From 1d03e73a62de116490d2e455a4010b6d6bb227d8 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Sun, 19 Mar 2023 11:50:58 +0100 Subject: [PATCH] lxc-php: extract variables --- lxc-php/tasks/mail_opensmtpd.yml | 4 ++-- lxc-php/tasks/mail_ssmtp.yml | 2 +- lxc-php/tasks/main.yml | 4 ++++ lxc-php/tasks/misc.yml | 6 +++--- lxc-php/tasks/php56.yml | 4 ++-- lxc-php/tasks/php70.yml | 4 ++-- lxc-php/tasks/php73.yml | 4 ++-- lxc-php/tasks/php74.yml | 6 +++--- lxc-php/tasks/php80.yml | 23 ++++++++++++++--------- lxc-php/tasks/php81.yml | 22 +++++++++++++--------- lxc-php/tasks/umask.yml | 6 +----- 11 files changed, 47 insertions(+), 38 deletions(-) diff --git a/lxc-php/tasks/mail_opensmtpd.yml b/lxc-php/tasks/mail_opensmtpd.yml index 25dec9ea..02f36728 100644 --- a/lxc-php/tasks/mail_opensmtpd.yml +++ b/lxc-php/tasks/mail_opensmtpd.yml @@ -8,7 +8,7 @@ - name: "{{ lxc_php_version }} - Configure opensmtpd (in the container)" template: src: smtpd.conf.j2 - dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/smtpd.conf" + dest: "{{ lxc_rootfs }}/etc/smtpd.conf" mode: "0644" notify: "Restart opensmtpd" when: lxc_php_container_releases[lxc_php_version] in ["jessie", "stretch", "buster"] @@ -17,7 +17,7 @@ - name: "{{ lxc_php_version }} - Configure opensmtpd (in the container)" template: src: smtpd.conf.bullseye.j2 - dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/smtpd.conf" + dest: "{{ lxc_rootfs }}/etc/smtpd.conf" mode: "0644" notify: "Restart opensmtpd" when: not lxc_php_container_releases[lxc_php_version] in ["jessie", "stretch", "buster"] diff --git a/lxc-php/tasks/mail_ssmtp.yml b/lxc-php/tasks/mail_ssmtp.yml index 95055044..f14cfe57 100644 --- a/lxc-php/tasks/mail_ssmtp.yml +++ b/lxc-php/tasks/mail_ssmtp.yml @@ -8,5 +8,5 @@ - name: "{{ lxc_php_version }} - Configure ssmtp" template: src: ssmtp.conf.j2 - dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/ssmtp/ssmtp.conf" + dest: "{{ lxc_rootfs }}/etc/ssmtp/ssmtp.conf" mode: "0644" diff --git a/lxc-php/tasks/main.yml b/lxc-php/tasks/main.yml index 9862e523..bd2ae182 100644 --- a/lxc-php/tasks/main.yml +++ b/lxc-php/tasks/main.yml @@ -12,6 +12,10 @@ - { name: "{{ lxc_php_version }}", release: "{{ lxc_php_container_releases[lxc_php_version] }}" } when: lxc_php_version is defined +- name: set LXC rootfs + ansible.builtin.set_fact: + lxc_rootfs: "/var/lib/lxc/{{ lxc_php_version }}/rootfs" + - name: "Update APT cache in container {{ lxc_php_version }}" lxc_container: name: "{{ lxc_php_version }}" diff --git a/lxc-php/tasks/misc.yml b/lxc-php/tasks/misc.yml index c5aa5245..22598ee0 100644 --- a/lxc-php/tasks/misc.yml +++ b/lxc-php/tasks/misc.yml @@ -4,18 +4,18 @@ copy: remote_src: yes src: "/etc/timezone" - dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/timezone" + dest: "{{ lxc_rootfs }}/etc/timezone" - name: "{{ lxc_php_version }} - Ensure container's root directory is 755" file: - path: "/var/lib/lxc/{{ lxc_php_version }}/rootfs" + path: "{{ lxc_rootfs }}" state: directory mode: '0755' - name: "{{ lxc_php_version }} - Configure mailname for the container" copy: content: "{{ evolinux_hostname }}.{{ evolinux_domain }}\n" - dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/mailname" + dest: "{{ lxc_rootfs }}/etc/mailname" notify: "Restart opensmtpd" - name: "{{ lxc_php_version }} - Install misc packages" diff --git a/lxc-php/tasks/php56.yml b/lxc-php/tasks/php56.yml index ece7dc8d..b0f376d8 100644 --- a/lxc-php/tasks/php56.yml +++ b/lxc-php/tasks/php56.yml @@ -12,8 +12,8 @@ mode: "0644" notify: "Reload {{ lxc_php_version }}-fpm" loop: - - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php5/fpm/conf.d/z-evolinux-defaults.ini" - - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php5/cli/conf.d/z-evolinux-defaults.ini" + - "{{ lxc_rootfs }}/etc/php5/fpm/conf.d/z-evolinux-defaults.ini" + - "{{ lxc_rootfs }}/etc/php5/cli/conf.d/z-evolinux-defaults.ini" loop_control: loop_var: line_item diff --git a/lxc-php/tasks/php70.yml b/lxc-php/tasks/php70.yml index 2291b386..18523846 100644 --- a/lxc-php/tasks/php70.yml +++ b/lxc-php/tasks/php70.yml @@ -12,8 +12,8 @@ mode: "0644" notify: "Reload {{ lxc_php_version }}-fpm" loop: - - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini" - - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini" + - "{{ lxc_rootfs }}/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini" + - "{{ lxc_rootfs }}/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini" loop_control: loop_var: line_item diff --git a/lxc-php/tasks/php73.yml b/lxc-php/tasks/php73.yml index d7fd7937..4bb037e7 100644 --- a/lxc-php/tasks/php73.yml +++ b/lxc-php/tasks/php73.yml @@ -12,8 +12,8 @@ mode: "0644" notify: "Reload {{ lxc_php_version }}-fpm" loop: - - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini" - - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini" + - "{{ lxc_rootfs }}/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini" + - "{{ lxc_rootfs }}/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini" loop_control: loop_var: line_item diff --git a/lxc-php/tasks/php74.yml b/lxc-php/tasks/php74.yml index 64677009..65660f92 100644 --- a/lxc-php/tasks/php74.yml +++ b/lxc-php/tasks/php74.yml @@ -7,7 +7,7 @@ - name: "{{ lxc_php_version }} - fix bullseye repository" replace: - dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list" + dest: "{{ lxc_rootfs }}/etc/apt/sources.list" regexp: 'bullseye/updates' replace: 'bullseye-security' @@ -18,8 +18,8 @@ mode: "0644" notify: "Reload {{ lxc_php_version }}-fpm" loop: - - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.4/fpm/conf.d/z-evolinux-defaults.ini" - - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.4/cli/conf.d/z-evolinux-defaults.ini" + - "{{ lxc_rootfs }}/etc/php/7.4/fpm/conf.d/z-evolinux-defaults.ini" + - "{{ lxc_rootfs }}/etc/php/7.4/cli/conf.d/z-evolinux-defaults.ini" loop_control: loop_var: line_item diff --git a/lxc-php/tasks/php80.yml b/lxc-php/tasks/php80.yml index 4e5ac498..0e9d29a6 100644 --- a/lxc-php/tasks/php80.yml +++ b/lxc-php/tasks/php80.yml @@ -1,31 +1,36 @@ --- +- name: set APT keyring + ansible.builtin.set_fact: + lxc_apt_keyring_dir: /etc/apt/trusted.gpg.d + + - name: "{{ lxc_php_version }} - Install dependency packages" lxc_container: name: "{{ lxc_php_version }}" - container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget apt-transport-https gnupg" + container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget gnupg" - name: "{{ lxc_php_version }} - fix bullseye repository" replace: - dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list" + dest: "{{ lxc_rootfs }}/etc/apt/sources.list" regexp: 'bullseye/updates' replace: 'bullseye-security' - name: "{{ lxc_php_version }} - Add sury repo" lineinfile: - dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list.d/sury.list" + dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/sury.list" line: "{{ item }}" state: present create: yes mode: "0644" loop: - - "deb [signed-by={{ apt_keyring_dir }}/sury.gpg] https://packages.sury.org/php/ bullseye main" - - "deb [signed-by={{ apt_keyring_dir }}/pub_evolix.asc] http://pub.evolix.org/evolix bullseye-php80 main" + - "deb [signed-by={{ lxc_apt_keyring_dir }}/sury.gpg] https://packages.sury.org/php/ bullseye main" + - "deb [signed-by={{ lxc_apt_keyring_dir }}/pub_evolix.asc] http://pub.evolix.org/evolix bullseye-php80 main" - name: copy pub.evolix.net GPG key copy: src: pub_evolix.asc - dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs{{ apt_keyring_dir }}/pub_evolix.asc + dest: "{{ lxc_rootfs }}{{ lxc_apt_keyring_dir }}/pub_evolix.asc" mode: "0644" owner: root group: root @@ -33,7 +38,7 @@ - name: copy packages.sury.org GPG Key copy: src: sury.gpg - dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs{{ apt_keyring_dir }}/sury.gpg + dest: "{{ lxc_rootfs }}{{ lxc_apt_keyring_dir }}/sury.gpg" mode: "0644" owner: root group: root @@ -55,8 +60,8 @@ mode: "0644" notify: "Reload {{ lxc_php_version }}-fpm" loop: - - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/8.0/fpm/conf.d/z-evolinux-defaults.ini" - - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/8.0/cli/conf.d/z-evolinux-defaults.ini" + - "{{ lxc_rootfs }}/etc/php/8.0/fpm/conf.d/z-evolinux-defaults.ini" + - "{{ lxc_rootfs }}/etc/php/8.0/cli/conf.d/z-evolinux-defaults.ini" loop_control: loop_var: line_item diff --git a/lxc-php/tasks/php81.yml b/lxc-php/tasks/php81.yml index 677fe14d..966a2880 100644 --- a/lxc-php/tasks/php81.yml +++ b/lxc-php/tasks/php81.yml @@ -1,31 +1,35 @@ --- +- name: set APT keyring + ansible.builtin.set_fact: + lxc_apt_keyring_dir: /etc/apt/trusted.gpg.d + - name: "{{ lxc_php_version }} - Install dependency packages" lxc_container: name: "{{ lxc_php_version }}" - container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget apt-transport-https gnupg" + container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget gnupg" - name: "{{ lxc_php_version }} - fix bullseye repository" replace: - dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list" + dest: "{{ lxc_rootfs }}/etc/apt/sources.list" regexp: 'bullseye/updates' replace: 'bullseye-security' - name: "{{ lxc_php_version }} - Add sury repo" lineinfile: - dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list.d/sury.list" + dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/sury.list" line: "{{ item }}" state: present create: yes mode: "0644" loop: - - "deb [signed-by={{ apt_keyring_dir }}/sury.gpg] https://packages.sury.org/php/ bullseye main" - - "deb [signed-by={{ apt_keyring_dir }}/pub_evolix.asc] http://pub.evolix.org/evolix bullseye-php81 main" + - "deb [signed-by={{ lxc_apt_keyring_dir }}/sury.gpg] https://packages.sury.org/php/ bullseye main" + - "deb [signed-by={{ lxc_apt_keyring_dir }}/pub_evolix.asc] http://pub.evolix.org/evolix bullseye-php81 main" - name: copy pub.evolix.net GPG key copy: src: pub_evolix.asc - dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs{{ apt_keyring_dir }}/pub_evolix.asc + dest: "{{ lxc_rootfs }}{{ lxc_apt_keyring_dir }}/pub_evolix.asc" mode: "0644" owner: root group: root @@ -33,7 +37,7 @@ - name: copy packages.sury.org GPG Key copy: src: sury.gpg - dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs{{ apt_keyring_dir }}/sury.gpg + dest: "{{ lxc_rootfs }}{{ lxc_apt_keyring_dir }}/sury.gpg" mode: "0644" owner: root group: root @@ -55,8 +59,8 @@ mode: "0644" notify: "Reload {{ lxc_php_version }}-fpm" loop: - - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/8.1/fpm/conf.d/z-evolinux-defaults.ini" - - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/8.1/cli/conf.d/z-evolinux-defaults.ini" + - "{{ lxc_rootfs }}/etc/php/8.1/fpm/conf.d/z-evolinux-defaults.ini" + - "{{ lxc_rootfs }}/etc/php/8.1/cli/conf.d/z-evolinux-defaults.ini" loop_control: loop_var: line_item diff --git a/lxc-php/tasks/umask.yml b/lxc-php/tasks/umask.yml index 4460d587..254fd75e 100644 --- a/lxc-php/tasks/umask.yml +++ b/lxc-php/tasks/umask.yml @@ -2,13 +2,9 @@ # dans /etc/systemd/system/phpX.X-fpm.service.d/evolinux.conf --- -- name: "Définis le chemin du système de fichiers du conteneur LXC." - set_fact: - lxc_rootfs_path: "/var/lib/lxc/{{ lxc_php_version }}/rootfs" - - name: "Crée des répertoires (si absents) pour surcharger la config des services PHP dans les conteneurs LXC." ansible.builtin.file: - path: "{{ lxc_rootfs_path }}/etc/systemd/system/{{ lxc_php_services[lxc_php_version] }}.d" + path: "{{ lxc_rootfs }}/etc/systemd/system/{{ lxc_php_services[lxc_php_version] }}.d" state: directory register: systemd_path