From 317aac735fa2db68a65f28ddf1b8e4a554289d40 Mon Sep 17 00:00:00 2001
From: Tristan PILAT <tpilat@evolix.fr>
Date: Mon, 17 Jun 2019 12:17:02 +0200
Subject: [PATCH] Add lxc-php role - Install 3 containers with all required PHP
 packages

---
 lxc-php/defaults/main.yml                     |   8 ++
 lxc-php/handlers/main.yml                     |   9 ++
 lxc-php/tasks/main.yml                        |  18 +++
 lxc-php/tasks/php.yml                         | 130 ++++++++++++++++++
 .../templates/.z-evolinux-defaults.ini.j2.swp | Bin 0 -> 12288 bytes
 lxc-php/templates/z-evolinux-defaults.ini.j2  |   8 ++
 6 files changed, 173 insertions(+)
 create mode 100644 lxc-php/defaults/main.yml
 create mode 100644 lxc-php/handlers/main.yml
 create mode 100644 lxc-php/tasks/main.yml
 create mode 100644 lxc-php/tasks/php.yml
 create mode 100644 lxc-php/templates/.z-evolinux-defaults.ini.j2.swp
 create mode 100644 lxc-php/templates/z-evolinux-defaults.ini.j2

diff --git a/lxc-php/defaults/main.yml b/lxc-php/defaults/main.yml
new file mode 100644
index 00000000..24342068
--- /dev/null
+++ b/lxc-php/defaults/main.yml
@@ -0,0 +1,8 @@
+---
+php_conf_short_open_tag: "Off"
+php_conf_expose_php: "Off"
+php_conf_display_errors: "Off"
+php_conf_log_errors: "On"
+php_conf_html_errors: "Off"
+php_conf_allow_url_fopen: "Off"
+php_conf_disable_functions: "exec,shell-exec,system,passthru,putenv,popen"
diff --git a/lxc-php/handlers/main.yml b/lxc-php/handlers/main.yml
new file mode 100644
index 00000000..365179ea
--- /dev/null
+++ b/lxc-php/handlers/main.yml
@@ -0,0 +1,9 @@
+---
+- name: Reload php56-fpm
+  command: "lxc-attach -n php56 -- systemctl reload php5-fpm"
+
+- name: Reload php70-fpm
+  command: "lxc-attach -n php70 -- systemctl reload php7.0-fpm"
+
+- name: Reload php73-fpm
+  command: "lxc-attach -n php73 -- systemctl reload php7.3-fpm"
diff --git a/lxc-php/tasks/main.yml b/lxc-php/tasks/main.yml
new file mode 100644
index 00000000..f17cad4a
--- /dev/null
+++ b/lxc-php/tasks/main.yml
@@ -0,0 +1,18 @@
+---
+- name: LXC configuration      
+  include_role:
+    name: lxc
+
+- include: "php.yml name={{item.name}}"
+  with_items:
+    - "{{ lxc_containers }}"
+
+- name: Ensure containers root directory is 755
+  file:
+    path: "/var/lib/lxc/{{ item.name }}/rootfs"
+    state: directory
+    mode: '0755'
+  with_items:
+    - "{{ lxc_containers }}"
+
+
diff --git a/lxc-php/tasks/php.yml b/lxc-php/tasks/php.yml
new file mode 100644
index 00000000..49cb8116
--- /dev/null
+++ b/lxc-php/tasks/php.yml
@@ -0,0 +1,130 @@
+#
+# This playbook configures PHP (php-fpm and specific extensions) inside
+# container {{name}}.
+#
+
+---
+- name: Update APT cache
+  command: "lxc-attach -n {{name}} -- apt-get update"
+
+- name: Install PHP packages
+  command: "lxc-attach -n {{name}} -- apt-get install -y php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php-gettext php5-intl php5-curl php5-ssh2 libphp-phpmailer ssmtp git zip unzip"
+  when: name == 'php56'
+
+- name: Update APT cache
+  command: "lxc-attach -n {{name}} -- apt-get update"
+  when: name == 'php70'
+
+- name: Install PHP packages
+  command: "lxc-attach -n {{name}} -- apt-get install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-gettext php-curl php-ssh2 composer libphp-phpmailer ssmtp git zip unzip php-zip"
+  when: name == 'php70'
+
+- name: Update APT cache
+  command: "lxc-attach -n {{name}} -- apt-get update"
+  when: name == 'php73'
+
+- name: Install requirements for sury repository
+  command: "lxc-attach -n {{name}} -- apt-get install -y --no-install-recommends wget apt-transport-https ca-certificates gnupg"
+  when: name == 'php73'
+
+- name: Add sury APT repository
+  copy:
+    content: "deb https://packages.sury.org/php/ stretch main"
+    dest: "/var/lib/lxc/{{name}}/rootfs/etc/apt/sources.list.d/sury.list"
+    mode: "0644"
+  when: name == 'php73'
+
+- name: Add sury GPG key
+  shell: "wget -O- https://packages.sury.org/php/apt.gpg |lxc-attach -n {{name}} -- apt-key add -"
+  when: name == 'php73'
+
+- name: Update APT cache
+  command: "lxc-attach -n {{name}} -- apt-get update"
+  when: name == 'php73'
+
+- name: Install PHP packages
