Ajoute l'umask 0007 au service php-fpm

2022-06-16 17:58:34 +02:00 · 2022-06-16 17:58:34 +02:00 · 2692ac5661
parent 857b3e0e45
commit 2692ac5661
4 changed files with 54 additions and 0 deletions
--- a/lxc-php/defaults/main.yml
+++ b/lxc-php/defaults/main.yml
@ -21,3 +21,13 @@ lxc_php_container_releases:
  php74: "bullseye"
  php80: "bullseye"
  php81: "bullseye"
+
+lxc_php_services:
+  php56: 'php5-fpm.service'
+  php70: 'php7.0-fpm.service'
+  php73: 'php7.3-fpm.service'
+  php74: 'php7.4-fpm.service'
+  php80: 'php8.0-fpm.service'
+  php81: 'php8.1-fpm.service'
+
+
--- a/lxc-php/handlers/main.yml
+++ b/lxc-php/handlers/main.yml
@ -1,4 +1,10 @@
 ---
+
+- name: Reload PHP-FPM
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "systemctl reload {{ lxc_php_services[lxc_php_version] }}"
+
 - name: Reload php81-fpm
  lxc_container:
    name: "{{ lxc_php_version }}"
@ -34,6 +40,11 @@
    name: "{{ lxc_php_version }}"
    container_command: "systemctl restart opensmtpd"

+- name: Daemon reload
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "systemctl daemon-reload"
+
 - name: Restart container
  lxc_container:
    name: "{{ lxc_php_version }}"
--- a/lxc-php/tasks/main.yml
+++ b/lxc-php/tasks/main.yml
@ -27,4 +27,6 @@
 - include: "php81.yml"
  when: lxc_php_version == "php81"

+- include: "umask.yml"
+
 - include: "misc.yml"
--- a/lxc-php/tasks/umask.yml
+++ b/lxc-php/tasks/umask.yml
@ -0,0 +1,31 @@
+# Ajoute UMask=0007 à l'unité systemd PHP-FPM du conteneur LXC
+# dans /etc/systemd/system/phpX.X-fpm.service.d/evolinux.conf
+---
+
+- name: "Définis le chemin du système de fichiers du conteneur LXC."
+  set_fact:
+    lxc_rootfs_path: "/var/lib/lxc/{{ lxc_php_version }}/rootfs"
+
+- name: "Crée des répertoires (si absents) pour surcharger la config des services PHP dans les conteneurs LXC."
+  ansible.builtin.file:
+    path: "{{ lxc_rootfs_path }}/etc/systemd/system/{{ lxc_php_services[lxc_php_version] }}.d"
+    register: systemd_path
+    state: directory
+    
+- name: "[Service] est présent dans la surchage des services PHP-FPM des conteneurs LXC."
+  ansible.builtin.lineinfile:
+    path: "{{ systemd_path.path }}/evolinux.conf"
+    regex: "\\[Service\\]"
+    line: "[Service]"
+    create: yes
+
+- name: "UMask=0007 est présent dans la surchage des services PHP-FPM des conteneurs LXC."
+  ansible.builtin.lineinfile:
+    path: "{{ systemd_path.path }}/evolinux.conf"
+    regex: "^UMask="
+    line: "UMask=0007"
+    insertafter: "\\[Service\\]"
+  notify:
+    - "Daemon reload"
+    - "Reload PHP-FPM"
+