_cli_defaults_file }}" + dest: "{{ php_cli_defaults_ini_file }}" section: PHP option: "{{ item.option }}" value: "{{ item.value }}" @@ -41,14 +17,14 @@ - name: "Disable PHP functions for CLI (jessie)" ini_file: - dest: "{{ phpini_cli_defaults_file }}" + dest: "{{ php_cli_defaults_ini_file }}" section: PHP option: disable_functions value: "exec,shell-exec,system,passthru,putenv,popen" - name: Custom php.ini for CLI (jessie) copy: - dest: "{{ phpini_cli_custom_file }}" + dest: "{{ php_cli_custom_ini_file }}" content: | ; Put customized values here. force: no @@ -57,12 +33,12 @@ # because "force: no" prevents any fix after the fact - name: "Permissions for custom php.ini for CLI (jessie)" file: - dest: "{{ phpini_cli_custom_file }}" + dest: "{{ php_cli_custom_ini_file }}" mode: "0644" - name: "Set custom values for PHP to enable Symfony (jessie)" ini_file: - dest: "{{ phpini_cli_custom_file }}" + dest: "{{ php_cli_custom_ini_file }}" section: PHP option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/php/tasks/fpm.yml b/php/tasks/config_fpm.yml similarity index 57% rename from php/tasks/fpm.yml rename to php/tasks/config_fpm.yml index 6736f971..71232f49 100644 --- a/php/tasks/fpm.yml +++ b/php/tasks/config_fpm.yml @@ -1,42 +1,8 @@ --- -- name: "Install PHP FPM packages (jessie)" - apt: - name: '{{ item }}' - state: present - with_items: - - php5-fpm - - php5 - when: ansible_distribution_release == "jessie" - -- name: "Install PHP FPM packages (Debian 9 or later)" - apt: - name: '{{ item }}' - state: present - with_items: - - php-fpm - - php - when: ansible_distribution_major_version | version_compare('9', '>=') - -- name: "Set config files for FPM (jessie)" - set_fact: - phpini_fpm_defaults_file: /etc/php5/fpm/conf.d/z-evolinux-defaults.ini - phpini_fpm_custom_file: /etc/php5/fpm/conf.d/zzz-evolinux-custom.ini - php_fpm_defaults_file: /etc/php5/fpm/pool.d/z-evolinux-defaults.conf - php_fpm_custom_file: /etc/php5/fpm/pool.d/zzz-evolinux-custom.conf - when: ansible_distribution_release == "jessie" - -- name: "Set config files for FPM (Debian 9 or later)" - set_fact: - phpini_fpm_defaults_file: /etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini - phpini_fpm_custom_file: /etc/php/7.0/fpm/conf.d/zzz-evolinux-custom.ini - php_fpm_defaults_file: /etc/php/7.0/fpm/pool.d/z-evolinux-defaults.conf - php_fpm_custom_file: /etc/php/7.0/fpm/pool.d/zzz-evolinux-custom.conf - when: ansible_distribution_major_version | version_compare('9', '>=') - - name: Set default php.ini values for FPM ini_file: - dest: "{{ phpini_fpm_defaults_file }}" + dest: "{{ php_fpm_defaults_ini_file }}" section: PHP option: "{{ item.option }}" value: "{{ item.value }}" @@ -53,7 +19,7 @@ - name: Disable PHP functions for FPM ini_file: - dest: "{{ phpini_fpm_defaults_file }}" + dest: "{{ php_fpm_defaults_ini_file }}" section: PHP option: disable_functions value: "exec,shell-exec,system,passthru,putenv,popen" @@ -61,7 +27,7 @@ - name: Custom php.ini for FPM copy: - dest: "{{ phpini_fpm_custom_file }}" + dest: "{{ php_fpm_custom_ini_file }}" content: | ; Put customized values here. force: no @@ -69,7 +35,7 @@ - name: Set default PHP FPM values ini_file: - dest: "{{ php_fpm_defaults_file }}" + dest: "{{ php_fpm_defaults_conf_file }}" section: www option: "{{ item.option }}" value: "{{ item.value }}" @@ -89,7 +55,7 @@ - name: Custom PHP FPM values copy: - dest: "{{ php_fpm_custom_file }}" + dest: "{{ php_fpm_custom_conf_file }}" content: | ; Put customized values here. ; default_charset = "ISO-8859-1" @@ -99,7 +65,7 @@ - name: "Set custom values for PHP to enable Symfony" ini_file: - dest: "{{ phpini_cli_custom_file }}" + dest: "{{ php_cli_custom_ini_file }}" section: PHP option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/php/tasks/main.yml b/php/tasks/main.yml index 9b1d3375..38ece76b 100644 --- a/php/tasks/main.yml +++ b/php/tasks/main.yml @@ -5,18 +5,8 @@ when: - ansible_distribution != "Debian" or ansible_distribution_major_version | version_compare('8', '<') -- include: php_jessie.yml +- include: main_jessie.yml when: ansible_distribution_release == "jessie" -- include: php_stretch_sury.yml - when: ansible_distribution_major_version | version_compare('9', '>=') and php_sury_enable - -- include: php_stretch.yml +- include: main_stretch.yml when: ansible_distribution_major_version | version_compare('9', '>=') - -- include: fpm.yml - when: php_fpm_enable - -- include: apache.yml - when: php_apache_enable - diff --git a/php/tasks/main_jessie.yml b/php/tasks/main_jessie.yml new file mode 100644 index 00000000..4a9486af --- /dev/null +++ b/php/tasks/main_jessie.yml @@ -0,0 +1,60 @@ +--- + +- name: "Set config files paths (jessie)" + set_fact: + php_cli_defaults_ini_file: /etc/php5/cli/conf.d/z-evolinux-defaults.ini + php_cli_custom_ini_file: /etc/php5/cli/conf.d/zzz-evolinux-custom.ini + php_apache_defaults_ini_file: /etc/php5/apache2/conf.d/z-evolinux-defaults.ini + php_apache_custom_ini_file: /etc/php5/apache2/conf.d/zzz-evolinux-custom.ini + php_fpm_defaults_ini_file: /etc/php5/fpm/conf.d/z-evolinux-defaults.ini + php_fpm_custom_ini_file: /etc/php5/fpm/conf.d/zzz-evolinux-custom.ini + php_fpm_defaults_conf_file: /etc/php5/fpm/pool.d/z-evolinux-defaults.conf + php_fpm_custom_conf_file: /etc/php5/fpm/pool.d/zzz-evolinux-custom.conf + +# Packages + +- name: "Install PHP packages (jessie)" + apt: + name: '{{ item }}' + state: present + with_items: + - php5-cli + - php5-gd + - php5-imap + - php5-ldap + - php5-mcrypt + - php5-mysql + - php5-pgsql + - php-gettext + - php5-intl + - php5-curl + - php5-ssh2 + - libphp-phpmailer + +- name: "Install mod_php packages (jessie)" + apt: + name: '{{ item }}' + state: present + with_items: + - libapache2-mod-php5 + - php5 + when: php_apache_enable + +- name: "Install PHP FPM packages (jessie)" + apt: + name: '{{ item }}' + state: present + with_items: + - php5-fpm + - php5 + when: php_fpm_enable + +# Configuration + +- include: config_cli.yml + +- include: config_fpm.yml + when: php_fpm_enable + +- include: config_apache.yml + when: php_apache_enable diff --git a/php/tasks/main_stretch.yml b/php/tasks/main_stretch.yml new file mode 100644 index 00000000..1122b1d9 --- /dev/null +++ b/php/tasks/main_stretch.yml @@ -0,0 +1,71 @@ +--- + +- name: "Set config files paths (Debian 9 or later)" + set_fact: + php_cli_defaults_ini_file: /etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini + php_cli_custom_ini_file: /etc/php/7.0/cli/conf.d/zzz-evolinux-custom.ini + php_apache_defaults_ini_file: /etc/php/7.0/apache2/conf.d/z-evolinux-defaults.ini + php_apache_custom_ini_file: /etc/php/7.0/apache2/conf.d/zzz-evolinux-custom.ini + php_fpm_defaults_ini_file: /etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini + php_fpm_custom_ini_file: /etc/php/7.0/fpm/conf.d/zzz-evolinux-custom.ini + php_fpm_defaults_conf_file: /etc/php/7.0/fpm/pool.d/z-evolinux-defaults.conf + php_fpm_custom_conf_file: /etc/php/7.0/fpm/pool.d/zzz-evolinux-custom.conf + +# Packages + +- name: "Set package list (Debian 9 or later)" + set_fact: + php_stretch_packages: + - php-cli + - php-gd + - php-intl + - php-imap + - php-ldap + - php-mysql + # php-mcrypt is no longer packaged for PHP 7.2 + - php-pgsql + - php-gettext + - php-curl + - php-ssh2 + - composer + - libphp-phpmailer + +- include: sury_pre.yml + when: php_sury_enable + +- name: "Install PHP packages (Debian 9 or later)" + apt: + name: '{{ item }}' + state: present + with_items: "{{ php_stretch_packages }}" + +- name: "Install mod_php packages (Debian 9 or later)" + apt: + name: '{{ item }}' + state: present + with_items: + - libapache2-mod-php + - php + when: php_apache_enable + +- name: "Install PHP FPM packages (Debian 9 or later)" + apt: + name: '{{ item }}' + state: present + with_items: + - php-fpm + - php + when: php_fpm_enable + +# Configuration + +- include: config_cli.yml + +- include: config_fpm.yml + when: php_fpm_enable + +- include: config_apache.yml + when: php_apache_enable + +- include: sury_post.yml + when: php_sury_enable diff --git a/php/tasks/php_stretch.yml b/php/tasks/php_stretch.yml deleted file mode 100644 index c39a63c2..00000000 --- a/php/tasks/php_stretch.yml +++ /dev/null @@ -1,74 +0,0 @@ ---- - -- name: "Install PHP packages (Debian 9 or later)" - apt: - name: '{{ item }}' - state: present - with_items: - - php-cli - - php-gd - - php-intl - - php-imap - - php-ldap - - php-mcrypt - - php-mysql - - php-pgsql - - php-gettext - - php-curl - - php-ssh2 - - composer - - libphp-phpmailer - -- name: "Set php.ini config for CLI (Debian 9 or later)" - set_fact: - phpini_cli_defaults_file: /etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini - phpini_cli_custom_file: /etc/php/7.0/cli/conf.d/zzz-evolinux-custom.ini - -- name: "Set default php.ini values for CLI (Debian 9 or later)" - ini_file: - dest: "{{ phpini_cli_defaults_file }}" - section: PHP - option: "{{ item.option }}" - value: "{{ item.value }}" - mode: "0644" - create: yes - with_items: - - { option: "short_open_tag", value: "Off" } - - { option: "expose_php", value: "Off" } - - { option: "display_errors", value: "Off" } - - { option: "log_errors", value: "On" } - - { option: "html_errors", value: "Off" } - - { option: "allow_url_fopen", value: "Off" } - -- name: "Disable PHP functions for CLI (Debian 9 or later)" - ini_file: - dest: "{{ phpini_cli_defaults_file }}" - section: PHP - option: disable_functions - value: "exec,shell-exec,system,passthru,putenv,popen" - -- name: "Custom php.ini for CLI (Debian 9 or later)" - copy: - dest: "{{ phpini_cli_custom_file }}" - content: | - ; Put customized values here. - ; default_charset = "ISO-8859-1" - force: no - -# This task is not merged with the above copy -# because "force: no" prevents any fix after the fact -- name: "Permissions for custom php.ini for CLI (Debian 9 or later)" - file: - dest: "{{ phpini_cli_custom_file }}" - mode: "0644" - -- name: "Set custom values for PHP to enable Symfony (Debian 9 or later)" - ini_file: - dest: "{{ phpini_cli_custom_file }}" - section: PHP - option: "{{ item.option }}" - value: "{{ item.value }}" - mode: "0644" - with_items: - - { option: "date.timezone", value: "Europe/Paris" } - when: php_symfony_requirements diff --git a/php/tasks/sury_post.yml b/php/tasks/sury_post.yml new file mode 100644 index 00000000..60b6b44c --- /dev/null +++ b/php/tasks/sury_post.yml @@ -0,0 +1,35 @@ +--- + +- name: Symlink Evolix CLI config files from 7.2 to 7.0 + file: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + force: yes + state: link + with_items: + - { src: "{{ php_cli_defaults_ini_file }}", dest: "/etc/php/7.2/cli/conf.d/z-evolinux-defaults.ini" } + - { src: "{{ php_cli_custom_ini_file }}", dest: "/etc/php/7.2/cli/conf.d/zzz-evolinux-custom.ini" } + +- name: Symlink Evolix Apache config files from 7.2 to 7.0 + file: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + force: yes + state: link + with_items: + - { src: "{{ php_apache_defaults_ini_file }}", dest: "/etc/php/7.2/apache2/conf.d/z-evolinux-defaults.ini" } + - { src: "{{ php_apache_custom_ini_file }}", dest: "/etc/php/7.2/apache2/conf.d/zzz-evolinux-custom.ini" } + when: php_apache_enable + +- name: Symlink Evolix FPM config files from 7.2 to 7.0 + file: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + force: yes + state: link + with_items: + - { src: "{{ php_fpm_defaults_ini_file }}", dest: "/etc/php/7.2/fpm/conf.d/z-evolinux-defaults.ini" } + - { src: "{{ php_fpm_custom_ini_file }}", dest: "/etc/php/7.2/fpm/conf.d/zzz-evolinux-custom.ini" } + - { src: "{{ php_fpm_defaults_conf_file }}", dest: "/etc/php/7.2/fpm/pool.d/z-evolinux-defaults.conf" } + - { src: "{{ php_fpm_custom_conf_file }}", dest: "/etc/php/7.2/fpm/pool.d/zzz-evolinux-custom.conf" } + when: php_fpm_enable diff --git a/php/tasks/php_stretch_sury.yml b/php/tasks/sury_pre.yml similarity index 62% rename from php/tasks/php_stretch_sury.yml rename to php/tasks/sury_pre.yml index be549804..9ab816ab 100644 --- a/php/tasks/php_stretch_sury.yml +++ b/php/tasks/sury_pre.yml @@ -21,3 +21,20 @@ repo: "deb https://packages.sury.org/php/ stretch main" filename: sury state: present + +- name: "Override package list for Sury (Debian 9 or later)" + set_fact: + php_stretch_packages: + - php-cli + - php-gd + - php-intl + - php-imap + - php-ldap + - php-mysql + # php-mcrypt is no longer packaged for PHP 7.2 + - php-pgsql + - php-gettext + - php-curl + - php-ssh2 + - composer + - libphp-phpmailer