+  command: "lxc-attach -n {{name}} -- apt-get install -y php7.3 php7.3-fpm php7.3-cli php7.3-curl php7.3-mysql php7.3-pgsql php7.3-ldap php7.3-imap php7.3-gd php-ssh2 php-gettext composer libphp-phpmailer ssmtp git zip unzip php7.3-zip"
+  when: name == 'php73'
+
+- name: Remove default FPM 5.6 pool
+  file:
+    name: "/var/lib/lxc/{{name}}/rootfs/etc/php5/fpm/pool.d/www.conf"
+    state: absent
+  notify: "Reload {{name}}-fpm"
+  when: name == 'php56'
+
+- name: Remove default FPM 7.0 pool
+  file:
+    name: "/var/lib/lxc/{{name}}/rootfs/etc/php/7.0/fpm/pool.d/www.conf"
+    state: absent
+  notify: "Reload {{name}}-fpm"
+  when: name == 'php70'
+
+- name: Remove default FPM 7.3 pool
+  file:
+    name: "/var/lib/lxc/{{name}}/rootfs/etc/php/7.3/fpm/pool.d/www.conf"
+    state: absent
+  notify: "Reload {{name}}-fpm"
+  when: name == 'php73'
+
+- name: Copy evolinux PHP 5.6 configuration
+  template:
+    src: z-evolinux-defaults.ini.j2
+    dest: "{{ line_item }}"
+    mode: "0644"
+  notify: "Reload {{name}}-fpm"
+  when: name == 'php56'
+  with_items:
+    - "/var/lib/lxc/{{name}}/rootfs/etc/php5/fpm/conf.d/z-evolinux-defaults.ini"
+    - "/var/lib/lxc/{{name}}/rootfs/etc/php5/cli/conf.d/z-evolinux-defaults.ini"
+  loop_control:
+    loop_var: line_item
+
+- name: Copy evolinux PHP 7.0 configuration
+  template:
+    src: z-evolinux-defaults.ini.j2
+    dest: "{{ line_item }}"
+    mode: "0644"
+  notify: "Reload {{name}}-fpm"
+  when: name == 'php70'
+  with_items:
+    - "/var/lib/lxc/{{name}}/rootfs/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini"
+    - "/var/lib/lxc/{{name}}/rootfs/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini"
+  loop_control:
+    loop_var: line_item
+
+- name: Copy evolinux PHP 7.3 configuration
+  template:
+    src: z-evolinux-defaults.ini.j2
+    dest: "{{ line_item }}"
+    mode: "0644"
+  notify: "Reload {{name}}-fpm"
+  when: name == 'php73'
+  with_items:
+    - "/var/lib/lxc/{{name}}/rootfs/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini"
+    - "/var/lib/lxc/{{name}}/rootfs/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini"
+  loop_control:
+    loop_var: line_item
+
+- name: Configure ssmtp
+  replace:
+    name: "/var/lib/lxc/{{name}}/rootfs/etc/ssmtp/ssmtp.conf"
+    regexp: "^mailhub=.*$"
+    replace: "mailhub=127.0.0.1"
+
+- name: Configure ssmtp
+  replace:
+    name: "/var/lib/lxc/{{name}}/rootfs/etc/ssmtp/ssmtp.conf"
+    regexp: "^#FromLineOverride=.*$"
+    replace: "FromLineOverride=YES"
+
+- name: Configure ssmtp
+  replace:
+    name: "/var/lib/lxc/{{name}}/rootfs/etc/ssmtp/ssmtp.conf"
+    regexp: "^hostname=.*"
+    replace: "hostname={{ansible_fqdn}}"
+
+- name: Configure timezone
+  copy:
+    dest: "/var/lib/lxc/{{name}}/rootfs/etc/timezone"
+    content: "Europe/Paris\n"
diff --git a/lxc-php/templates/.z-evolinux-defaults.ini.j2.swp b/lxc-php/templates/.z-evolinux-defaults.ini.j2.swp
new file mode 100644
index 0000000000000000000000000000000000000000..394086f5ac231a945d3d7e9ad7b8322adb78468c
GIT binary patch
literal 12288
zcmeI&Jx;?g6bEp(6AK@L3j`2jleR1@j0ie_7=Q(kl{QWj<i=LwKxtJNm>9SP*PtAL
zyD+i9#7hZMm6nc3pueRjH-68q{oA6rSv_g&TU&OGQCninJiML_-&y(To__04x+Y7^
zZaoo1wzyO>?Anp|dBV-tg3fN^$k}OzJsm4AZJAI-POPLz9NBGEbf6t0I-35OMtYUe
zx>4G#c*1v6X%ah(Li?gVdrQbd00I*N^K7$Tt7gONYpd4E^6^9k1|R?d2tWV=5P$##
zAOL~?D`0eq-O};O`4Q*xzEtS*M|2Q?00bZa0SG_<0uX=z1Rwwb2>d|-*JJE%fw5<b
z?EC-s`~SxxV=oks6e-04#RkP&UOUX{(I5Z;2tWV=5P$##AOHafKmY>2BjAOJ+mwR)
zX*9Y>o><#fzi-hca^6yr&nNSP0du8PS3Hd+_mvh=VM;Me69UtbT*R@8i|dbPs8Fi*
z^t!PGmC>%~e*5+G(n6BTMOUjta5_|Bt78c&O9B-eo}Gvrw_PYLB&q!LaPRP(eFC6;
Bv*7>$

literal 0
HcmV?d00001

diff --git a/lxc-php/templates/z-evolinux-defaults.ini.j2 b/lxc-php/templates/z-evolinux-defaults.ini.j2
new file mode 100644
index 00000000..7e3e116b
--- /dev/null
+++ b/lxc-php/templates/z-evolinux-defaults.ini.j2
@@ -0,0 +1,8 @@
+[PHP]
+short_open_tag = {{ php_conf_short_open_tag }}
+expose_php = {{ php_conf_expose_php }}
+display_errors = {{ php_conf_display_errors }}
+log_errors = {{ php_conf_log_errors }}
+html_errors = {{ php_conf_html_errors }}
+allow_url_fopen = {{ php_conf_allow_url_fopen }}
+disable_functions = {{ php_conf_disable_functions }}